Safety incident exposes a Humanity Basis member’s credentials, sending the biometric identification mission into disaster — and elevating deeper questions on insider involvement
Humanity Protocol’s H token crashed greater than 80% after attackers stole the non-public keys behind the mission and drained greater than $30 million, the newest in a 12 months of crypto thefts that concentrate on keys fairly than code.
What Occurred
On-chain analyst Specter was first to flag the assault, reporting that greater than 17 wallets holding H had been drained. Early losses topped $5 million earlier than reportedly rising to greater than $30 million. Blockchain monitoring platform Lookonchain confirmed the dimensions of the harm because it unfolded in actual time.
The stolen tokens have been shortly swapped into Ethereum by way of decentralized exchanges, accelerating downward stress on the H token. Compounding the harm, the attacker minted an extra 100 million H tokens on the BNB Chain, valued at roughly $11 million on the time, intensifying the selloff and deepening the value collapse.
In keeping with blockchain analytics platform Lookonchain, the attacker continued minting H tokens after the exploit, first creating 100 million H tokens on BNB Sensible Chain earlier than minting one other 100 million.
H fell from about $0.67 to close $0.13 and briefly touched $0.05 — an intraday drop of about 90%.
The Humanity Protocol has been exploited for greater than $30 million (Supply: Lookonchain)
Founder Confirms the Breach
Founder Terence Kwok confirmed that the breach stemmed from compromised non-public keys belonging to a Humanity Basis member, not a flaw within the protocol’s sensible contracts. The staff issued an pressing advisory instructing customers to halt all interactions with its bridge and liquidity swimming pools whereas mitigation efforts proceed.
In a public assertion on X, Kwok wrote: “We’ve detected a safety incident involving the compromise of personal keys belonging to a member of the Humanity Basis. As a precaution, please don’t work together with the bridge or any liquidity swimming pools till we affirm it’s secure. We’re already working with safety consultants.”
Safety agency Blockaid reported that the attacker had taken management of the H token’s proxy administrator on BSC Chain, which gave them the flexibility to mint new tokens — an influence that raised fast considerations amongst traders, as unauthorized provide will increase can considerably impression market confidence and token economics.
Humanity Protocol founder Terence Kwok Confirms the Hack
What Is Humanity Protocol
Humanity Protocol launched in 2024 as a decentralized digital identification community constructed round palm biometrics and zero-knowledge proofs. The mission was designed to confirm actual human customers and filter out bots and faux accounts, and that pitch helped draw severe institutional consideration. The mission raised $50 million throughout two funding rounds backed by Pantera Capital, Bounce Crypto, Animoca Manufacturers, and Blockchain.com, and it reached a reported valuation of $1.1 billion.
The mission had positioned itself as a direct rival to Sam Altman’s Worldcoin, permitting customers to show their humanity with out disclosing private knowledge — a pitch that gained momentum as considerations about AI-generated bots proliferated throughout the web. Its June 2025 token launch was adopted by controversy, nevertheless, with stories citing inside conversations suggesting that solely round 1 million of the 9 million registered identities had accomplished biometric verification.
The Unlock Strain Forward
The timing of the hack provides one other layer of concern. Information reveals a bigger batch of about 266 million H, price round $28 million, is about to unlock on June 25 throughout six allocations that embrace the muse treasury and a strategic reserve. With the token already decimated, the prospect of extra provide hitting the market has raised alarm amongst remaining holders.
ZachXBT Questions the Official Story
The staff’s account has not gone unchallenged. Distinguished on-chain sleuth ZachXBT mentioned he doesn’t belief the staff’s rationalization and raised suspicions that the incident could have been staged. “Not sure whether or not it’s a theft or MM (market maker),” ZachXBT wrote. “I’m not shopping for the staff’s story; it’s a handy approach for the energetic MM to have exited.”
ZachXBT’s publish was blunt: the staff selected to pump their token for weeks with zero fundamentals and now expects Crypto Twitter to blindly belief their story. He demanded the staff disclose their energetic market maker agreements with a Hong Kong entity earlier than asking for group belief.
ZachXBT additionally identified that three out of the 4 mission leaders have a doubtful previous — dealing with lawsuits, monetary fraud, and ineffective administration. The mission has not but responded to these particular allegations.
A part of a Broader 2026 Pattern
The Humanity Protocol incident is way from remoted. The hack suits the dominant sample of 2026, through which the most important losses have come from stolen keys fairly than flawed code. Solana alternate Drift misplaced about $285 million in April after attackers seized an administrative key, and Kelp DAO misplaced roughly $292 million the identical month via a single-validator bridge.
These assaults bypass protocol-level safety and as an alternative exploit operational weaknesses, usually leading to sooner and extra damaging outcomes. The occasion is more likely to intensify scrutiny on key custody practices, notably for tasks selling decentralization whereas sustaining centralized management factors.
What Customers Ought to Do
Humanity Protocol has urged all customers to keep away from interacting with its bridge or liquidity swimming pools till the staff points an all-clear. The mission has additionally warned customers to rely solely on official communication channels and stay alert to potential scams and impersonation makes an attempt that usually emerge following main safety incidents.
The H token is down 89% up to now 24 hours, in accordance with CoinGecko knowledge. On-chain analysts proceed monitoring the attacker’s wallets, although restoration of funds seems unlikely at this stage. The total image of what occurred — whether or not an exterior breach or one thing extra deliberate — stays beneath investigation.
