Humanity Protocol confirms $36M+ theft after laptop breach; attacker drained and minted H, sending token down 90%.
Humanity Protocol confirmed that a coordinated attack on June 8 resulted in more than $36 million stolen across Ethereum and BSC. It followed a breach traced to a compromised employee laptop.
The project issued a detailed incident update acknowledging the scale of the attack, apologizing to its community, and outlining steps taken to contain the damage.
How the Attack Unfolded
According to Humanity Protocol’s official statement, the attacker gained access to three of six Gnosis Safe owner keys controlling the Hyperlane bridge ProxyAdmin on Ethereum.
Using those credentials, the attacker transferred ProxyAdmin ownership to their own wallet, upgraded the bridge contract to a malicious implementation, and drained approximately 141.2 million H tokens in a single transaction.
INCIDENT UPDATE:
Last night, June 8, the H token was hit by a coordinated attack across Ethereum and BSC. While we’re still investigating this incident, we want to be transparent with our community about what happened.
As of right now, ~$36M+ has been stolen across both chains…
— Humanity (@Humanityprot) June 9, 2026
On BSC, the attacker compromised three of five Safe owner keys and carried out the same ProxyAdmin seizure. They then deployed a malicious implementation with an unlimited mint function and minted 200,000,005 H tokens in two tranches directly to their own wallet.
Combined, the two-chain attack resulted in more than $36 million stolen and dumped into the market.
H Token Selloff and Price Collapse
Lookonchain reported that the attacker moved large amounts of H following the exploit and began swapping the token for ETH. Selling pressure increased sharply across the market as traders tracked the suspected wallets for further transactions.
The price of H collapsed during the selloff, with market trackers recording losses of roughly 85% or more from pre-exploit levels. The token fell from highs near $0.73 to an intraday low around $0.072, erasing a rally that had carried H to record highs just the week before.
Humanity(@Humanityprot) has been exploited, with losses exceeding $30M!
The hacker is currently dumping $H and swapping it for $ETH.$H has already crashed ~90%.https://t.co/0Bhtu6TZDr pic.twitter.com/cNGO70PHDH
— Lookonchain (@lookonchain) June 9, 2026
Project Response and Ongoing Investigation
Humanity Protocol said it has halted all deposits and withdrawals to the affected bridges and is working with exchanges and related parties to limit further damage. The team is also cooperating with police to investigate the incident and pursue recovery of stolen funds.
In its statement, the project acknowledged the weight of the losses on its community:
“People in this community worked hard for what they hold here, and we feel the weight of that.”
The team added that it is not stepping back from building and will publish a detailed post-mortem.
What Comes Next
The incident highlights the risks that arise when multisig keys are concentrated or improperly backed up across devices.
Humanity Protocol founder Terence Kwok noted that keys for certain contracts were set up in one place before being dispersed. This left some backed up on the compromised device.
For now, token holders and market participants continue to monitor wallet activity and bridge status. Besides, whether the attacker moves remaining funds through mixers, exchanges, or additional routes.
The project’s promised post-mortem is expected to provide further detail on the breach and any planned protocol changes.
Leave a Reply
You must be logged in to post a comment.