Humanity Protocol Ha...

Humanity Protocol Hack Drains $36M After Compromised Laptop Exposes Bridge Controls

By José Oramas June 10, 2026 In Hackers, ZachXBT

A hacker stole more than US$36 million (AU$51.1 million) in H tokens on June 8 after compromising an employee’s laptop that held multiple bridge signing keys.
The attacker controlled three of six Ethereum keys and three of five BNB Chain keys, drained about 141.2 million H, and minted roughly 200 million new tokens.
The H token crashed more than 85% as Humanity Protocol halted its bridge and began working with exchanges and law enforcement on recovery.

Humanity Protocol lost more than US$36 million (AU$51.1 million) in H tokens on June 8 after a hacker compromised a single employee’s laptop, seized control of the project’s cross-chain bridge, and drained and minted hundreds of millions of tokens before the team could respond.

The attack hit both Ethereum and BNB Chain in a coordinated operation. On Ethereum, the hacker controlled three of six Gnosis Safe owner keys; on BNB Chain, three of five.

That threshold was enough to transfer ownership of the bridge contracts to an attacker-controlled wallet and swap the bridge code for a malicious version.

INCIDENT UPDATE:

Last night, June 8, the H token was hit by a coordinated attack across Ethereum and BSC. While we’re still investigating this incident, we want to be transparent with our community about what happened.

As of right now, ~$36M+ has been stolen across both chains…
— Humanity (@Humanityprot) June 9, 2026

How the Bridge Fell

With control established, the attacker drained about 141.2 million H in a single Ethereum transaction. On BNB Chain, the hacker installed code containing an unlimited mint function and created roughly 200 million new H tokens directly to their own wallet.

Security firm Blockaid identified the attacker obtaining proxy administrator rights and minting the additional supply.

Humanity Protocol founder and chief executive Terence Kwok confirmed the cause was a compromised endpoint, not a smart-contract flaw. “This was a result of a breach that happened after an employee’s laptop was compromised,” Kwok stated. The team had set up its multisig across four individuals, but Kwok said it suspects some of the signing keys were accidentally backed up to the same compromised device during setup — meaning one endpoint exposed multiple approvals that a multisig is designed to keep separate.

On-chain investigator ZachXBT and analyst Specter tracked the stolen funds and ruled out insider theft.

You choose to crime pump your token for weeks with zero fundamentals and think CT will blindly trust your story?

Disclose your active MM agreements with the HK entity first….
— ZachXBT (@zachxbt) June 9, 2026

The H token collapsed after the breach, falling from a Monday high near US$0.73 (AU$1.04) to lows around US$0.12 (AU$0.17), more than 85%.

Humanity Protocol halted all bridge deposits and withdrawals and said it is coordinating with exchanges, security partners, and law enforcement on investigation and asset recovery, with a full post-mortem promised.