Buy Crypto
Pay with
USD
USD
Buy & Sell
Hot
Supports Visa, Mastercard, SEPA & more
P2P
0 Fees
Flexible trading, zero fees
Gate Card
Use your crypto for payments worldwide
P2P Loan
Grow your wealth in fiat investment
Markets
Trade
Basic
Advanced
Futures
Futures
Access hundreds of perpetual contracts
CFD
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Stocks
CFD
U.S. stock CFD derivatives
U.S. Stocks
Direct access to U.S. stocks now in app
Futures
High leverage, 24/7 trading
Tokenized Stocks
Backed by real stock assets
GUSD
Mint GUSD for Treasury RWA yields
Earn
Launch
CandyDrop
tag
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
IPO Access
tag
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Investment
Square
Square
Post, share, and explore crypto trends
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
flower_head
More
Promotions
AI
Others
TradFi
IPO
Rewards

Humanity Protocol Loses $36M in H Tokens After Laptop Compromise

EthanBrooks
Security Incidents
H-50.28%
ETH-1.87%
BNB-2.17%

Humanity Protocol disclosed that attackers stole more than $36 million in H tokens after an employee laptop compromise exposed keys tied to bridge administration on Ethereum and BNB Chain. Three of six Gnosis Safe owner keys were compromised, giving attackers control to upgrade bridge contracts into malicious versions. On Ethereum, attackers drained around 141.2 million H tokens; on BNB Chain, they minted 200 million H tokens directly to their wallet after adding unlimited token creation functionality.

Attackers Compromised Three Gnosis Safe Keys to Control Bridge Contracts

In an incident update, Humanity Protocol stated the attack affected the H token across both Ethereum and BNB Chain. Three of six Gnosis Safe owner keys were compromised, providing attackers with sufficient control to take over bridge administration. Once control was gained, they upgraded the bridge contracts into malicious versions.

On Ethereum, the attackers drained around 141.2 million H tokens. On BNB Chain, they added a function allowing unlimited token creation, then minted 200 million H tokens directly to their own wallet. Humanity founder Terence Kwok said the project used multisignature controls across 4 individuals, but that some keys may have been exposed during setup. "What we believe happened was some of the keys were accidentally backed up to a compromised device," Kwok said.

Laptop Backup Exposed Multiple Signing Keys During Setup

Kwok said Humanity uses "a licensed custodian for the majority of token treasury" and MPC for its operations treasury. However, he also stated that "for certain contracts, multisig keys were set up in one place and then dispersed," leaving some keys backed up on a compromised device.

The distinction matters because treasury custody and operational controls may appear strong, but bridge administration can remain vulnerable if contract upgrade rights, mint authority, or emergency controls depend on exposed keys. In this case, attackers did not only move existing assets—they changed the contracts themselves and created new token supply on one chain.

Blockchain Investigators Initially Questioned Market-Maker Activity

The H token fell more than 85% after Humanity disclosed the private key compromise. The collapse drew scrutiny from blockchain investigators, partly because some community members questioned whether the attack was purely external or connected to unusual token activity before an upcoming unlock.

Blockchain investigator ZachXBT initially questioned whether Humanity's market maker and over-the-counter activity were connected to the exploit. He later said that after further analysis, the market-maker and OTC activity appeared to be independent from the private key compromise.

Cyvers senior security operations lead Hakan Unal said onchain behavior can initially look similar in a genuine compromise and a staged incident because the attacker holds legitimate admin rights in both cases. "What distinguishes them is the surrounding behavior," Unal said. "A genuine compromise usually shows speed and improvisation: funds rushed to fresh wallets, swaps at bad prices, mixer use, and no insider timing."

Unal said a staged incident may instead show suspicious timing near unlocks or vesting, concentrated supply, orderly movement, or proceeds that eventually route back toward team-linked addresses or market makers. "Right now the evidence is mixed, which is why the question is open," he added.

Allium Labs research lead Elton Shehdula said the exploit's onchain pattern pointed to a potentially planned and coordinated operation rather than a lone opportunist. He said wallets were funded from an exchange and a mixer weeks in advance, the minting authority was "warmed up" days before the attack, and the sell-off happened across 2 chains at the same time. Shehdula said the setup was consistent with either an "insider or an outside actor" who had quietly held the compromised key for some time.

Humanity Protocol Halted Bridge Deposits and Withdrawals

Humanity halted deposits and withdrawals to the affected bridges and said it is working with exchanges and related parties to reduce damage and review recovery options. Kwok warned users not to interact with the bridge or liquidity pools after the compromise was disclosed.

FAQ

How did attackers steal $36 million from Humanity Protocol?

Attackers compromised three of six Gnosis Safe owner keys through an employee laptop, gaining control of bridge administration on Ethereum and BNB Chain. They upgraded bridge contracts into malicious versions, drained 141.2 million H tokens on Ethereum, and minted 200 million H tokens on BNB Chain.

Why did one compromised laptop lead to a protocol-level crisis?

Humanity founder Terence Kwok said some multisig keys were set up in one place and then dispersed, leaving keys accidentally backed up on a compromised device. This allowed attackers to control bridge upgrade rights and mint authority, enabling them to change contracts and create new token supply.

What actions did Humanity Protocol take after the attack?

Humanity halted deposits and withdrawals to the affected bridges and stated it is working with exchanges and related parties to reduce damage and review recovery options. The protocol warned users not to interact with the bridge or liquidity pools after the compromise was disclosed.

View Source
Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.

Related News

5h ago
Humanity Protocol Hit by $32M Hack on June 9; ZachXBT Questions If Exit Was Staged
9h ago
Humility Protocol's H Token Hit by Coordinated Attack, $36 Million Stolen Overnight
11h ago
Humanity Protocol Loses $31M in Private Key Breach as Token Crashes 80%
Related Articles

Token of Power Loses $1.58M in Governance Exploit Draining Balancer Pool

Ethan Brooks5h ago

Bitmine Continues Aggressive Ethereum Accumulation as Others Scale Back

TheNewsCrypto5h ago

Humanity Protocol Loses $31M in Private Key Breach, Token Crashes 80%

Ethan Brooks11h ago

Humanity Protocol private key leak leads to losses of over $31 million, H token plunges 89%

Market Whisper17h ago
Comment
0/400
No comments