Humanity Protocol confirmed a June 8 security breach that led to approximately $36.4 million in stolen and unauthorized minted assets. According to the project’s incident update, the exploit stemmed from malware on an employee laptop that allowed attackers to gain bridge administrator access.
The attackers obtained private keys belonging to a Humanity Foundation member, giving them control over critical bridge functions. On-chain data indicates the incident affected bridge infrastructure across Ethereum and BNB Smart Chain.
Malware Compromise Exposes Bridge Controls
The breach allowed the attacker to move 141.18 million H tokens on Ethereum and mint an additional 100 million H tokens on BNB Smart Chain. The exploit appears to have targeted administrative controls rather than a public smart contract flaw.
Security researchers said the compromise involved three of the six multisig keys needed to bypass signing thresholds. Those keys had reportedly been backed up on the compromised device, creating a single operational weakness with protocol-level consequences.
After gaining access, the attacker liquidated H tokens through decentralized exchanges, primarily Uniswap. The selling pressure caused the H token price to fall as much as 89%, reflecting both market panic and sudden liquidity imbalance.
Monitoring firms including Arkham Intelligence and Beosin mapped the theft cluster. Beosin identified a consolidation point where about $16.2 million worth of H was swapped for ETH and later distributed across several secondary addresses.
Protocol Moves Toward Token Replacement
In the immediate aftermath, Humanity Protocol CEO Terence Kwok advised users to stop interacting with the bridge and liquidity pools. The project has since started a recovery plan centered on replacing affected H assets for eligible users.
That plan includes the distribution of a newly audited ERC-20 token, intended to replace compromised tokens and restore a cleaner asset base. Eligibility details and final distribution mechanics remain central to the recovery process.
The incident adds to mounting concern around cross-chain bridge security, especially where administrator controls, multisig custody and emergency minting permissions intersect. Even when the exploit begins with endpoint malware, the result can still cascade into bridge-level asset creation and market disruption.
Analysts from Quantstamp suggested the complexity of the attack could indicate sophisticated actor involvement, although official attribution remains pending. Humanity Protocol said it is working with exchange partners and forensic experts to track remaining stolen funds.
For now, the confirmed picture is a bridge administrator compromise, large-scale unauthorized token movement and a recovery process based on token replacement. The next key updates will be fund-tracing progress, eligibility rules for the replacement token and a final post-mortem explaining how key-management controls failed.