On the night of June 8th, the Humanity Protocol was attacked, causing the H token to plummet from $0.67 to $0.05 within 12 hours, a drop of over 90%.
The attack vector has been confirmed: hackers gained control of three out of six Gnosis Safe multi-signature keys for the Hyperlane cross-chain bridge ProxyAdmin, immediately upgrading the contract to a malicious version and draining the protocol wallets on Ethereum and BSC. After the heist, the attackers further exploited minting privileges to create 100 million H tokens out of thin air on the BNB Chain, dumping them all into the market for ETH and BNB. Total losses exceed $36 million, with more than 17 wallets affected.
The official explanation is that a foundation member's laptop was hacked, leading to the leakage of private keys.
But this explanation has a structural problem—Gnosis Safe's multi-signature design is intended to prevent single points of failure. For three of the six keys to be compromised simultaneously, either multiple core members used the same infected device, or there is a serious flaw in key management, with keys centralized in one location. Both scenarios point to internal management issues and cannot simply be explained as "an employee's laptop getting hacked."
On-chain investigator ZachXBT subsequently raised questions, noting that the team had been pushing the price weeks before the incident, with no fundamental support, and demanded the team disclose the details of their agreement with Hong Kong market makers before discussing the event's authenticity.
Another independent chain's launch clue: Members of Humanity's core team previously participated in a project called Everything, which has successfully completed its funding.
As of now, ZachXBT has stated after further analysis that the private key leak and market maker operations appear as independent events on-chain and cannot be directly confirmed as related, but he has not retracted his concerns about the team's transparency.
The background of Humanity Protocol is also noteworthy: When the token launches in 2025, internal chat logs show that out of 9 million registered users, fewer than 1 million actually completed biometric verification, a figure that has never been officially confirmed.
The biggest structural risk from this incident isn't the $36 million loss itself—funds have already been moved and are likely unrecoverable. The real issue is that there are still 100 million newly minted H tokens circulating on-chain, creating sell pressure, and there's no public data to indicate whether the team has the motivation or capability to rebuild.
H tokens are currently hovering around $0.12, and the official recommendation is for users to pause using cross-chain bridges and liquidity pools while an investigation is ongoing.
#humanity协议私钥被盗3600万美元 #Humanity遭$2000万黑客攻击暂停桥接和流动池
