Humanity Protocol Crash: What Exactly Caused The $31M H Token Exploit?

Humanity Protocol has revealed the reason behind attacks that involved exploiting the critical vulnerabilities to steal H tokens amounting to over $31 million. The breach reportedly occurred when one of the employees’ laptops was compromised.

What Caused The Recent Humanity Protocol Hack?

Humanity Protocol said that the employee’s laptop carried senstive data related to private keys associated with its multisig wallets. Moreover, the decentralized identity project attributed the stolen credentials to token bridges. These bridges enable the transfer of H tokens between various blockchain networks, such as Ethereum and BNB Chain.

For context, multisignature wallets were used for the bridges, Humanity Protocol added. These wallets are created with the goal of providing enhanced safety features. This necessitates several approvals from keys to make any transaction or contract changes.

The security scheme, however, did not work as several keys were said to be in one device. That error enabled attackers to get enough approvals following the compromise of one machine.

We're aware of a security incident involving the compromise of private keys belonging to a member of the Humanity Foundation. The safety of our community is our top priority, and we want to be fully transparent about what we know.
As a precaution, please do NOT interact with the…

— Humanity (@Humanityprot) June 9, 2026

The project reveals that the exploiter got three keys out of six ones linked to the Ethereum bridge administrator account. With that access, they were able to assume control of the network’s bridge operations.

The attacker then changed the permission to another wallet that he could control. The bridge code then was replaced by a malicious code. All of which was about 141 million H tokens being drained in a single transaction.

Humanity Protocol Founder Weighs In On The Incident

Terence Kwok, the founder of Humanity, later mentioned the incident in a report in Telegram. Originally, the multisig wallet was set up“across four individuals (as it should have),” he said.

“Some of the keys were accidentally backed up to a compromised device during setup,” Kwok added, per a CoinDesk report.

He further continued, “We use a licensed custodian for the majority of token treasury, mpc for operations treasury, and for certain contracts multisig keys were set up in one place and then dispersed.”

“Unfortunately in this scenario, the keys were backed up on a compromised device,” Humanity Protocol’s founder added.

Recently, other cross-chain bridge hacks, including the $280 million Drift Protocol exploit also hit the market in 2025.

Aftermath of The Exploit Puts H Token Under Pressure

The Humanity Protocol exploit also went viral on BNB Chain. Attackers were able to gain access to three of the five keys attached to that network’s bridge configuration, Humanity said. They then added in malicious software with an infinite mint.

That function enabled the hacker to generate new H tokens limitlessly. Nearly 200 million more H tokens were reportedly minted directly into the attacker’s wallet.

After the exploit, Humanity Protocol’s team page was taken off from the official website. Additionally, deposits and withdrawals on the impacted bridges were also suspended while investigations are ongoing.

I thought that initially due to the active MM & recent OTC before unlocks however the evidence shared points to otherwise.

Guess karma caught up to the team.

— ZachXBT (@zachxbt) June 9, 2026

The key compromise was not connected to other concerns about suspicious market making with the H token, said blockchain investor ZachXBT.

Prior to the breach, H token price was reportedly rising from $0.20 to $0.70 in the previous few weeks. The Humanity Protocol’s native token fell to almost $0.05 after the exploit, before rising toward $0.20, market data shows. It took a similar path as the AAVE price, which crashed nearly 10% after the KelpDAO hack in April.