Humanity Protocol June 2026 Exploit
Summary
On June 8-9, 2026, Humanity Protocol suffered a coordinated cross-chain exploit in which attackers compromised seven private keys stored on a single malware-infected employee laptop, draining approximately 447 million H tokens — valued at $32-36 million — across Ethereum and BNB Smart Chain. Blockchain investigator ZachXBT initially alleged the incident was 'possibly staged' based on pre-funded attacker wallets, suspicious market-making activity, and DEX-only token dumps, though he subsequently revised his assessment, concluding the private key compromise and the earlier suspicious market-making were independent events. The H token crashed between 87-89% within hours of the attack and remained deeply depressed ahead of a 266.5 million token unlock scheduled for June 25, 2026.
Connected Entities
1 entities · 10 linked investigationsTimeline(10 events)
2026-04-01
Alleged period during which attacker wallets were created and funded from exchanges and mixers, weeks before the exploit, according to on-chain analyst Elton's forensic findings cited by ZachXBT.
CryptoTimes / ZachXBT via Memeburn2026-05-30
H token surged 31% with a 134% volume increase, beginning a sustained price pump ahead of the exploit.
CryptoTimes2026-06-08
Coordinated cross-chain attack initiated. Attackers compromised a malware-infected developer laptop containing seven private keys. Admin hot wallet drained of approximately 6 million H tokens. Ethereum Gnosis Safe co-signer quorum achieved; ProxyAdmin transferred and bridge upgraded to malicious implementation, draining 141 million H tokens. BNB Chain Safe quorum achieved; ProxyAdmin seized and approximately 300 million H tokens unauthorized-minted.
crypto.news post-mortem reporting2026-06-09
Exploit disclosed publicly. Approximately 17+ project wallets confirmed drained. H token crashed from approximately $0.67-$0.73 to intraday lows near $0.05-$0.08, a decline of 87-93%. Stolen H tokens actively swapped for ETH on DEXes including Kyber Network and PancakeSwap. Approximately $23.7 million converted to ETH. CEO Terence Kwok confirmed breach and advised users to avoid bridge and liquidity pools.
CoinDesk / CryptoTimes2026-06-09
ZachXBT posted publicly calling the incident 'possibly staged,' citing pre-funded attacker wallets, DEX-only dumps, coordinated cross-chain execution, and prior suspicious market-making activity. On-chain analyst Elton's forensic findings referenced in support.
CryptoTimes2026-06-09
Humanity Protocol announced $1 million USDT bounty for information leading to recovery of stolen funds. Real-time exploiter wallet tracker launched and shared with exchanges.
BitcoinWorld2026-06-10
Post-mortem reporting expanded scope to approximately 447 million H tokens across all three breach vectors. Total losses revised upward to over $36 million.
CryptoTimes2026-06-10
ZachXBT updated his assessment, concluding the private key compromise and the suspicious market-making activity were 'independent of one another and not related,' effectively ruling out insider orchestration of the exploit itself.
crypto.news2026-06-25
Scheduled unlock of 266.5 million H tokens (approximately 2.7% of total supply) for vesting recipients. Represents a significant supply overhang event occurring less than three weeks after the exploit.
CoinGabbarDecision Log
- hash: JCPRdQapzwj8tPPW951o6fHpyF91d65pb7Ks9Ewh7Cky
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 6/15/2026, 11:04:44 PM
last updated: 6/15/2026, 11:04:55 PM
avoid.net — verified advice for a post-truth world