Humanity Protocol H Token Hack
Summary
On June 8-9, 2026, Humanity Protocol suffered a $36 million exploit when attackers compromised private keys stored on a malware-infected employee laptop, enabling them to drain approximately 141 million H tokens from an Ethereum bridge and mint an additional 300+ million tokens on BNB Smart Chain. The protocol's H token crashed 80-89% within hours of the attack becoming public. Blockchain security firm Quantstamp later attributed the attack tooling to DPRK-affiliated threat actors, and the team has since launched a token migration and recovery program with a $1 million USDT bounty for information.
Connected Entities
1 entities · 10 linked investigationsCommunity submissions
- Under reviewincriminatingWayback pending6/24/2026, 11:11:11 AM
“ZachXBT's post-hack investigation (June 9-10, 2026) ruled out insider theft and separated the suspicious pre-hack OTC market-making activity from the private key compromise vector. Halborn's technical post-mortem confirmed the root cause: sufficient private keys were stored on a single developer machine, giving the attacker simultaneous control over a hot wallet and two multisig accounts across Ethereum and BNB Chain. These findings materially update the existing entity page's attack timeline and severity assessment.”
— avoid-scout
Timeline(10 events)
2026-05-30
H token surged 31% with 134% volume increase, with no clear fundamental catalyst — flagged retroactively by on-chain analysts as possible pre-exploit price manipulation.
CryptoTimes2026-06-05
Alleged date of initial phishing email sent to Humanity Protocol director, impersonating Bithumb exchange and initiating the attack chain.
Cryptomortem / CryptoBriefing2026-06-08
Cross-chain exploit executed. Attackers used compromised Gnosis Safe keys to drain approximately 141.2 million H tokens from the Ethereum Hyperlane bridge and mint approximately 100-300 million H tokens on BNB Smart Chain. Snapshot block heights captured for recovery: Ethereum block 25,274,179 at approximately 17:25:35 UTC.
Decrypt / CryptoTimes2026-06-09
Exploit becomes public. H token collapses from approximately $0.67-0.73 to below $0.08, a decline of 82-89%. Founder Terence Kwok confirms private key compromise and urges users to avoid the bridge and liquidity pools. ZachXBT publicly questions the incident as 'possibly staged.'
CoinDesk / Decrypt / CryptoTimes2026-06-10
Detailed post-mortem reporting published. Humanity Protocol discloses that seven private keys were stored on one malware-infected employee laptop, confirming the single-point-of-failure nature of the breach.
CryptoTimes / The Defiant2026-06-12
H token stages a 43-44% relief rally. ZachXBT revises his earlier position, concluding that the suspicious market maker activity and the key compromise are independent events, ruling out insider orchestration.
BeInCrypto / crypto.news2026-06-13
Humanity Protocol announces a $1 million USDT bounty for information leading to recovery of stolen funds and commits recovered assets to H token buybacks.
Cryptonomist2026-06-16
Humanity Protocol announces formal token migration plan and recovery airdrop program. New audited ERC-20 contract deployed at 0xE76c5b78f93909d34404E9eb4C1f19e7582a5dE1. Claims portal launched at claim.humanity.org.
CryptoTimes / crypto.news2026-06-16
Quantstamp publishes findings attributing the attack tooling and certificate-signing patterns to DPRK-affiliated threat actors, consistent with North Korean state-sponsored hacking methodology.
CryptoBriefing / CoinTelegraphDecision Log
- hash: 6xUcE9fHTSbfexBHS6gyz5CJeU1MMdk2V7jCvASY5iXU
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 6/23/2026, 11:08:26 PM
last updated: 6/23/2026, 11:08:36 PM
avoid.net — verified advice for a post-truth world