Hands operating a computer keyboard for a crypto private-key breach story.

A Compromised Private Key Just Cost Humanity Protocol More Than $36 Million

By Isaac June 9, 2026 8:16 am Comments

Humanity Protocol, a project built around proving you are a real human, lost control of a private key. The damage spread fast across two chains.

CoinDesk reported on June 9, 2026 that the H token crashed more than 80% after the hack. About 17 wallets tied to the project were emptied, with losses topping $32 million and still climbing.

The attacker did not sit on the stolen tokens. CoinDesk reported the thief was selling stolen H for ether and minted another 100 million H on BNB Chain, worth roughly $11 million in fresh sell pressure.

Trending: The AI That Cracked Zcash Just Put Monero on Its List

Founder Terence Kwok confirmed the cause on X and told users to back away from the project’s core infrastructure.

Kwok said private keys belonging to a member of the Humanity Foundation had been compromised. He warned users not to interact with the bridge or any liquidity pools until the team confirmed it was safe.

That warning is the part worth holding onto. When a project tells you to avoid its own bridge and pools, the smart contracts are not the problem.

The keys are.

CoinDesk added these details:

According to CoinDesk: Humanity Protocol’s H token fell more than 80% after attackers stole private keys tied to the project and drained more than $30 million from at least 17 wallets. The attacker sold stolen H for ether, minted another 100 million H on BNB Chain, and added new selling pressure as H briefly touched about $0.05 before trading near $0.13.

Humanity Protocol’s H token crashed more than 80% after a private-key hack. About 17 wallets tied to the project were emptied, with losses topping $32 million and still climbing.

The thief was selling stolen H for ether and minted another 100 million H on BNB Chain, worth roughly $11 million. Humanity founder Terence Kwok said on X that private keys belonging to a Humanity Foundation member had been compromised.

Kwok warned users not to interact with the bridge or liquidity pools until Humanity confirmed it was safe. Humanity later posted that more than $36 million had been stolen across Ethereum and BNB Chain and that the incident involved a coordinated attack.

Humanity said an employee laptop compromise allowed attackers to seize bridge controls, upgrade contracts, and steal more than $36 million in H tokens.

The team’s own number climbed higher than the early estimates.

Humanity posted that more than $36 million had been stolen across Ethereum and BSC in what it called a coordinated attack on June 8. The team said it was still investigating but wanted to be transparent with its community.

Cointelegraph filled in how the attackers got in.

Cointelegraph reported that Humanity said an employee laptop compromise allowed attackers to seize bridge controls, upgrade contracts, and steal more than $36 million in H tokens. By that account, the H token fell more than 85% after the compromise was disclosed.

One laptop. Bridge controls.

Contract upgrades. That is the entire failure chain, and none of it touched a line of audited Solidity.

On-chain trackers flagged the BNB Chain minting in real time.

Lookonchain warned that the Humanity hacker had minted 100 million H worth about $11.4 million on BSC, with more selling pressure likely to follow.

Cointelegraph added these details:

According to Humanity: Humanity posted an incident update saying the H token was hit by a coordinated attack across Ethereum and BSC on June 8. The project said more than $36 million had been stolen across both chains while the investigation continued.

Humanity founder Terence Kwok said on X that private keys belonging to a Humanity Foundation member had been compromised. Kwok warned users not to interact with the bridge or liquidity pools until Humanity confirmed it was safe.

Humanity later posted that more than $36 million had been stolen across Ethereum and BNB Chain and that the incident involved a coordinated attack. Humanity said an employee laptop compromise allowed attackers to seize bridge controls, upgrade contracts, and steal more than $36 million in H tokens.

the attack extended a severe 2026 DeFi-security stretch and quoted Cyvers’ Meir Dolev describing the event as an operational-security failure rather than a smart-contract bug. ZachXBT initially wrote that the incident seemed possibly staged, then posted an update saying further analysis suggested the market-maker and private-key-compromise issues appeared independent.

That framing matches a pattern that has held all year. The contracts hold up.

The humans behind the keys do not.

There was also early confusion about whether the whole thing was real. On-chain investigator ZachXBT first wrote that the incident seemed possibly staged, given some suspicious trading activity around the token.

He later posted that further analysis suggested the market-maker concerns and the private-key compromise appeared independent.

Two separate problems appeared to be landing on the same token in the same week.

For a protocol selling proof of personhood, losing tens of millions through a single compromised key is a hard message to send. The technology that holds the value is only as strong as the device sitting on someone’s desk.

Join the conversation!

We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.

 

Search ProCoinNews