Humanity Protocol breach exposes private keys, $36M loss
On June 8 a compromised employee laptop exposed Gnosis Safe owner keys tied to a Hyperlane bridge ProxyAdmin, enabling attackers to steal about $36M, move 141.2M H on Ethereum and mint 200M H on BSC.
Humanity Protocol reported a June 8 security breach in which a compromised employee laptop exposed owner keys stored in a Gnosis Safe. Attackers used those keys to access a Hyperlane bridge ProxyAdmin, move about 141.2 million H on Ethereum and mint roughly 200 million H on BNB Smart Chain, and extract about $36 million in value. The team halted bridge activity after detecting the incident and warned users not to use the bridge or the protocol’s liquidity pools.
Humanity’s initial on-chain analysis flagged more than $30 million drained across at least 17 wallets. In a later incident summary the project put the stolen-and-sold amount at roughly $36 million and described the unauthorized minting on BNB Smart Chain. The team said it is working with security firms and exchange partners on remediation.
The H token experienced a sharp market reaction. Over 24 hours the token fell about 76% to roughly $0.17, with the token page indicating a $476 million market cap and $533 million in 24-hour volume while the selloff unfolded. Exchanges and liquidity providers are assessing whether the affected admin and bridge authorities have been disabled, rotated or audited before normal operations resume.
Humanity Protocol presents its technology as a privacy-preserving identity layer using palm biometrics, zero-knowledge proofs, decentralized identifiers and verifiable credentials. Public disclosures of the June 8 incident attribute the mechanics to exposed private keys and bridge admin authority rather than to a smart-contract exploit or a confirmed data breach of biometric or personally identifiable information.
The project’s account traces the incident from a single endpoint compromise to cross-chain token movement and unauthorized minting. Humanity has not yet published a full postmortem listing transaction hashes, affected contracts, key-rotation steps or an independent security review; those details would clarify the scope of unauthorized tokens in circulation and the specific changes made to admin and custody arrangements.
Founder Terence Kwok attributed the breach to “compromised private keys belonging to a Humanity Foundation member.” Humanity reiterated that users should avoid interacting with its bridge and pools while response work continues.
Content on BlockPort is provided for informational purposes only and does not constitute financial guidance.
We strive to ensure the accuracy and relevance of the information we share, but we do not guarantee that all content is complete, error-free, or up to date. BlockPort disclaims any liability for losses, mistakes, or actions taken based on the material found on this site.
Always conduct your own research before making financial decisions and consider consulting with a licensed advisor.
For further details, please review our Terms of Use, Privacy Policy, and Disclaimer.
Articles by this author
