Safety incident exposes a Humanity Basis member’s credentials, sending the biometric id undertaking into disaster — and elevating deeper questions on insider involvement
Humanity Protocol’s H token crashed greater than 80% after attackers stole the non-public keys behind the undertaking and drained greater than $30 million, the newest in a 12 months of crypto thefts that focus on keys slightly than code.
What Occurred
On-chain analyst Specter was first to flag the assault, reporting that greater than 17 wallets holding H had been drained. Early losses topped $5 million earlier than reportedly rising to greater than $30 million. Blockchain monitoring platform Lookonchain confirmed the size of the harm because it unfolded in actual time.
The stolen tokens had been rapidly swapped into Ethereum by way of decentralized exchanges, accelerating downward stress on the H token. Compounding the harm, the attacker minted a further 100 million H tokens on the BNB Chain, valued at roughly $11 million on the time, intensifying the selloff and deepening the value collapse.
In line with blockchain analytics platform Lookonchain, the attacker continued minting H tokens after the exploit, first creating 100 million H tokens on BNB Sensible Chain earlier than minting one other 100 million.
H fell from about $0.67 to close $0.13 and briefly touched $0.05 — an intraday drop of about 90%.
The Humanity Protocol has been exploited for greater than $30 million (Supply: Lookonchain)
Founder Confirms the Breach
Founder Terence Kwok confirmed that the breach stemmed from compromised non-public keys belonging to a Humanity Basis member, not a flaw within the protocol’s sensible contracts. The crew issued an pressing advisory instructing customers to halt all interactions with its bridge and liquidity swimming pools whereas mitigation efforts proceed.
In a public assertion on X, Kwok wrote: “We’ve detected a safety incident involving the compromise of personal keys belonging to a member of the Humanity Basis. As a precaution, please don’t work together with the bridge or any liquidity swimming pools till we affirm it’s protected. We’re already working with safety specialists.”
Safety agency Blockaid reported that the attacker had taken management of the H token’s proxy administrator on BSC Chain, which gave them the power to mint new tokens — an influence that raised fast considerations amongst buyers, as unauthorized provide will increase can considerably impression market confidence and token economics.
Humanity Protocol founder Terence Kwok Confirms the Hack
What Is Humanity Protocol
Humanity Protocol launched in 2024 as a decentralized digital id community constructed round palm biometrics and zero-knowledge proofs. The undertaking was designed to confirm actual human customers and filter out bots and pretend accounts, and that pitch helped draw critical institutional consideration. The undertaking raised $50 million throughout two funding rounds backed by Pantera Capital, Bounce Crypto, Animoca Manufacturers, and Blockchain.com, and it reached a reported valuation of $1.1 billion.
The undertaking had positioned itself as a direct rival to Sam Altman’s Worldcoin, permitting customers to show their humanity with out disclosing private knowledge — a pitch that gained momentum as considerations about AI-generated bots proliferated throughout the web. Its June 2025 token launch was adopted by controversy, nevertheless, with stories citing inside conversations suggesting that solely round 1 million of the 9 million registered identities had accomplished biometric verification.
The Unlock Strain Forward
The timing of the hack provides one other layer of concern. Knowledge reveals a bigger batch of about 266 million H, value round $28 million, is ready to unlock on June 25 throughout six allocations that embody the muse treasury and a strategic reserve. With the token already decimated, the prospect of further provide hitting the market has raised alarm amongst remaining holders.
ZachXBT Questions the Official Story
The crew’s account has not gone unchallenged. Distinguished on-chain sleuth ZachXBT mentioned he doesn’t belief the crew’s clarification and raised suspicions that the incident might have been staged. “Uncertain whether or not it’s a theft or MM (market maker),” ZachXBT wrote. “I’m not shopping for the crew’s story; it’s a handy manner for the lively MM to have exited.”
ZachXBT’s publish was blunt: the crew selected to pump their token for weeks with zero fundamentals and now expects Crypto Twitter to blindly belief their story. He demanded the crew disclose their lively market maker agreements with a Hong Kong entity earlier than asking for neighborhood belief.
ZachXBT additionally identified that three out of the 4 undertaking leaders have a doubtful previous — dealing with lawsuits, monetary fraud, and ineffective administration. The undertaking has not but responded to these particular allegations.
A part of a Broader 2026 Pattern
The Humanity Protocol incident is way from remoted. The hack matches the dominant sample of 2026, during which the most important losses have come from stolen keys slightly than flawed code. Solana trade Drift misplaced about $285 million in April after attackers seized an administrative key, and Kelp DAO misplaced roughly $292 million the identical month by means of a single-validator bridge.
These assaults bypass protocol-level safety and as a substitute exploit operational weaknesses, typically leading to quicker and extra damaging outcomes. The occasion is more likely to intensify scrutiny on key custody practices, notably for initiatives selling decentralization whereas sustaining centralized management factors.
What Customers Ought to Do
Humanity Protocol has urged all customers to keep away from interacting with its bridge or liquidity swimming pools till the crew points an all-clear. The undertaking has additionally warned customers to rely solely on official communication channels and stay alert to potential scams and impersonation makes an attempt that usually emerge following main safety incidents.
The H token is down 89% up to now 24 hours, in line with CoinGecko knowledge. On-chain analysts proceed monitoring the attacker’s wallets, although restoration of funds seems unlikely at this stage. The total image of what occurred — whether or not an exterior breach or one thing extra deliberate — stays below investigation.
