Blab Crypto
Humanity Protocol Hack: $36 Million Stolen, Token Price Plunges 81%
When a single laptop fell into the wrong hands, a $36 million hole opened in Humanity Protocol’s defenses. The palm‑scan‑based identity platform revealed that an attacker siphoned more than $36 million worth of its native H token after compromising an employee’s machine that stored a bundle of bridge‑admin keys.
The breach began with the theft of a staff member’s laptop. The device held the private keys that governed the project’s Ethereum and BNB Chain bridges—mechanisms that move H and other assets between blockchains. Normally, these bridges are protected by multisignature wallets that require several separate keys to approve any transaction. In this case, all of the necessary keys were stored on the same device, allowing the attacker to cross the approval threshold on both chains.
According to the project, the intruder seized three of the six keys that control the Ethereum bridge’s admin account and three of the five keys that govern the BNB Chain bridge. With those keys, the attacker took control of the bridges, transferred ownership to their own wallet, replaced the bridge code with a malicious version, and drained roughly 141 million H in a single transaction. On BNB Chain, the attacker installed code that enabled unlimited minting and created about 200 million new H tokens, which were sent straight to the attacker’s wallet.
Humanity Protocol said it has halted deposits and withdrawals on the affected bridges and is collaborating with exchanges and law‑enforcement agencies to recover the stolen funds. The project also removed its team page from its website and paused all bridge activity pending a comprehensive security review.
Founder Terence Kwok explained that the keys were “accidentally backed up to a compromised device during setup.” He noted that the majority of the token treasury is held by a licensed custodian, that the operations treasury uses a multi‑party computation (MPC) system, and that the multisig keys were originally set up in a single place before being dispersed. The compromise of that single device exposed all of the keys.
The hack has had a dramatic impact on the H token’s market performance. Before the breach, the token traded at about 67 cents. During the attack, the price fell to roughly 5 cents, and after the incident it has recovered to around 20 cents. According to CoinGecko data, the token’s value remains well below its pre‑breach level. The incident also triggered an 81 % drop in the token’s price, as reported by several crypto‑news outlets.
ZachXBT, an on‑chain investigator, stated that the key compromise and a separate round of suspicious market‑making were not connected. He also raised questions about the token’s price movements in the weeks leading up to the breach, noting that H had risen from 20 cents to 70 cents within two weeks before a large scheduled token unlock.
Humanity Protocol raised $20 million in 2025 from Pantera Capital and Jump Crypto at a $1.1 billion valuation. The project’s current situation involves ongoing investigations, a halt to bridge operations, and efforts to recover the stolen tokens. No resolution has been announced, and the token’s price remains volatile.
The incident underscores the importance of secure key management for projects that rely on multisignature wallets and cross‑chain bridges. It also highlights the broader trend of private‑key‑based hacks that have affected the cryptocurrency sector in 2026.
As of now, Humanity Protocol is cooperating with exchanges and law‑enforcement agencies, but the full extent of the loss and the timeline for recovery remain uncertain. The project’s future operations, token price trajectory, and potential regulatory scrutiny will depend on the outcome of ongoing investigations and the effectiveness of its security remediation.
The breach began with the theft of a staff member’s laptop. The device held the private keys that governed the project’s Ethereum and BNB Chain bridges—mechanisms that move H and other assets between blockchains. Normally, these bridges are protected by multisignature wallets that require several separate keys to approve any transaction. In this case, all of the necessary keys were stored on the same device, allowing the attacker to cross the approval threshold on both chains.
According to the project, the intruder seized three of the six keys that control the Ethereum bridge’s admin account and three of the five keys that govern the BNB Chain bridge. With those keys, the attacker took control of the bridges, transferred ownership to their own wallet, replaced the bridge code with a malicious version, and drained roughly 141 million H in a single transaction. On BNB Chain, the attacker installed code that enabled unlimited minting and created about 200 million new H tokens, which were sent straight to the attacker’s wallet.
Humanity Protocol said it has halted deposits and withdrawals on the affected bridges and is collaborating with exchanges and law‑enforcement agencies to recover the stolen funds. The project also removed its team page from its website and paused all bridge activity pending a comprehensive security review.
Founder Terence Kwok explained that the keys were “accidentally backed up to a compromised device during setup.” He noted that the majority of the token treasury is held by a licensed custodian, that the operations treasury uses a multi‑party computation (MPC) system, and that the multisig keys were originally set up in a single place before being dispersed. The compromise of that single device exposed all of the keys.
The hack has had a dramatic impact on the H token’s market performance. Before the breach, the token traded at about 67 cents. During the attack, the price fell to roughly 5 cents, and after the incident it has recovered to around 20 cents. According to CoinGecko data, the token’s value remains well below its pre‑breach level. The incident also triggered an 81 % drop in the token’s price, as reported by several crypto‑news outlets.
ZachXBT, an on‑chain investigator, stated that the key compromise and a separate round of suspicious market‑making were not connected. He also raised questions about the token’s price movements in the weeks leading up to the breach, noting that H had risen from 20 cents to 70 cents within two weeks before a large scheduled token unlock.
Humanity Protocol raised $20 million in 2025 from Pantera Capital and Jump Crypto at a $1.1 billion valuation. The project’s current situation involves ongoing investigations, a halt to bridge operations, and efforts to recover the stolen tokens. No resolution has been announced, and the token’s price remains volatile.
The incident underscores the importance of secure key management for projects that rely on multisignature wallets and cross‑chain bridges. It also highlights the broader trend of private‑key‑based hacks that have affected the cryptocurrency sector in 2026.
As of now, Humanity Protocol is cooperating with exchanges and law‑enforcement agencies, but the full extent of the loss and the timeline for recovery remain uncertain. The project’s future operations, token price trajectory, and potential regulatory scrutiny will depend on the outcome of ongoing investigations and the effectiveness of its security remediation.
