Humanity Protocol, the decentralized identity project that uses palm-vein biometrics and zero-knowledge proofs for “Proof of Humanity” verification, suffered a $30-32 million exploit that drained 17-19+ wallets and crashed its $H token by 80-93% within hours. The team has attributed the incident to the compromise of private keys belonging to a Humanity Foundation member.
But the official narrative is being publicly contested. On-chain investigator ZachXBT has called the incident “possibly staged” and accused the team of “crime pumping” the token before the dump. Independent analyst Elton has documented on-chain patterns — pre-funded attacker wallets dating back weeks, a “warmed up” minting authority, and coordinated dumps across two chains — that he says are “consistent with either an insider or an outside actor who had quietly held the compromised key for some time.”
According to the Blockaid post, approximately $10 million worth of H tokens were moved to attacker-controlled addresses during the initial phase of the exploit.
The security firm said early evidence suggests the breach originated from a compromised private key rather than a vulnerability within the token’s smart contract.
Attacker allegedly takes control of H Token
According to multiple on-chain analysts tracking the incident in real time, attackers executed a coordinated operation across Ethereum and BNB Chain. Approximately 17-19+ wallets linked to Humanity Protocol were drained of their existing $H holdings. The attackers then minted approximately 100 million new $H tokens on BNB Chain from the null address (0x000…000) — meaning the tokens were created from nothing using the contract’s minting authority rather than transferred from existing holdings.
According to the security firm, the attacker minted an additional 100 million H tokens, worth approximately $12.9 million at the time, and transferred them to a newly created wallet.
The ability to mint new tokens raised immediate concerns among investors, as unauthorized supply increases can significantly impact market confidence and token economics.
The newly minted tokens were dumped on decentralized exchanges including Uniswap, PancakeSwap, and Kyber, with approximately $23-25 million in $H swapped for ETH and BNB. According to Elton’s on-chain analysis, attacker wallets ended up holding approximately $23 million in ETH and BNB combined, with approximately $4 million moved toward mixers for laundering.
Security researchers monitoring the incident noted that administrative key compromises can often be more damaging than conventional smart contract exploits because they provide direct access to privileged protocol functions.
Humanity protocol confirms private key compromise
Several hours after disclosing the attack, Humanity Protocol publicly acknowledged the incident and confirmed that private keys belonging to a member of the Humanity Foundation had been compromised.
In an official statement, the project said protecting users remained its highest priority and that it was actively working with security experts and exchange partners to investigate the breach.
The team urged users to avoid interacting with affected infrastructure while investigations remain ongoing.
“As a precaution, please do NOT interact with the bridge or any liquidity pools until we give the all clear.”
Founder Terence Kwok echoed the statement with a personal apology: “We’re already working with security experts and our exchange partners on resolution. We’re deeply sorry — protecting this community is our responsibility, and we’ll keep you updated every step of the way.”
Humanity Protocol also warned users to rely only on official communication channels and remain alert to potential scams and impersonation attempts that often emerge following major security incidents.
The project emphasized that it would continue providing verified updates as additional information becomes available.
Foundation recommends revoking contract approvals
As the investigation progressed, the Humanity Foundation issued a further security advisory recommending that users temporarily revoke approvals granted to Humanity Protocol contracts.
The measure was described as a precautionary step while teams continue assessing the full scope of the compromise.
“With user security being our first concern, we recommend all users to temporarily revoke approvals to our contract until we further investigate the recent compromise.”
The recommendation reflects growing concerns that compromised administrative access could potentially expose users to additional risks through previously authorized smart contract permissions.
H Token plunges nearly 86%
The exploit has had an immediate and severe impact on market sentiment.
According to CoinMarketCap data, Humanity Protocol’s H token has fallen nearly 86% in 24 hours as traders reacted to reports of wallet drains, unauthorized token minting, and uncertainty surrounding the project’s administrative controls. The H token has dropped from $0.7183 to $0.099 at the time of reporting. Token’s market cap has also declined by 86% to $282 million.
The decline represents a dramatic reversal from the token’s recent momentum.
Just days earlier, Humanity Protocol had emerged as one of the stronger-performing altcoin projects during a broader market rotation into narratives tied to decentralized identity, artificial intelligence, and privacy-focused infrastructure.
On June 6, the project announced the launch of H staking on Humanity Chain, offering 30 million H tokens in rewards across two staking pools. However, the security incident has since overshadowed those developments and shifted attention toward the protocol’s security practices and recovery efforts.
ZachXBT’s Public Skepticism
On-chain investigator ZachXBT — who has built a track record exposing market manipulation and insider control schemes across multiple 2026 tokens, including RAVE, EDGE, SIREN, and most recently RAIN Protocol’s alleged links to DOP and TOMI networks — publicly questioned the team’s narrative within hours of the incident.
In a post on X, ZachXBT wrote: “The ‘incident’ seems possibly staged. I am not buying the teams story it’s a convenient way for the active MM to have exited.”
The “active MM” reference points to ZachXBT’s prior analysis of $H trading patterns, in which he had observed, “Unsure whether it’s a theft or MM. Check the chart and it seems H team was possibly working with an active MM given supply concentration. However all H was sold on DEX vs CEX.”
In a follow-up post approximately 20 minutes later, ZachXBT escalated his critique: “You choose to crime pump your token for weeks with zero fundamentals and think CT will blindly trust your story? Disclose your active MM agreements with the HK entity first….”
The accusation is significant in two ways. First, ZachXBT is alleging that Humanity Protocol’s price action before the exploit was itself manipulated — a “crime pump” with no underlying fundamentals to justify the valuation. Second, he is implying that the “hack” provided a convenient exit for an active market maker (MM) that had been coordinating with the team. If true, this would constitute insider-orchestrated market manipulation rather than an external compromise.
Elton’s On-Chain Forensics
The most detailed technical analysis came from on-chain analyst Elton (@eltoniselton), who posted a forensic breakdown approximately five hours after the incident.
According to Elton, the on-chain pattern “points to a potentially planned, coordinated operation rather than a lone opportunist.” His specific findings:
- Attacker wallets were pre-funded weeks in advance. Funding came from an exchange and a mixer in late April and May 2026 — well before the incident, indicating advance preparation rather than an opportunistic compromise of recently-stolen keys.
- The minting authority was “warmed up” days before the actual exploit. Elton characterizes this as suggestive that someone with access to the minting capability tested the mechanism before deploying it at scale.
- The dump was coordinated across two chains simultaneously. Both the Ethereum drain and the BNB Chain mint occurred within a tight time window, requiring coordinated execution that would be difficult for a lone opportunist who had just compromised the keys.
- Approximately 298 million $H tokens were involved across all attacker actions, including the new mints, existing drains, and DEX swaps.
Elton’s conclusion: the level of setup and access “is consistent with either an insider or an outside actor who had quietly held the compromised key for some time.” Both scenarios are plausible from his analysis—but both contradict the most charitable reading of the team’s “key compromise was just discovered” framing, which would suggest a more recent and reactive attacker timeline.
The Pre-Existing Team Skepticism
ZachXBT’s critique referenced an older investigative thread by on-chain analyst Specter from June 26, 2025, titled “A Closer Look at Humanity Protocol Team Leads.” Specter’s thread raised concerns about three of four named team leads, alleging “questionable pasts involving mismanagement, lawsuits, or financial wrongdoing.”
The Specter thread highlighted the following:
- Terence Kwok, founder and CEO, was previously the founder of Tink Labs, which raised $200 million at a peak $1.5 billion valuation before going bankrupt in 2019.
- The thread also referenced Mario Nawfal and Yat Siu (chairman of Animoca Brands) in connection with the project, with various allegations about each.
Growing security challenges across crypto
The Humanity Protocol incident adds to a growing list of high-profile crypto security breaches reported in recent months, highlighting the persistent risks facing blockchain infrastructure projects.
Earlier this month, Syscoin temporarily suspended its bridge operations after discovering a validation flaw that enabled the creation of approximately 5 billion unauthorized SYS tokens. The project later identified the affected validation mechanism and implemented a fix while working to neutralize the unauthorized supply.
In April, Hyperbridge also halted bridge activity following a $237,000 exploit linked to a verification bug that allowed attackers to mint excess tokens. The incident prompted an emergency response from developers as they worked to secure affected systems and prevent further unauthorized token creation.
Together with the Humanity Protocol breach, these incidents have reinforced industry concerns surrounding bridge security, privileged administrative controls, and the risks associated with compromised wallet credentials. Security experts have increasingly emphasized the importance of multi-signature protections, timelocks, continuous audits, and stronger operational security practices to reduce the impact of key-compromise attacks.
As blockchain networks become more interconnected and tokenized ecosystems continue to expand, safeguarding critical infrastructure remains one of the sector’s most pressing challenges.
Investigations remain ongoing as security researchers continue tracking attacker-controlled wallets and monitoring the movement of affected funds across Ethereum and BNB Chain.
Also read: SAHARA’s 60% Crash: X Claims Team Dumped Before Massive Token Unlock
