Humanity Protocol has revealed that a compromised employee laptop enabled attackers to obtain control of bridge administration systems across Ethereum and BNB Smart Chain, resulting in the theft and minting of more than $36 million worth of H tokens.
Summary
- Humanity Protocol says a compromised employee laptop enabled attackers to seize bridge controls and steal more than $36 million in H tokens.
- Attackers allegedly compromised multisig keys on Ethereum and BNB Smart Chain, draining 141.2 million H and minting 200 million additional tokens.
- The project has halted bridge activity, is working with exchanges and police, and plans to release a full post-mortem report.
According to a statement shared with crypto.news by Humanity founder and CEO Terence Kwok, the June 8 incident was a coordinated attack that targeted the project’s bridge infrastructure on multiple networks.
“Last night, June 8, 2026, the Humanity was hit by a coordinated attack across Ethereum and BSC,” Kwok said.
Providing the first detailed explanation of how the breach occurred, Kwok said the attacker gained access after compromising an employee device.
“This was a result of a breach that happened after an employee’s laptop was compromised.”
The founder said three of the six Gnosis Safe owner keys controlling the Hyperlane bridge ProxyAdmin on Ethereum were compromised. Humanity Protocol said the attacker transferred ownership of the ProxyAdmin contract to a wallet under their control, upgraded the bridge contract to a malicious implementation, and moved approximately 141.2 million H tokens in a single transaction.
A similar compromise took place on BNB Smart Chain. According to Humanity Protocol, three of five Safe owner keys were compromised, allowing the attacker to seize control of the bridge’s ProxyAdmin contract, deploy a malicious implementation with an unlimited mint function, and mint 200,000,005 H tokens in two separate transactions.
The project currently estimates that more than $36 million has been stolen and sold across both chains.
Compromised multisig keys enabled bridge takeover
Fresh details from Humanity Protocol expand on earlier disclosures from the team, which had initially confirmed only that private keys linked to a Humanity Foundation member were compromised.
Earlier on June 9, on-chain analyst Specter reported that more than 17 wallets associated with Humanity Protocol had been drained. Initial estimates placed losses near $19 million before later blockchain analysis increased the figure to more than $30 million.
Blockchain data cited by Specter indicated that the attacker sold part of the stolen H tokens and converted a substantial portion of the proceeds into Ethereum. According to the analyst’s Telegram update, roughly $23.7 million had been swapped into ETH, while approximately $7.9 million remained in H tokens.
Separate monitoring from blockchain security firm Blockaid had previously suggested that an attacker obtained proxy administrator rights on BNB Smart Chain and minted additional H tokens.
Humanity Protocol’s latest incident report confirms that administrative control of the bridge infrastructure was seized and used to create new tokens on the network.
Questions about the exploit emerged as H experienced unusual trading activity ahead of a scheduled token unlock later this month.
As reported by crypto.news earlier, blockchain investigator ZachXBT had initially considered whether the reported key compromise could have been used to conceal insider selling. However, after reviewing the movement and laundering of stolen funds, he concluded that the available evidence supported Humanity Protocol’s explanation that the exploit stemmed from a genuine private key compromise rather than an insider theft scheme.
Humanity Protocol is scheduled to unlock additional tokens on June 25 under a revised investor vesting plan. Previous reporting by crypto.news showed that some early investors opted for a discounted immediate unlock instead of a longer vesting schedule.
Exchanges and police are assisting recovery efforts
Response efforts remain ongoing as Humanity Protocol works to contain the fallout from the attack and investigate the breach.
“We’ve now halted all deposits and withdrawals to the affected bridges and are working with all related parties, including exchanges, to minimize the impact,” Kwok said.
The project said it is coordinating with exchanges and security partners while conducting an internal investigation into the incident.
“We’re also working closely with the police to investigate this incident and recover some of the stolen funds,” Kwok added.
Market reaction to the exploit was severe. Trading data cited in previous reports showed H falling from its June 2 all-time high near $0.844 to around $0.123 after the attack, erasing most of the token’s earlier rally as trading volume surged above $605 million.
Despite the losses, Kwok said the team remains focused on recovering assets, identifying those responsible, and strengthening the project’s defenses.
“We’re committed to seeing this through by recovering what we can, holding those responsible accountable, and rebuilding our security from the ground up.”
Humanity Protocol said it plans to release a full post-mortem report once its investigation progresses further.
