Private Keys, Public Pain: Humanity Protocol's H Token Takes an 85% Hands-On Decking 🤚

Humanity Protocol's native H token plunged as much as 90% on Tuesday after attackers compromised private keys tied to the project and drained more than $36 million from the protocol across Ethereum and BNB Chain. Founder and CEO Terence Kwok confirmed the incident in a public statement, saying the team detected a security event involving the compromise of private keys belonging to a member of the Humanity Foundation. "The safety of our community is our top priority, and we want to be fully transparent about what we know," Humanity Protocol wrote on X, adding that users should not interact with the bridge or any liquidity pools until the protocol is declared safe.

The protocol said in a detailed thread that the attack occurred on Monday, June 8, and was coordinated across Ethereum and BSC after an employee's laptop was compromised. Roughly $36 million+ has been stolen across both chains, according to the project's own tally. Onchain investigator "Specter" reported that more than 17 wallets holding H token were drained, with early losses exceeding $5 million before rising above $30 million, and Arkham Intelligence confirmed the exploiter swapped stolen H tokens through Kyber Network and PancakeSwap among other DEXes. The attacker seized ProxyAdmin control by compromising three of six Gnosis Safe keys on Ethereum and three of five on BSC, drained approximately 141.2 million H, and minted an additional 200,000,005 H through malicious contract upgrades, before swapping proceeds for ETH and BNB.

H traded at highs of $0.73132 on Monday before falling to a Tuesday morning low of $0.079606, an 89% decline on CoinGecko data, and was last changing hands near $0.20, down 73% on the day, erasing a rally that had pushed the token close to its all-time high of $0.80 a week earlier. Meir Dolev, co-founder and CTO of Cyvers, characterized the incident as "an operational security failure, not a smart-contract bug," with the attacker obtaining admin access through a private key linked to a Humanity Foundation member. Humanity Protocol is a zero-knowledge Layer-2 blockchain focused on decentralized identity and Proof of Humanity, verifying users through privacy-preserving palm biometrics rather than iris or facial recognition, and is sometimes referred to as the "Chinese Worldcoin."

The breach adds to a string of private key compromises this year, including the $280 million Drift Protocol exploit in April attributed to North Korea's Lazarus Group, while wallet and private key compromises were the second-most costly attack vector in May with $13.7 million stolen, per CertiK. DeFiLlama data cited in reporting puts total DeFi hack losses above $885 million in the first six months of 2026.