Humanity Protocol Loses $36 Million in Crypto Funds After Private Keys Are Compromised, Token Price Plunges 73%

Humanity Protocol’s native token, H, plunged more than 80% on Tuesday after hackers compromised private keys linked to the project, seized control of bridge administrator functions, and stole more than $36 million worth of crypto assets across the Ethereum and BNB Chain networks.

In a statement, Humanity Protocol said the attack, which occurred on Monday, was coordinated across Ethereum and BNB Smart Chain (BSC). Preliminary investigations suggest the breach began after an employee’s laptop was compromised.

The incident adds to a growing list of security failures in the DeFi sector. According to DeFiLlama, more than $885 million has been lost to DeFi-related hacks during the first six months of 2026.

The project said attackers gained control of three out of six Gnosis Safe keys on Ethereum and three out of five keys on BSC. This allowed them to take over ProxyAdmin privileges, drain approximately 141.2 million H tokens, and mint an additional 200 million H tokens through a malicious smart contract upgrade.

CoinGecko data shows that H fell from $0.73 on Monday to a low of $0.079 on Tuesday morning, representing a decline of about 89%. Although the token later recovered to around $0.20, it remained down roughly 73% over the past 24 hours after recently trading near its all-time high of $0.80.

Humanity Protocol founder Terence Kwok confirmed the breach and advised users to avoid interacting with the project’s infrastructure until the situation is fully contained.

Humanity Protocol is a zero-knowledge Layer-2 blockchain focused on decentralized digital identity. The project’s “Proof of Humanity” system verifies users through palm scans rather than iris or facial recognition technology.

The team said it has suspended deposits and withdrawals on the affected bridges and is working with cryptocurrency exchanges and law enforcement agencies to track and recover the stolen funds.

“We understand that members of this community worked hard for what they hold here, and we feel the weight of that responsibility,” the project said, while promising to release a detailed post-mortem report.

Meir Dolev, Co-Founder and CTO of blockchain security firm Cyvers, told Decrypt that the incident was not caused by a smart contract vulnerability but by an operational security failure involving a compromised private key associated with a Humanity Foundation member.

According to Dolev, the attacker used admin-level access to mint 100 million new H tokens worth approximately $12.9 million. The stolen and newly minted tokens were then swapped into ETH and BNB before being distributed across multiple wallets.

He added that draining roughly $30 million required owner-level privileges that enabled the attacker to increase token supply through a proxy contract upgrade and directly access protocol-controlled wallets.

“The core issue is structural: a single trusted key had authority over both the funds and the ability to rewrite the rules,” Dolev said.

He also suggested that Kwok’s warning for users to stay away from the project’s bridge and liquidity pools may indicate that the incident has not yet been fully contained.

Although the attacker still holds a significant amount of H tokens, Dolev noted that limited market liquidity prevents them from fully liquidating their position without causing further price disruption. He said the public warning may also be intended to discourage additional liquidity from entering the market.

Meanwhile, Humanity Protocol is scheduled to unlock 266.5 million H tokens, equivalent to 9.4% of the circulating supply, on June 25. According to Tokenomist data, those tokens were worth approximately $33 million before the token’s sharp decline.

Blockchain investigator ZachXBT initially described the incident as “possibly staged,” suggesting it could have provided a convenient exit opportunity for an active market maker. However, after conducting further analysis, he later withdrew that claim.

“After further analysis of the laundering activity, it appears that the suspicious market maker activity, OTC transactions, and private key compromise were separate events and not connected,” ZachXBT wrote.

Dolev cautioned that on-chain evidence remains inconclusive. He said the movement of the stolen funds in the coming days, along with the history of the compromised private key, will likely determine the true nature of the attack.