TLDR
- Humanity Protocol suffered a $30M+ exploit after a foundation member’s private keys were compromised
- The H token crashed 85–90%, falling from ~$0.67 to as low as $0.05
- At least 17 wallets were drained, with the attacker minting an extra 100M H tokens on BNB Chain
- The exploiter swapped stolen H tokens through DEXes including Kyber Network and PancakeSwap
- Private key attacks have become the dominant hack method in 2026, with hundreds of millions lost this year
Humanity Protocol, a decentralized identity project based on palm-scan biometrics, was exploited on Tuesday after attackers gained access to private keys belonging to a member of the Humanity Foundation.
Warning: The #Humanity hacker has minted 100M $H($11.4M) on BSC.
More selling pressure could be coming. Stay cautious.🚨https://t.co/qah4YyikAG pic.twitter.com/2X6lXLPMwK
— Lookonchain (@lookonchain) June 9, 2026
Founder and CEO Terence Kwok confirmed the breach publicly, saying the team was working with security experts and exchange partners to contain the damage.
At least 17 wallets connected to the project were drained. Losses exceeded $32 million and were still climbing at the time of reporting, according to on-chain data.
The attacker has been selling the stolen H tokens for ether across multiple decentralized exchanges, including Kyber Network and PancakeSwap. Blockchain data also shows the exploiter minted an additional 100 million H tokens on BNB Chain, worth roughly $11 million, adding further selling pressure.
H Token Price Collapses Up to 90%
The H token fell sharply following news of the breach. It dropped from around $0.67 to near $0.13, briefly touching $0.05 — an intraday decline of roughly 90%. At the time of writing, the token was trading around $0.08 to $0.13, down more than 80% on the day.
Kwok urged users to stop using the project’s bridge and liquidity pools until the situation is deemed safe. The bridge is the tool used to move tokens between different blockchains.
Onchain investigator “Specter” noted that wallets linked to or that had interacted with Humanity Protocol appeared to be targeted in what looked like an ongoing attack.
Arkham Intelligence confirmed the figures, reporting that the exploiter had stolen more than $30 million and was actively converting the tokens.
Humanity Protocol describes itself as a rival to Sam Altman’s Worldcoin. It uses zero-knowledge cryptography and palm biometrics to let users prove their identity without sharing personal data, built on a zkEVM blockchain.
Private Key Attacks Dominate Crypto Losses in 2026
The Humanity exploit is part of a wider pattern seen throughout 2026. The biggest crypto thefts this year have come from stolen private keys rather than flawed smart contract code.
In April, Solana-based exchange Drift lost around $285 million after attackers seized an administrative key. That same month, Kelp DAO lost roughly $292 million through a compromised single-validator bridge, with that attack linked to North Korea’s Lazarus Group.
Other projects hit by key-based attacks this year include Step Finance, Resolv, Volo Vault, Echo Bridge, Bankr, Polymarket, StablR, Stake DAO, Gravity Bridge, and Aelphium Bridge.
Security firm CertiK reported that wallet and private key compromises were the second-most costly attack type in May alone, with $13.7 million stolen that month.
The Humanity Protocol theft is still being investigated, and the team has not yet confirmed when the bridge and liquidity pools will reopen.
Be the first to comment