Overview
- Humanity Protocol says a malware-infected developer device exposed seven backed-up private keys that the attacker used to breach bridge and admin infrastructure during the June 8–9 incident.
- Using those keys the attacker transferred ProxyAdmin ownership, upgraded bridge contracts, drained about 141.2 million H from the Ethereum bridge and minted roughly 300 million H on BNB Smart Chain, producing about 447 million affected tokens in total.
- On-chain monitors estimate more than $36 million was taken or monetized as the exploiter swapped large amounts of stolen H for ETH, driving an 80–90% intraday collapse in the H token and severely straining liquidity.
- Humanity halted deposits and withdrawals on the affected bridges, launched a live tracker and a $1 million bounty, and said it is working with exchanges, external security firms and law enforcement while a full post-mortem and recovery plan are prepared.
- The incident highlights a wider 2026 pattern of operational security failures where compromised keys, not smart-contract bugs, enable large DeFi losses and leaves users and investors facing unclear prospects for reimbursement and token recovery.