In Brief:
- Humanity Protocol’s founder Terence Kwok confirmed a security breach affecting the project’s private keys on June 9, leading to a 90% crash in the H token’s price.
- Initial loss estimates exceeded $30 million as the attacker exploited compromised keys, draining funds via direct access to the project.
- The incident highlights ongoing security vulnerabilities in DeFi, with total losses across such breaches surpassing $885 million in 2026 alone.
Breach details emerge
Humanity Protocol faced a serious security incident when private keys belonging to a member of the Humanity Foundation were compromised, leading to significant losses and a drastic decline in its H token value. Founder Terence Kwok revealed the breach occurred on June 9, advising users against interacting with the project’s bridge or any liquidity pools until it is deemed safe. The incident resulted in over $30 million lost, as attackers swiftly offloaded stolen tokens.
Blockchain analytics revealed that the H token plummeted approximately 90% as the hacker converted stolen assets into ETH. The exploit drew attention from firms like Lookonchain and PeckShieldAlert, which reported active wallet compromises related to the protocol.
While estimates of the total loss varied, reports later indicated losses could reach up to $36 million across multiple chains, marking it as one of 2026’s more significant security failures.
Mechanics of the attack
The breach resulted not from a smart contract flaw but from direct access obtained via compromised private keys. The attackers gained control of three out of six Gnosis Safe keys on Ethereum and three out of five on BSC, allowing them to drain approximately 141.2 million H and mint an additional 200 million H through malicious upgrades.
Meir Dolev, co-founder and CTO at Cyvers, labeled the incident as an operational security failure, stressing that vulnerabilities stemmed from internal management rather than external contract weaknesses.
Such private key compromises pose a severe risk, bypassing traditional on-chain security and providing attackers control over project assets. As the attacker moved assets to ETH and BNB, early reports indicated roughly $9 million in stolen H was already converted.
Impact on the H token
The H token’s value dropped sharply in the wake of the breach. Prices fell from around $0.73 to lows near $0.05 to $0.08. This massive decline erased substantial market capitalization, which plummeted from $2 billion to roughly $35.7 million.
This crash coincided with a period where the H token had been performing strongly, having recently surged from yearly lows.
Response from Humanity Protocol
Humanity Protocol confirmed the breach was due to compromised keys belonging to a Foundation member and reassured users that core protocols and smart contracts remained secure. The team urged users to avoid bridges, revoke approvals, and follow updates solely from verified channels.
Deposits and withdrawals on compromised bridges were halted as the team collaborated with security firms, exchanges, and law enforcement. Despite early calls for updates, the project had yet to release a detailed recovery or compensation plan.
Background on Humanity Protocol
Launched in 2024, Humanity Protocol utilizes biometrics and zero-knowledge cryptography for digital identity verification. It aims to distinguish real human users from bots, competing with other players in the Proof-of-Humanity sector. The project had raised $50 million and achieved a valuation of $1.1 billion.
However, it faced scrutiny early on due to a leaked conversation suggesting a substantial number of Human IDs had not undergone biometric verification, raising concerns about authenticity.
Current landscape for DeFi security
The Humanity Protocol breach adds to a troubling pattern in DeFi security, with over $885 million reported lost to hacks in the first half of 2026. Attack methods have evolved, with a marked increase in targeting private keys over smart contract vulnerabilities.
This shift underscores a broader trend where operational security failures become the primary avenue for significant losses in the crypto space. Humanity Protocol’s breach serves as a stark reminder of the vulnerabilities that persist even in established projects.
Next steps for the project
Humanity Protocol has paused affected bridges and is tracking stolen funds with security partners. Current user guidance emphasizes caution against participating in liquidity pools and staying informed through official channels.
The immediate future will focus on recovery efforts and restoring trust among users. The project’s capacity to address losses and improve key management processes will determine its credibility moving forward in the Proof-of-Humanity sector.
