CoinDesk
Humanity Protocol suffered a $36 million exploit after an employee's laptop — holding multiple bridge admin keys across both Ethereum and BNB Chain — was compromised, exposing a fundamental failure in the project's key management. The attacker obtained three of six Ethereum keys and three of five BNB Chain keys, all stored on the same device, crossing the multisig approval threshold on both chains.
On Ethereum, the attacker transferred bridge ownership to their own wallet, replaced the bridge contract with malicious code, and drained approximately 141 million H tokens in a single transaction. On BNB Chain, they installed a contract with an unlimited mint function and minted roughly 200 million H tokens directly to their wallet. Founder Terence Kwok told CoinDesk that keys were "accidentally backed up to a compromised device during setup" — a setup that was supposed to distribute keys across four individuals but failed in execution.
Why it matters
Multisig wallets are a cornerstone security primitive in crypto precisely because they distribute trust across multiple devices and signers. Concentrating all keys on one machine negates that protection entirely. For a project backed by Pantera Capital and Jump Crypto at a $1.1 billion valuation, the lapse is a reputational and structural blow. Onchain investigator ZachXBT separately flagged suspicious price action in H ahead of a scheduled token unlock — the token surged from $0.20 to $0.70 in two weeks before the breach — though he noted the key compromise and the market-making activity appear unrelated.
Market impact
H token plunged more than 80% during the attack, bottoming near $0.05 before recovering to approximately $0.20. It remains well below the pre-breach level of roughly $0.67.
Frequently asked questions
-
How did storing multisig keys on one device enable the $36M Humanity Protocol hack?
A multisig wallet requires multiple separate keys to approve transactions, designed to prevent any single point of failure. Because Humanity stored all required keys on one laptop, compromising that device gave the attacker enough signatures to seize bridge control on both Ethereum and BNB Chain.
-
What happened to the H token price after the Humanity Protocol exploit?
H token fell more than 80% during the attack, dropping to roughly $0.05 before recovering to around $0.20. It remains well below the pre-breach level of approximately $0.67, with the attacker continuing to dump stolen tokens for ether.
-
Was the suspicious H token price surge before the breach connected to the hack?
Onchain investigator ZachXBT flagged that H ran from $0.20 to $0.70 in the two weeks before the exploit, ahead of a scheduled token unlock. He concluded that the suspicious market-making activity and the key compromise appear to be unrelated events.
CryptoSlate
WuBlockchain
Lookonchain
TheBlock