Humanity Protocol’s $36M Hack Drains 341 Million H Tokens Across Two Chains

A compromised laptop. That’s basically what it came down to. On June 8, a Humanity Protocol employee’s machine got hit, and the fallout wiped out $36 million worth of H tokens in under 24 hours.

The breach wasn’t some exotic smart contract exploit. It was old-fashioned operational failure — private keys left exposed on a device, and whoever got in used them to devastating effect. The attacker accessed Gnosis Safe owner keys and a Hyperlane bridge ProxyAdmin role. From there, 141.2 million H tokens moved on Ethereum. Then 200 million more got minted fresh on BNB Smart Chain. That’s 341 million tokens either drained or conjured out of thin air, dumped into markets that couldn’t absorb it.

The H token hit $0.17.

That’s a 76% drop within a single day. Market cap stood at $476 million. Trading volume hit $533 million — more volume than the entire market cap, which is pretty much always a bad sign. Liquidity pools got crushed. Anyone holding H tokens watched their bags evaporate while the team scrambled to figure out what happened.

Who Got Hit and How

Founder Terence Kwok came out and attributed the breach to compromised keys belonging to a Humanity Foundation member. He framed it as an operational security issue rather than a protocol-level exploit, which is probably the right read — but it doesn’t make the damage any less real.

The Gnosis Safe setup is supposed to be multi-sig, meaning multiple parties need to sign off before funds move. If an attacker got enough owner keys from one compromised machine, that protection collapses fast. And the Hyperlane bridge ProxyAdmin access made things worse — that’s the role that controls how tokens move between chains. Getting into that means you can mint on one side without burning on the other. Basically free money, at everyone else’s expense.

Humanity Protocol told users to stop interacting with its bridge and liquidity pools immediately. The team said it’s working with security firms and exchange partners to manage the fallout. Exchanges and liquidity providers are apparently monitoring the affected pathways to make sure they’re properly disabled and audited. The unauthorized-minted tokens floating around in circulation are a real problem — pulling them back, or at least neutralizing them, isn’t simple.

Related: Humanity Protocols H Token Crashes 90% After $32M Private Key Breach

No evidence of user biometric data or personally identifiable information being accessed has come out so far. The protocol wants that point front and center, and it’s probably the one piece of good news here.

Why This Hits Harder for an Identity Project

Humanity Protocol isn’t a generic DeFi protocol. It’s an identity network. It uses zero-knowledge proofs and biometric verification to let users prove who they are without exposing raw personal data. The pitch is trust — that the system can verify a human without leaking anything sensitive.

And that makes a breach like this cut differently. The cryptographic layer held. ZK proofs didn’t break. Biometric data didn’t leak. But the operational layer — the admin keys, the bridge roles, the multi-sig setup — that’s what cracked. For a project selling itself as a trustworthy identity intermediary, having the trust chain snap at the admin key level is a serious credibility problem.

It’s a gap that shows up across blockchain identity projects, not just this one. Multi-chain systems depend on bridges, and bridges depend on admin controls, and admin controls depend on whoever holds the keys. If those keys live on a laptop that gets compromised, all the advanced cryptography in the world doesn’t help.

The broader identity sector has been watching. Projects building on similar frameworks — biometric verification, ZK proofs, cross-chain infrastructure — are probably doing internal audits right now. They should be.

Read also: AI Trading Tools Grab Market Share as Crypto Runs 24/7 in 2026

What Comes Next for Humanity Protocol

The project’s path forward is murky. Restoring market confidence after a 76% token drop and 341 million tokens in unauthorized circulation isn’t a quick fix. Partners and users need to see concrete changes to how admin roles are managed, how keys are stored, and how bridge permissions get structured.

Kwok and the team haven’t released a detailed remediation plan publicly yet. No timeline for relaunching the bridge. No specifics on how the compromised keys get rotated or how the minted tokens get handled. Unclear whether the exchange partners have frozen the relevant wallets.

The investigation is ongoing. 341 million tokens. $36 million. One laptop.

Hub: BNB price, news, and analysis