Key Takeaways
- Hackers exploited a compromised employee laptop to access private keys controlling Humanity Protocol’s cross-chain bridges.
- Three out of six multisignature keys were obtained, granting attackers control over bridge contracts on Ethereum and BNB Chain.
- Approximately 141 million H tokens were extracted from Ethereum, while 200 million tokens were illegally minted on BNB Chain.
- H token value plummeted more than 85%, crashing from approximately $0.67 to as low as $0.05.
- On-chain analysts detected suspicious wallet movements prior to the attack, though no confirmed insider connection has been established.
Humanity Protocol revealed this Tuesday that cybercriminals successfully extracted more than $36 million in H tokens following unauthorized access to private keys housed on a compromised employee computer.
The platform operates cross-chain bridges enabling H token transfers between Ethereum and BNB Chain networks. These bridges were secured using multisignature wallet technology — a security framework requiring multiple key approvals before executing transactions or implementing contract modifications.
Project founder Terence Kwok explained that the key distribution system was properly deployed across four separate individuals as designed. However, a critical error occurred during the initial configuration phase when several keys were inadvertently saved to a single machine that ultimately fell into malicious hands.
“Some of the keys were accidentally backed up to a compromised device during setup,” Kwok said.
The Attack Timeline and Execution
On Ethereum, the perpetrators successfully obtained three of the six keys connected to the bridge’s administrative account. This threshold granted them complete operational control. They proceeded to swap the authentic bridge contract with a fraudulent replacement, extracting approximately 141.2 million H tokens through a single massive transaction.
On BNB Chain, the attackers secured three of five necessary keys. They injected an unrestricted minting capability into the bridge’s smart contract and exploited this vulnerability to create 200 million fresh H tokens, transferring them immediately to their controlled wallet addresses.
The development team suspended all deposit and withdrawal operations on both affected bridges upon detecting the security breach.
Market Collapse and Price Destruction
The H token had experienced significant upward momentum in the weeks preceding the security incident, surging from approximately $0.20 to $0.70. Following the exploit’s public disclosure, the token’s value catastrophically collapsed to roughly $0.05 — representing a devastating decline exceeding 85%.
While the token subsequently rebounded toward the $0.20 mark, substantial damage to investor confidence had already occurred. In the aftermath of the incident, Humanity Protocol’s team information page was also deleted from their official website.
Investigating the Attack’s True Nature
Blockchain security investigator ZachXBT initially raised concerns about potentially suspicious market-making operations and private over-the-counter transactions involving H tokens, questioning whether these activities might be linked to the breach. He subsequently clarified that these trading patterns appeared unrelated to the key compromise itself.
Security researcher Elton Shehdula from Allium Labs suggested the blockchain evidence indicated a carefully orchestrated operation rather than an opportunistic hack. He observed that wallet addresses involved in the attack received funding from both a centralized exchange and a mixing service several weeks before execution. Additionally, the attacker appeared to test minting permissions days before launching the full-scale exploit, with the simultaneous drainage occurring across both blockchain networks at once.
Shehdula indicated this degree of strategic planning was characteristic of either an insider threat or an external adversary who had quietly possessed the compromised keys for an extended period.
Cyvers security director Hakan Unal noted the blockchain forensics present an ambiguous picture. He explained that authentic external breaches typically exhibit hurried characteristics — rapid fund transfers to newly created wallets, inefficient token swaps, and immediate mixer usage. Conversely, a potentially coordinated event might display more calculated timing, particularly coinciding with token unlock schedules or vesting milestones.
Currently, Humanity Protocol states it is collaborating with cryptocurrency exchanges and relevant stakeholders to explore potential recovery strategies. The root cause behind the initial laptop compromise remains undisclosed to the public.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
