Humanity Protocol — a biometric blockchain identity project whose H token was one of crypto’s top performers in 2026 — imploded on June 9 after attackers drained roughly $32 million from more than 17 wallets. The exploit sent H tumbling about 90% within hours and left the community scrambling for answers.
What happened
- The attack played out in two distinct phases on different chains:
1. On the initial chain attackers minted 100 million H tokens, drained associated wallets and swapped roughly $23.7 million into ETH across multiple addresses, leaving about $7.9 million in H tokens on-chain (Arkham Intelligence flagged this activity).
2. The exploit then extended to BNB Chain, where the attacker allegedly took control of the H token’s proxy admin contract and minted another 100 million H tokens — roughly $12.9 million — which were sent to a fresh wallet, according to Blockaid’s on-chain monitoring.
- In total, on-chain data and reporting point to about $32 million removed from the protocol across both phases.
Project response
- Humanity Protocol posted on X (formerly Twitter) confirming that private keys belonging to a member of the Humanity Foundation were compromised. The team advised users to avoid interacting with the bridge or any liquidity pools and warned that official updates would be issued only from the main project account or co-founder Terence Kwok’s personal account.
Why suspicion grew
- The incident might have been treated as a garden-variety key compromise, but it drew intense scrutiny after prominent on-chain investigator ZachXBT raised doubts within hours. His public thread:
- Initially noted uncertainty — it could be an external hack or a rug pull — but flagged unusual patterns: a highly concentrated token supply, and the fact that all H tokens were sold on decentralized exchanges rather than centralized ones, which is atypical for an attacker seeking liquidity.
- He then suggested the incident “seems possibly staged,” calling the breach a convenient cover for an active market maker to exit.
- He criticized the project for “crime pumping” a token with little fundamental backing and urged disclosure of market maker agreements.
- ZachXBT later tempered some of his claims after further analysis suggested the private key compromise and market-making issues may not be directly linked, but by then damage to the project’s credibility had already escalated.
Context that raises red flags
- H had surged roughly 875% from its 2026 low before the crash, making it one of the year’s most extreme performers.
- A scheduled token unlock on June 25 — two weeks after the incident — gave market-timing context that would make an exit ahead of unlock financially attractive if insiders were involved.
- Reports also indicate only about 1 million of the project’s roughly 9 million registered identities had completed biometric verification, the core metric underpinning Humanity’s value proposition.
- Additionally, three of the four co-founders have previously been linked to lawsuits, financial fraud allegations, or management controversies in public records and reporting — factors that have amplified skepticism.
What this means
- Whether this was a conventional private key compromise, a market-maker exit covered as a hack, or some combination thereof, remains under investigation. On-chain evidence is still being pieced together.
- The immediate facts are stark: around $32 million appears to be gone, the H token lost roughly 90% of its value in hours, and an influential on-chain investigator publicly questioned the project’s narrative — a toxic combination for investor confidence.
The case is ongoing. Expect more on-chain forensics from firms like Arkham and Blockaid, and watch for Humanity Protocol’s official updates. The incident is another high-profile reminder of the layered risks in tokenized projects — from technical key security and smart-contract control points to market-making relationships and team transparency.
Read more AI-generated news on: undefined/news
