Key Takeaways
- Private keys for Humanity Protocol’s bridge infrastructure were exposed through a compromised employee device.
- The breach involved three out of six multisignature keys, granting attackers control over bridges on Ethereum and BNB Chain.
- Approximately 141 million H tokens were extracted from Ethereum, while 200 million tokens were illegally minted on BNB Chain.
- The value of H token plummeted more than 85%, crashing from approximately $0.67 to just $0.05.
- On-chain analysis revealed suspicious wallet movements before the attack, though insider involvement remains unverified.
On Tuesday, Humanity Protocol revealed that cybercriminals successfully stole more than $36 million in its H token after obtaining private keys from an employee’s compromised laptop.
The platform operates cross-chain bridges enabling H token transfers between Ethereum and BNB Chain networks. These bridges were secured using multisignature wallet architecture—a security mechanism requiring multiple private key approvals before executing transactions or modifying smart contracts.
According to founder Terence Kwok, the key distribution was properly established across four separate individuals as planned. However, a critical error occurred during the initial configuration when several keys were inadvertently saved to a single device that subsequently fell into the wrong hands.
“Some of the keys were accidentally backed up to a compromised device during setup,” Kwok said.
Details of the Security Breach
On Ethereum, the malicious actors secured three of the six keys associated with the bridge’s administrative account. This threshold gave them complete control. They swapped out the authentic bridge smart contract with a fraudulent replacement and withdrew approximately 141.2 million H tokens through a single large transaction.
On BNB Chain, the attackers gained access to three of five required keys. They modified the bridge contract by implementing an unlimited minting capability, which they exploited to create 200 million fresh H tokens that were immediately transferred to wallets under their control.
The development team suspended all deposit and withdrawal functions on both affected bridges immediately upon detecting the security compromise.
Market Reaction and Price Collapse
The H token had been experiencing strong upward momentum in the period leading up to the breach, climbing from approximately $0.20 to $0.70. Following public disclosure of the exploit, the token’s value collapsed to around $0.05—representing a devastating decline exceeding 85%.
While the token subsequently bounced back toward the $0.20 level, significant damage had already occurred. In the aftermath of the incident, Humanity Protocol also removed its team information page from the official website.
Speculation About the Attack’s Nature
Blockchain security analyst ZachXBT initially raised concerns about whether suspicious market-making activities and private over-the-counter transactions involving H tokens might be linked to the exploit. He subsequently clarified that these trading activities appeared to be unrelated to the actual key compromise.
Elton Shehdula, a researcher at Allium Labs, argued that the blockchain evidence suggests a carefully orchestrated operation rather than an opportunistic hack. He observed that wallets connected to the attack received funding from both a centralized exchange and a mixing service several weeks beforehand. Additionally, the attacker appeared to test minting permissions days before executing the full-scale drain, and the theft was coordinated simultaneously across both blockchain networks.
Shehdula noted that this degree of advance planning is characteristic of either an insider threat or an external adversary who had possessed the compromised credentials for an extended period without taking immediate action.
Hakan Unal, security lead at Cyvers, stated that the blockchain forensics present a complex picture. He explained that legitimate external breaches typically display hasty characteristics—funds rapidly moved to new addresses, token swaps executed at unfavorable rates, and immediate use of privacy mixers. A coordinated inside job might exhibit more methodical timing, particularly if synchronized with token unlock schedules or vesting milestones.
Currently, Humanity Protocol states it is collaborating with cryptocurrency exchanges and additional stakeholders to explore potential recovery strategies. The specific circumstances that led to the initial laptop compromise have not yet been made public.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
