Humanity Protocol Suffers $36M Hack Through Compromised Employee Device

Key Takeaways

• A security breach involving an employee’s laptop led to the exposure of private keys controlling Humanity Protocol’s bridge infrastructure.
• The attackers gained control of three out of six multisig keys, enabling them to manipulate token bridges on both Ethereum and BNB Chain.
• Approximately 141 million H tokens were extracted from Ethereum, while 200 million tokens were illegally minted on BNB Chain.
• H token’s value plummeted more than 85%, declining from approximately $0.67 to bottoming out at $0.05.
• On-chain analysts detected suspicious wallet movements before the attack occurred, though no conclusive evidence of insider involvement has emerged.

Humanity Protocol revealed this Tuesday that cybercriminals successfully extracted more than $36 million in its H token following unauthorized access to private keys housed on a compromised employee computer.

The platform operates cross-chain bridges facilitating H token transfers between Ethereum and BNB Chain networks. These bridges were safeguarded using multisignature wallet technology—a security mechanism demanding multiple key approvals before executing transactions or modifying smart contracts.

According to founder Terence Kwok, the key distribution followed proper protocol across four separate individuals. However, a critical error occurred during the initial configuration phase when several keys were inadvertently stored on one device that subsequently fell victim to compromise.

“Some of the keys were accidentally backed up to a compromised device during setup,” Kwok said.

Breaking Down the Exploit

On Ethereum, the perpetrators secured three of the six keys associated with the bridge’s administrative account. This threshold gave them complete authority over the system. They swapped the authentic bridge smart contract with a fraudulent replacement and extracted approximately 141.2 million H tokens through one massive transaction.

On BNB Chain, the attackers compromised three of five keys. They injected an unlimited minting capability into the bridge contract and exploited it to create 200 million fresh H tokens, transferring them straight into their controlled wallet.

The development team immediately suspended all deposit and withdrawal operations on both compromised bridges upon detecting the security breach.

Market Reaction and Price Collapse

The H token had experienced strong upward momentum during the weeks preceding the breach, surging from approximately $0.20 to $0.70. Following public disclosure of the exploit, the token’s value crashed to around $0.05—representing a catastrophic decline exceeding 85%.

While the token eventually rebounded toward the $0.20 level, significant damage had already occurred. In the aftermath, Humanity Protocol’s team information page was also taken down from their official website.

Investigating the Attack’s Source

On-chain investigator ZachXBT initially raised concerns about potential connections between irregular market-making operations and over-the-counter H token transactions and the security breach. He subsequently clarified that these activities appeared unrelated to the key compromise incident.

Security researcher Elton Shehdula from Allium Labs suggested the blockchain evidence indicated a carefully orchestrated operation. He observed that wallets participating in the attack received funding from both an exchange and a mixing service several weeks beforehand. The attacker also seemingly tested minting permissions days before launching the full-scale exploit, with the drainage occurring simultaneously across both blockchain networks.

Shehdula indicated that such meticulous preparation suggests either an internal threat actor or an external adversary who had maintained covert possession of the compromised key for an extended period.

Cyvers security director Hakan Unal noted that the blockchain evidence presents an ambiguous picture. He explained that authentic external attacks typically display hasty characteristics—rapid fund transfers to newly created wallets, disadvantageous swap rates, and immediate mixer usage. Conversely, orchestrated events may exhibit more controlled timing patterns, particularly coinciding with token unlock schedules or vesting milestones.

Currently, Humanity Protocol states it is collaborating with cryptocurrency exchanges and additional stakeholders to explore potential recovery strategies. The specific circumstances surrounding the initial laptop compromise remain undisclosed to the public.

The post Humanity Protocol Suffers $36M Hack Through Compromised Employee Device appeared first on Blockonomi.