Humanity Protocol suffered a private-key breach that drained and minted millions of $H tokens, triggering an 85% crash & over $30M in losses.
Author: Akshat Thakur
9th June 2026 – The Humanity Protocol hack drained more than $30 million from project-linked wallets early on June 9, sending the $H token down roughly 90% in hours. According to the team, attackers compromised the private keys of a Humanity Foundation member. The core protocol was not exploited.
High Signal Summary For A Quick Glance
LoneStar
@0xLoneStar
@lookonchain @Humanityprot One of the most clear inside jobs I’ve ever seen with how inorganically this token was pumping
Humanity(@Humanityprot) has been exploited, with losses exceeding $30M! The hacker is currently dumping $H and swapping it for $ETH. $H has already crashed ~90%. https://t.co/0Bhtu6TZDr https://t.co/cNGO70PHDH
02:36 AM·Jun 9, 2026
Peaceful Warrior
@RanjYousif
@lookonchain @Humanityprot a project literally called Humanity Protocol getting drained by one wallet is the most honest marketing crypto has ever done
Humanity(@Humanityprot) has been exploited, with losses exceeding $30M! The hacker is currently dumping $H and swapping it for $ETH. $H has already crashed ~90%. https://t.co/0Bhtu6TZDr https://t.co/cNGO70PHDH
02:01 AM·Jun 9, 2026
没事 | 404
@0xInnovate
@lookonchain @Humanityprot Finally we’ve found another utility for ETH which is money laundering, absolutely cinema
Humanity(@Humanityprot) has been exploited, with losses exceeding $30M! The hacker is currently dumping $H and swapping it for $ETH. $H has already crashed ~90%. https://t.co/0Bhtu6TZDr https://t.co/cNGO70PHDH
01:20 AM·Jun 9, 2026
High attention and emotional sentiment detected.
On-chain analysts first flagged the drains before 00:06 UTC. Soon after, the attacker began minting fresh $H and dumping it on decentralized exchanges. As a result, $H fell from near $0.70 to about $0.12 within a single trading session.
The breach started in the hours before the team went public. According to on-chain analyst SpecterAnalyst, suspicious transfers hit at least 17 project-linked wallets. Later estimates put the number closer to 19.
Crucially, this was not a smart contract bug or a bridge exploit. Instead, the attacker gained control of a Foundation member’s private keys. That access let them move $H directly from treasury and admin wallets.
The attacker then went further. On BNB Chain, they used minting authority to create new $H. Reports point to at least 100 million tokens minted, followed by another 100 million. Lookonchain flagged the BSC mint at around 03:18 UTC.
For now, the exact method of the key compromise remains unknown. Analysts suggest phishing or malware as likely causes. Notably, no evidence points to an on-chain protocol flaw.
After draining and minting $H, the attacker moved quickly to sell. According to Cointelegraph, the swaps ran through Kyber Network on Ethereum and PancakeSwap on BNB Chain. Each sale pushed the price lower.
This matters for recovery. Once stolen tokens become native ETH and BNB, they turn highly liquid and hard to freeze. In other words, there is no easy blacklist or pause button after conversion.
Blockchain tracker Arkham Intelligence labeled the attacker the “Humanity Protocol Exploiter.” As of latest data, the entity held about 18,079 ETH worth roughly $30.1 million. It also held around 2,443 BNB and 31.3 million $H.
So far, no funds have been recovered. The attacker has not used mixers like Tornado Cash, according to current reports. Instead, the proceeds are sitting in ETH and BNB.
Timeline of the Humanity Protocol ($H) Private-Key Compromise
On-chain analyst SpecterAnalyst publicly flags suspicious activity involving more than 17 project-linked wallets associated with Humanity Protocol. Multiple addresses holding $H on Ethereum begin transferring funds to attacker-controlled wallets. Early estimated losses already exceed $5 million.
As investigators continue tracking the incident, the number of compromised addresses rapidly expands into the hundreds. The attack appears linked to a shared exposure affecting Humanity Protocol-controlled wallets, though the root cause remains unknown at this stage.
Humanity Protocol founder Terence Kwok publishes the first internal warning, revealing that private keys belonging to a Humanity Foundation member have been compromised. Users are advised to avoid bridge and liquidity-pool interactions until further notice.
Lookonchain confirms that losses have surpassed $30 million. Investigators observe the attacker actively selling stolen $H tokens for ETH, creating immediate downward pressure on the market. An Arkham tracking entity is shared publicly to monitor attacker activity.
SpecterAnalyst reports that approximately $9 million worth of stolen $H has already been swapped into ETH, while another $9.9 million+ remains in attacker-controlled wallets awaiting liquidation. Liquidity rapidly deteriorates across trading venues.
The token falls from pre-exploit levels around $0.70–$0.73 to approximately $0.1229, representing an 83–90% decline depending on the reference point used. Trading volume explodes above $605 million as panic selling and attacker liquidations intensify.
Humanity Protocol formally acknowledges the incident, attributing it to a private-key compromise rather than a smart-contract vulnerability. The team states that core protocol infrastructure and user funds remain safe, while bridge and LP operations stay paused as a precaution.
An attacker-controlled address on BNB Chain mints approximately 100 million H directly from the null address. At prevailing prices the newly created tokens are valued at roughly $11.6 million. The tokens are subsequently sold into the market, adding further downward pressure.
Investigators identify multiple wallets accumulating proceeds from the exploit. One flagged address reportedly accumulates around 7,000 ETH, while another continues holding more than 20 million H pending additional sales or transfers.
The Humanity Protocol team begins working with security firms, blockchain investigators, and centralized exchanges in an effort to track attacker wallets, monitor mint activity, and potentially freeze identifiable funds before they are fully laundered.
Attacker-controlled wallets continue holding and selling portions of the stolen supply. No recovered funds have been announced, no final post-mortem has been released, and bridge/LP interactions remain paused. The next expected milestones are an official containment update, exchange coordination results, and a detailed forensic investigation into the private-key compromise.
The market reaction was brutal. The $H token fell about 82% in 24 hours, according to CoinGecko data. Some outlets, including The Block, reported drawdowns closer to 89%.
Before the breach, $H traded near $0.70. By contrast, it changed hands around $0.12 after the dumps began. The token had set an all-time high of $0.8439 on June 2, just one week earlier.
Meanwhile, trading volume exploded. CoinGecko showed 24-hour volume spiking to roughly $605 million. The market cap, however, fell to about $224 million from prior levels above $1 billion.
Founder Terence Kwok addressed the incident quickly. In an early post, he confirmed the compromise of a Foundation member’s private keys. He also urged users to avoid the bridge and liquidity pools.
The official Humanity Protocol account followed at 02:06 UTC. According to the statement, the team paused bridge and liquidity pool interactions as a precaution. It said core protocol and user funds on the main contracts remain secure.
In addition, the team said it is working with security experts and exchange partners. It asked users to trust updates only from its official account and from Kwok. For now, no all-clear has been given.
Reaction across X and Reddit turned sharply bearish. Many holders questioned the timing, which followed recent token unlocks and a sharp pump. As a result, some users floated insider or rug-pull theories.
However, those claims remain speculation. On-chain analysts, including Lookonchain and Arkham, have so far described the event as an external private-key compromise. No public evidence supports an insider narrative, and the team has not addressed the allegations beyond its key-compromise framing.
Humanity Protocol is a zkEVM Layer-2 building privacy-preserving Proof-of-Humanity. It uses palm-scan biometrics and zero-knowledge proofs for sybil-resistant identity. Backers include Animoca Brands, Polygon Labs, Pantera Capital, and Jump Crypto, which raised the stakes around this incident.
The project raised about $50 million across two rounds, most recently at a $1.1 billion valuation in January 2025. As of latest data, major exchanges such as Bybit, Bitget, and Gate.io still list $H, with no confirmed trading halts.
The immediate question is recovery, and the odds look slim. Because the attacker swapped into ETH and BNB, clawback options are limited. Still, exchange cooperation could help if the funds touch centralized venues.
Next, watch for the team’s all-clear on the bridge and liquidity pools. A full post-mortem on the key compromise would also help restore trust. Until then, the Humanity Protocol hack stands as another hard lesson in key management for identity projects.
This article is for information only and is not financial advice. Always do your own research before making any investment decision.
Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.
