Humanity Protocol has disclosed new details about the security breach that rocked its ecosystem, confirming that a compromised employee laptop enabled attackers to gain control of critical bridge infrastructure and steal more than $36 million worth of H tokens.
In an incident update published on X, the project said the attack occurred on June 8 and affected both Ethereum and BSC Chain. The disclosure comes after blockchain security firms first detected suspicious token movements and large-scale wallet drains tied to the protocol.
The latest statement provides the clearest explanation yet of how the exploit unfolded, following earlier reports that linked the incident to a private key compromise.
Compromised keys led to bridge takeover
According to Humanity Protocol, attackers gained access to multiple Gnosis Safe owner keys controlling the protocol’s bridge administration systems.
The project said three of six Gnosis Safe owner keys tied to the Hyperlane bridge ProxyAdmin on Ethereum were compromised. Using those credentials, the attacker allegedly transferred ownership of the ProxyAdmin contract, upgraded the bridge to a malicious implementation, and drained approximately 141.2 million H tokens in a single transaction.
On BSC Chain, Humanity said three of five Safe owner keys were also compromised.
The attacker allegedly repeated the same process, seizing ProxyAdmin control before deploying a malicious contract containing an unlimited mint function.
Over 200 Million H tokens minted on BSC Chain
Humanity Protocol said the attacker minted 200,000,005 H tokens across two separate transactions on BSC Chain before transferring the newly created tokens to wallets under their control.
Combined with the Ethereum bridge exploit, the incident resulted in more than $36 million worth of H tokens being stolen and rapidly sold into the market.
“Three of six Gnosis Safe owner keys controlling the Hyperlane bridge ProxyAdmin were compromised,” Humanity Protocol said. “The attacker used these to transfer ProxyAdmin ownership to their own wallet, then upgraded the bridge contract to a malicious implementation.”
The team added that the attacker executed a similar ProxyAdmin takeover on BSC Chain before minting additional tokens.
Token collapse deepens
The disclosure comes after H suffered one of the sharpest declines in the digital asset market this month.
Earlier reports indicated attackers had drained roughly $10 million worth of H tokens before minting an additional 100 million tokens on BSC Chain. Blockchain investigators, including ZachXBT, publicly questioned the circumstances surrounding the exploit, with ZachXBT describing the incident as “possibly staged” while seeking additional information.
Prior to the attack, Humanity Protocol had been one of the stronger-performing altcoins of early June. On June 1, the project gained attention after H surged more than 60% amid growing investor interest in decentralized identity infrastructure and broader altcoin rotation trends.
That momentum has now reversed dramatically. According to CoinMarketCap data, H has fallen roughly 86% from pre-exploit levels as investors reacted to the massive token issuance and subsequent selling pressure.
Recovery efforts underway
Humanity Protocol said it has halted deposits and withdrawals across affected bridge infrastructure and is coordinating with exchanges, ecosystem partners, and law enforcement agencies.
The team said efforts are underway to trace stolen funds, investigate the breach, and potentially recover a portion of the assets.
“We’re working closely with the police to investigate this incident and recover some of the stolen funds,” the project said.
Humanity Protocol also pledged to publish a full post-mortem report detailing the incident and remediation measures.
“We know words can’t fix this,” the team added. “We’re going to show up, keep you in the loop, and do the work to earn back the trust you placed in us.”
Questions remain
While the project has now attributed the exploit to an employee laptop compromise, the scale of the breach has triggered scrutiny within the crypto community, particularly given the number of administrative keys reportedly affected across multiple chains.
Market participants are now awaiting the project’s full technical post-mortem, which is expected to provide additional details regarding how the compromise occurred, what security controls failed, and what measures Humanity Protocol plans to implement to prevent a similar incident in the future.
Also read: AFI Protocol Shares Incident Update After $480K Exploit, Begins Recovery
