Humanity Protocol’s H token plunged more than 80% on June 9 after attackers drained wallets tied to the project, in what the team says stems from a compromised private key belonging to a Humanity Foundation member.
What happened
- Founder and CEO Terence Kwok confirmed a security incident, saying “We’ve detected a security incident involving the compromise of private keys belonging to a member of the Humanity Foundation.” He urged users not to interact with the Humanity bridge or any liquidity pools until the team can confirm they are safe. The team said it is working with security experts and exchange partners but has not published a full technical postmortem, recovery plan, or reimbursement terms.
- On-chain sleuths first flagged the exploit. Analyst Specter reported more than 17 wallets holding H were drained; initial loss estimates were about $19 million before later trackers pushed the total above $30 million. Arkham-linked tracking and other on-chain reports show the attacker selling H and converting a large portion of proceeds into ETH — Specter put the ETH swaps at roughly $23.7 million, with about $7.9 million left in H at the time of his report.
- Blockaid monitoring later claimed the attacker obtained proxy administrator rights over H on BNB Smart Chain and minted 100 million tokens. Humanity had not confirmed that specific claim when the team published its advisory.
Market fallout
- Crypto.news data shows H tumbled roughly 83% in 24 hours to trade near $0.123, slipping from a daily range of roughly $0.731 down to $0.073. Daily trading volume surged above $605 million and the token’s market capitalization fell to about $222 million. H had hit an all-time high near $0.844 on June 2, just days before the breach wiped out most of that gain.
Context and outstanding questions
- Humanity Protocol operates a zkEVM-based identity network that uses zero-knowledge proofs and palm biometrics to verify unique users without exposing full personal data to centralized ID databases. Kwok did not identify which Foundation member’s key was exposed or explain how the keys were compromised.
- A scheduled token release on June 25 under a revised investor vesting plan — and earlier decisions by some early backers to take a discounted immediate unlock instead of a longer vesting period — were noted by observers, but there is no public evidence linking that planned release to the attack.
- The incident adds to a string of privileged-access and private-key failures in crypto so far in 2026. In May, a suspected key compromise enabled an attacker to mint StablR tokens and extract roughly $2.8 million.
What users should do
- Humanity’s team has asked users to wait for further confirmation before using the bridge, liquidity pools, or other affected services. Stay tuned to official Humanity channels and exchange advisories for forensic updates, any compensation plans, and final technical findings.
Read more AI-generated news on: undefined/news
