Verify a decision

{"actor":"system:backfill","investigation_id":"95de98f0-3583-4807-92df-49e69f00ec08","kind":"publish","page_slug":"humanity-protocol-june-2026-hack","published_at":"2026-06-29T12:05:19.104Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Humanity Protocol June 2026 Hack","sections":[{"content":"On June 8, 2026, an attacker executed a coordinated exploit across Ethereum and BNB Smart Chain targeting Humanity Protocol's token bridge infrastructure. The attacker drained approximately 141.18 million H tokens from 17 project wallets on Ethereum and minted an additional approximately 200 million H tokens on BNB Chain using an unauthorized mint function. The combined assets were then liquidated across Uniswap and PancakeSwap within roughly eight hours, with proceeds converted primarily to ETH. Total losses were reported by the protocol and security researchers at approximately $36 million, though contemporaneous estimates varied between $31 million and $36 million as the sell-off continued. The H token price fell from approximately $0.67–$0.72 to an intraday low near $0.05, a decline exceeding 90%, before settling around $0.13–$0.20 by end of day.","heading":"Incident Overview","severity":"critical","sources":[{"credibility":1,"name":"Humanity Protocol token crashes more than 80% after a $32 million private-key hack — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/06/09/humanity-protocol-token-crashes-more-than-80-after-a-usd32-million-private-key-hack"},{"credibility":2,"name":"Humanity Protocol Reveals Employee Laptop Breach Behind $36M Exploit — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/09/humanity-protocol-reveals-employee-laptop-breach-behind-36m-exploit/"},{"credibility":2,"name":"One Laptop, $36 Million, and a Token Collapse: Inside the Humanity Protocol Exploit — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/10/one-laptop-36-million-and-a-token-collapse-inside-the-humanity-protocol-exploit/"}]},{"content":"The root cause of the exploit was an operational security failure rather than a smart-contract vulnerability. The Humanity Protocol bridge was governed by multisignature wallets: a 3-of-6 Gnosis Safe controlling the Hyperlane bridge ProxyAdmin on Ethereum, and a 3-of-5 configuration on BNB Smart Chain. Industry-standard multisig design requires keys to be distributed across separate individuals and devices; however, according to founder Terence Kwok, 'some of the keys were accidentally backed up to a compromised device during setup,' meaning a threshold-sufficient number of keys for both chains resided on or were accessible from a single employee's laptop.\n\nOn June 5, 2026 — three days before the on-chain exploit — a spear-phishing email impersonating South Korean cryptocurrency exchange Bithumb was sent to a Humanity Protocol director with whom Bithumb maintained active communications. The malicious attachment, when opened, deployed remote-access malware to the recipient's device, granting attackers full remote-desktop control while evading endpoint security systems. Attackers then exfiltrated wallet data and private keys stored on the machine.\n\nOn June 8, armed with sufficient signing keys, the attacker upgraded the Ethereum H token contract by transferring ProxyAdmin ownership to an attacker-controlled wallet and deploying a malicious implementation, then drained approximately 141.18 million H tokens in a single transaction. On BNB Smart Chain, the attacker used 3-of-5 keys to take control of a ProxyAdmin contract and install code with an unlimited mint function, creating approximately 200 million additional H tokens directly to their wallet. All stolen and minted tokens were subsequently liquidated on decentralized exchanges.","heading":"Attack Vector and Technical Mechanics","severity":"critical","sources":[{"credibility":1,"name":"Humanity's $36 million exploit happened because a multisig lived on one laptop — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/06/09/humanity-s-usd36-million-exploit-happened-because-a-multisig-wallet-lived-on-one-laptop"},{"credibility":2,"name":"Humanity Protocol $36M Hack: Phishing Email, DPRK Links Revealed — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/13/humanity-protocol-36m-hack-phishing-email-dprk-links-revealed/"},{"credibility":2,"name":"Explained: The Humanity Protocol Hack (June 2026) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-humanity-protocol-hack-june-2026"},{"credibility":2,"name":"Quantstamp Investigation Links Humanity Protocol Hack to DPRK Actors — Blockchain Reporter","type":"news_article","url":"https://blockchainreporter.net/quantstamp-investigation-links-humanity-protocol-hack-to-dprk-actors-141m-h-moved/"}]},{"content":"On June 12, 2026, Quantstamp published an investigation report concluding that the attack bore 'tooling and certificate-signing patterns characteristic of intrusions linked to the Democratic People's Republic of Korea (DPRK).' The report cited specific malware infrastructure details, a South Korean Hancom certificate-signing behavior, and overall operational tactics frequently observed in attacks attributed to the Lazarus Group and affiliated North Korean cyber units. Quantstamp noted that the simultaneous, coordinated operation across two separate blockchains suggested 'preparation that pre-dated the phishing entry point and points to a group with deep blockchain engineering resources.'\n\nQuantstamp's public report stopped short of definitive attribution and did not disclose specific attacker wallet addresses in its public release. The DPRK attribution is consistent with a broader pattern of North Korean state-sponsored actors targeting cryptocurrency projects through social engineering and phishing campaigns throughout 2025–2026. Cryptobriefing and multiple secondary outlets reported the attribution; no law enforcement agency had publicly confirmed or contested the Quantstamp findings as of the investigation date.","heading":"DPRK Attribution","severity":"critical","sources":[{"credibility":2,"name":"Humanity Protocol's $36M hack linked to suspected North Korean hackers, Quantstamp reports — Crypto Briefing","type":"news_article","url":"https://cryptobriefing.com/humanity-protocol-36m-hack-north-korean-hackers/"},{"credibility":2,"name":"Quantstamp Investigation Links Humanity Protocol Hack to DPRK Actors, 141M H Moved — Blockchain Reporter","type":"news_article","url":"https://blockchainreporter.net/quantstamp-investigation-links-humanity-protocol-hack-to-dprk-actors-141m-h-moved/"},{"credibility":2,"name":"Quantstamp Links Humanity Protocol's $36M Hack to Suspected NK Actors — MEXC News","type":"news_article","url":"https://www.mexc.com/news/1145806"},{"credibility":2,"name":"Quantstamp links June 8 H token breach to North Korean hackers — Crypto Briefing","type":"news_article","url":"https://cryptobriefing.com/quantstamp-h-token-breach-north-korean-hackers/"}]},{"content":"On-chain investigator ZachXBT publicly disputed the official narrative on June 9, 2026, characterizing the incident as 'possibly staged' and alleging the team used it as cover for an active market maker's coordinated exit, stating 'The incident seems possibly staged. I am not buying the team's story.' ZachXBT alleged the team had engaged in market manipulation ('crime pumping') of the token ahead of the exploit with no real fundamental support.\n\nOn-chain analyst Elton provided additional forensic evidence supporting the staged theory: attacker wallets were allegedly pre-funded weeks in advance (late April to May 2026) via exchange and mixer deposits, suggesting advance preparation. The minting mechanism on BNB Chain also showed signs of being tested ('warmed up') days before the actual exploit deployment. The coordinated cross-chain execution — simultaneous drains on Ethereum and mints on BNB Chain — was cited as difficult for an opportunistic external attacker to orchestrate.\n\nHowever, ZachXBT subsequently revised his assessment after further on-chain analysis of fund movements. He later concluded that the attack stemmed from a private key compromise rather than insider orchestration, separating the suspicious pre-existing market activity from the exploit itself. His updated position was reported by Crypto.news. Separately, analyst Specter had flagged concerns in June 2025 that three of four named team leads had 'questionable pasts involving mismanagement, lawsuits, or financial wrongdoing,' though no specific charges were cited in available sources.","heading":"Inside Job Allegations and ZachXBT Investigation","severity":"high","sources":[{"credibility":2,"name":"ZachXBT Calls $32M Humanity Protocol Hack 'Possibly Staged,' $H Crashes 86% — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/09/zachxbt-calls-32m-humanity-protocol-hack-possibly-staged-h-crashes-86/"},{"credibility":2,"name":"ZachXBT rules out insider theft in Humanity Protocol's $31M exploit — Crypto.news","type":"news_article","url":"https://crypto.news/zachxbt-rules-out-insider-theft-in-humanity-protocols-31m-exploit/"},{"credibility":2,"name":"Humanity Protocol Loses $32M in Private Key Hack as ZachXBT Calls Incident 'Possibly Staged' — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/humanity-protocol-exploit-zachxbt-staged/"},{"credibility":2,"name":"Is Humanity Protocol's $32M Hack an Exit Scam? What ZachXBT's Investigation Reveals — Memeburn","type":"news_article","url":"https://memeburn.com/is-humanity-protocols-32m-hack-an-exit-scam-what-zachxbts-investigation-reveals/"}]},{"content":"The exploit exposed systemic operational security failures in Humanity Protocol's key management practices. The fundamental purpose of a multisignature wallet — distributing signing authority across multiple independent devices and custodians — was negated by concentrating a threshold-sufficient number of private keys on a single employee laptop. Founder Terence Kwok acknowledged this directly, stating the keys 'were accidentally backed up to a compromised device during setup.' Additionally, some keys were reported to have been inadvertently cloud-backed up, further expanding the attack surface.\n\nThe Ethereum bridge used a 3-of-6 Gnosis Safe configuration and the BNB Chain bridge a 3-of-5 configuration. Having three or more signing keys on one device for each chain meant that a single point of compromise — the laptop — was sufficient for a full protocol takeover on both chains without any additional access requirements. Industry standards for securing significant on-chain assets recommend hardware security modules (HSMs), airgapped signing devices, and strict key distribution policies that prevent any single device from holding a threshold number of keys.\n\nThe BNB Smart Chain deployment remained 'irreparably compromised' post-incident and was abandoned; the Ethereum deployment was subsequently secured or mitigated.","heading":"Operational Security Failures","severity":"critical","sources":[{"credibility":1,"name":"Humanity's $36 million exploit happened because a multisig lived on one laptop — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/06/09/humanity-s-usd36-million-exploit-happened-because-a-multisig-wallet-lived-on-one-laptop"},{"credibility":2,"name":"Explained: The Humanity Protocol Hack (June 2026) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-humanity-protocol-hack-june-2026"}]},{"content":"Humanity Protocol was founded by Terence Kwok, who previously founded Tink Labs in Hong Kong in 2012 at age 19. Tink Labs operated the 'Handy' smartphone rental service for hotel guests, raised approximately $170 million from investors including SoftBank, Foxconn, and Innovation Works, and reached a peak valuation of approximately $1.5 billion, becoming Hong Kong's first startup unicorn. The firm expanded to cover 82 countries and 600,000 hotel rooms at its peak.\n\nTink Labs subsequently collapsed: the company reported operating losses of £9.06 million in 2017, was accused by SoftBank of diverting funds from its Japanese joint venture to loss-making markets in other regions, failed to meet payroll for over 100 employees in July 2019, and officially closed on August 1, 2019. Liquidation proceedings were initiated in January 2020. Former employees were publicly critical of Kwok's management, with a former HR executive characterizing his priorities as focused solely on 'making money.'\n\nKwok launched Humanity Protocol in 2024, raising $30 million led by Kingsway Capital in May 2024 and subsequently raising $20 million led by Pantera Capital and Jump Crypto in January 2025 at a $1.1 billion fully diluted valuation. The prior insolvency history has been cited by analysts as a relevant risk factor, though no direct causal link to the 2026 security incident has been established by independent investigators.","heading":"Founder Background and Prior History","severity":"medium","sources":[{"credibility":2,"name":"How Humanity Protocol CEO drove his previous firm to insolvency — Protos","type":"news_article","url":"https://protos.com/how-humanity-protocol-ceo-drove-his-previous-firm-to-insolvency/"},{"credibility":2,"name":"Humanity Protocol Boss Terence Kwok Nearly Bankrupted Tink Labs — CCN","type":"news_article","url":"https://www.ccn.com/news/crypto/humanity-protocol-terence-kwok-tink-labs/"},{"credibility":1,"name":"Pantera Capital and Jump Crypto lead $20 million funding round for Humanity Protocol — The Block","type":"news_article","url":"https://www.theblock.co/post/337538/pantera-capital-and-jump-crypto-lead-20-million-funding-round-for-humanity-protocol"},{"credibility":2,"name":"Humanity Protocol Secures $20M Funding, Hits $1.1B Valuation — Coinspeaker","type":"news_article","url":"https://www.coinspeaker.com/humanity-protocol-secures-20m-funding-hits-1-1b-valuation/"}]},{"content":"The H token experienced one of the largest single-day price collapses in the project's history following the exploit. The token fell from approximately $0.67–$0.72 to an intraday low near $0.05, a decline of approximately 90% at the trough, before partially recovering to approximately $0.13–$0.20 by close of trading on June 9, 2026, representing an approximately 80–86% net decline for the day. Market capitalization fell 86% intraday, with approximately $23–$25 million in tokens swapped for ETH and BNB across Uniswap, PancakeSwap, and Kyber Network during the liquidation phase.\n\nAdditionally, a large token unlock of approximately 266 million H tokens, valued at approximately $28 million at pre-hack prices and covering foundation treasury and strategic reserve allocations, was scheduled for June 25, 2026 — roughly two weeks after the exploit. This impending unlock amplified market concern about additional selling pressure beyond the immediate hack proceeds.\n\nHumanity Protocol's bridge deposits and withdrawals were suspended immediately following detection of the attack. The protocol team removed its team page from the project website in the immediate aftermath, a decision that generated additional negative community sentiment.","heading":"Token Impact and Market Effects","severity":"high","sources":[{"credibility":1,"name":"Humanity Protocol token crashes more than 80% after a $32 million private-key hack — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/06/09/humanity-protocol-token-crashes-more-than-80-after-a-usd32-million-private-key-hack"},{"credibility":2,"name":"ZachXBT Calls $32M Humanity Protocol Hack 'Possibly Staged,' $H Crashes 86% — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/09/zachxbt-calls-32m-humanity-protocol-hack-possibly-staged-h-crashes-86/"},{"credibility":2,"name":"Humanity Protocol hacked for $31M; token price drops 90% — KuCoin","type":"news_article","url":"https://www.kucoin.com/news/flash/humanity-protocol-hacked-for-31m-token-price-drops-90"}]},{"content":"Humanity Protocol announced a recovery plan on approximately June 16, 2026. The plan centered on deploying a new audited ERC-20 smart contract on Ethereum to replace the compromised H token across all three networks (Ethereum, BNB Chain, and Humanity Mainnet). Eligible holders would receive new H tokens on a 1:1 basis based on balances captured at pre-exploit snapshot blocks: Ethereum block 25,274,179, BNB Chain block 103,071,069, and Humanity Mainnet block 24,247,803.\n\nExternally owned accounts (EOAs) were to receive tokens directly; assets held in liquidity pools and other smart contracts would be transferred to a dedicated vault pending verification. A dedicated H Compensation Fund was established for cases involving third-party protocol integrations, decentralized liquidity pool exposure, and investors who purchased H tokens after the snapshot date. Compensation claimants were required to complete identity verification procedures given the DPRK attribution of the attack.\n\nAddresses linked to the attacker and entities identified by Quantstamp were explicitly excluded from the redistribution. The former H tokens on all three networks were declared 'sunsetted.' Humanity Mainnet was announced for relaunch 'in the coming weeks' with the new H token as the native gas token. Founder Terence Kwok confirmed bridge deposits and withdrawals were halted and stated the protocol was coordinating with exchanges and law enforcement.","heading":"Recovery and Response","severity":"medium","sources":[{"credibility":2,"name":"Humanity Protocol Unveils H Token Recovery and Airdrop Plan Post $36M Hack — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/16/humanity-protocol-unveils-h-token-recovery-and-airdrop-plan-post-36m-hack/"},{"credibility":2,"name":"Humanity Protocol sets new H airdrop after $36M exploit — Crypto.news","type":"news_article","url":"https://crypto.news/humanity-protocol-sets-new-h-airdrop-after-36m-exploit/"},{"credibility":2,"name":"Humanity Protocol Plans New H Token After $36 Million Key Compromise — NewsBTC","type":"news_article","url":"https://www.newsbtc.com/news/humanity-protocol-plans-new-h-token-after-36-million-key-compromise/"},{"credibility":2,"name":"Humanity Protocol Launches New H Token Airdrop After $36M Exploit — The Defiant","type":"news_article","url":"https://thedefiant.io/news/tokens/humanity-protocol-h-token-airdrop-recovery-36m-exploit"}]},{"content":"The Humanity Protocol exploit represents part of a documented pattern in 2026 in which major cryptocurrency losses have stemmed primarily from stolen private keys and social engineering rather than smart-contract code vulnerabilities. Security researchers and industry observers noted similarities to the Drift $285 million hack in April 2026 and the Kelp DAO $292 million incident. North Korean state-sponsored actors, particularly those associated with the Lazarus Group, have been attributed by various security firms and government agencies with a substantial proportion of major crypto heists in 2025 and 2026. The tactic of phishing key management personnel with impersonation emails targeting trusted business contacts is consistent with known DPRK operational tradecraft documented in prior incidents.","heading":"Broader Industry Context","severity":"medium","sources":[{"credibility":1,"name":"Humanity Protocol token crashes more than 80% after a $32 million private-key hack — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/06/09/humanity-protocol-token-crashes-more-than-80-after-a-usd32-million-private-key-hack"},{"credibility":2,"name":"Humanity Protocol's $36M hack linked to suspected North Korean hackers, Quantstamp reports — Crypto Briefing","type":"news_article","url":"https://cryptobriefing.com/humanity-protocol-36m-hack-north-korean-hackers/"}]}],"sources_used":[{"credibility":1,"name":"Humanity Protocol token crashes more than 80% after a $32 million private-key hack — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/06/09/humanity-protocol-token-crashes-more-than-80-after-a-usd32-million-private-key-hack"},{"credibility":1,"name":"Humanity's $36 million exploit happened because a multisig lived on one laptop — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/06/09/humanity-s-usd36-million-exploit-happened-because-a-multisig-wallet-lived-on-one-laptop"},{"credibility":1,"name":"Pantera Capital and Jump Crypto lead $20 million funding round for Humanity Protocol — The Block","type":"news_article","url":"https://www.theblock.co/post/337538/pantera-capital-and-jump-crypto-lead-20-million-funding-round-for-humanity-protocol"},{"credibility":2,"name":"Humanity Protocol's $36M hack linked to suspected North Korean hackers, Quantstamp reports — Crypto Briefing","type":"news_article","url":"https://cryptobriefing.com/humanity-protocol-36m-hack-north-korean-hackers/"},{"credibility":2,"name":"Quantstamp links June 8 H token breach to North Korean hackers — Crypto Briefing","type":"news_article","url":"https://cryptobriefing.com/quantstamp-h-token-breach-north-korean-hackers/"},{"credibility":2,"name":"ZachXBT Calls $32M Humanity Protocol Hack 'Possibly Staged,' $H Crashes 86% — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/09/zachxbt-calls-32m-humanity-protocol-hack-possibly-staged-h-crashes-86/"},{"credibility":2,"name":"Humanity Protocol Reveals Employee Laptop Breach Behind $36M Exploit — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/09/humanity-protocol-reveals-employee-laptop-breach-behind-36m-exploit/"},{"credibility":2,"name":"One Laptop, $36 Million, and a Token Collapse: Inside the Humanity Protocol Exploit — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/10/one-laptop-36-million-and-a-token-collapse-inside-the-humanity-protocol-exploit/"},{"credibility":2,"name":"Humanity Protocol $36M Hack: Phishing Email, DPRK Links Revealed — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/13/humanity-protocol-36m-hack-phishing-email-dprk-links-revealed/"},{"credibility":2,"name":"Humanity Protocol Unveils H Token Recovery and Airdrop Plan Post $36M Hack — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/16/humanity-protocol-unveils-h-token-recovery-and-airdrop-plan-post-36m-hack/"},{"credibility":2,"name":"ZachXBT rules out insider theft in Humanity Protocol's $31M exploit — Crypto.news","type":"news_article","url":"https://crypto.news/zachxbt-rules-out-insider-theft-in-humanity-protocols-31m-exploit/"},{"credibility":2,"name":"Humanity Protocol Loses $32M in Private Key Hack as ZachXBT Calls Incident 'Possibly Staged' — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/humanity-protocol-exploit-zachxbt-staged/"},{"credibility":2,"name":"Quantstamp Investigation Links Humanity Protocol Hack to DPRK Actors — Blockchain Reporter","type":"news_article","url":"https://blockchainreporter.net/quantstamp-investigation-links-humanity-protocol-hack-to-dprk-actors-141m-h-moved/"},{"credibility":2,"name":"Humanity Protocol sets new H airdrop after $36M exploit — Crypto.news","type":"news_article","url":"https://crypto.news/humanity-protocol-sets-new-h-airdrop-after-36m-exploit/"},{"credibility":2,"name":"Humanity Protocol Plans New H Token After $36 Million Key Compromise — NewsBTC","type":"news_article","url":"https://www.newsbtc.com/news/humanity-protocol-plans-new-h-token-after-36-million-key-compromise/"},{"credibility":2,"name":"Humanity Protocol Launches New H Token Airdrop After $36M Exploit — The Defiant","type":"news_article","url":"https://thedefiant.io/news/tokens/humanity-protocol-h-token-airdrop-recovery-36m-exploit"},{"credibility":2,"name":"How Humanity Protocol CEO drove his previous firm to insolvency — Protos","type":"news_article","url":"https://protos.com/how-humanity-protocol-ceo-drove-his-previous-firm-to-insolvency/"},{"credibility":2,"name":"Humanity Protocol Boss Terence Kwok Nearly Bankrupted Tink Labs — CCN","type":"news_article","url":"https://www.ccn.com/news/crypto/humanity-protocol-terence-kwok-tink-labs/"},{"credibility":2,"name":"Humanity Protocol Secures $20M Funding, Hits $1.1B Valuation — Coinspeaker","type":"news_article","url":"https://www.coinspeaker.com/humanity-protocol-secures-20m-funding-hits-1-1b-valuation/"},{"credibility":2,"name":"Explained: The Humanity Protocol Hack (June 2026) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-humanity-protocol-hack-june-2026"},{"credibility":2,"name":"Is Humanity Protocol's $32M Hack an Exit Scam? What ZachXBT's Investigation Reveals — Memeburn","type":"news_article","url":"https://memeburn.com/is-humanity-protocols-32m-hack-an-exit-scam-what-zachxbts-investigation-reveals/"},{"credibility":2,"name":"Humanity Protocol hacked for $31M; token price drops 90% — KuCoin","type":"news_article","url":"https://www.kucoin.com/news/flash/humanity-protocol-hacked-for-31m-token-price-drops-90"},{"credibility":2,"name":"Humanity Protocol Hack Tied to North Korean Group, $36M Lost — Blockchain.news","type":"news_article","url":"https://blockchain.news/news/humanity-protocol-hack-north-korean-link"}],"summary":"On June 8–9, 2026, Humanity Protocol — a palm-biometric decentralized identity project backed by Pantera Capital and Jump Crypto at a $1.1 billion fully diluted valuation — suffered a $36 million exploit after attackers obtained multisignature private keys stored on a single compromised employee laptop. Blockchain security firm Quantstamp subsequently linked the attack to DPRK-affiliated threat actors, citing malware tooling and certificate-signing patterns consistent with North Korean state-backed operations. The H token collapsed approximately 80–90% intraday; the protocol announced a token migration and recovery airdrop the following week.","timeline":[{"date":"2024-05-01","event":"Humanity Protocol raises $30 million in funding led by Kingsway Capital at a $1 billion valuation.","source":"Coinspeaker","source_url":"https://www.coinspeaker.com/humanity-protocol-secures-20m-funding-hits-1-1b-valuation/"},{"date":"2025-01-27","event":"Humanity Protocol raises $20 million in a round led by Pantera Capital and Jump Crypto, reaching a $1.1 billion fully diluted valuation.","source":"The Block","source_url":"https://www.theblock.co/post/337538/pantera-capital-and-jump-crypto-lead-20-million-funding-round-for-humanity-protocol"},{"date":"2026-06-05","event":"A spear-phishing email impersonating South Korean exchange Bithumb is sent to a Humanity Protocol director, deploying remote-access malware on their device when the attachment is opened.","source":"CryptoTimes (Quantstamp report coverage)","source_url":"https://www.cryptotimes.io/2026/06/13/humanity-protocol-36m-hack-phishing-email-dprk-links-revealed/"},{"date":"2026-06-08","event":"Attackers use compromised private keys to upgrade the Ethereum H token bridge contract, drain approximately 141.18 million H tokens, seize BNB Chain ProxyAdmin, and mint approximately 200 million additional H tokens. Stolen and minted tokens are liquidated on Uniswap and PancakeSwap. Total losses reach approximately $36 million.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2026/06/09/humanity-s-usd36-million-exploit-happened-because-a-multisig-wallet-lived-on-one-laptop"},{"date":"2026-06-09","event":"Humanity Protocol founder Terence Kwok publicly confirms the private key compromise. The H token falls more than 80–90% intraday. ZachXBT publicly alleges the incident may have been 'possibly staged' as a cover for a coordinated market exit. Bridge deposits and withdrawals are suspended.","source":"CoinDesk / CryptoTimes","source_url":"https://www.cryptotimes.io/2026/06/09/zachxbt-calls-32m-humanity-protocol-hack-possibly-staged-h-crashes-86/"},{"date":"2026-06-12","event":"Quantstamp publishes its investigation report linking the attack to DPRK-affiliated threat actors based on malware tooling, certificate-signing patterns, and operational characteristics consistent with Lazarus Group intrusions.","source":"Crypto Briefing","source_url":"https://cryptobriefing.com/humanity-protocol-36m-hack-north-korean-hackers/"},{"date":"2026-06-13","event":"ZachXBT updates his assessment, ruling out insider theft and concluding the exploit was the result of a private key compromise rather than an inside job, separating the suspicious pre-existing market activity from the hack itself.","source":"Crypto.news","source_url":"https://crypto.news/zachxbt-rules-out-insider-theft-in-humanity-protocols-31m-exploit/"},{"date":"2026-06-16","event":"Humanity Protocol announces a recovery plan: new audited ERC-20 H token deployed on Ethereum, 1:1 airdrop based on pre-exploit snapshots, H Compensation Fund for edge cases, and mandatory identity verification for compensation claimants. Humanity Mainnet relaunch announced for 'coming weeks.'","source":"CryptoTimes","source_url":"https://www.cryptotimes.io/2026/06/16/humanity-protocol-unveils-h-token-recovery-and-airdrop-plan-post-36m-hack/"}]},"v":1}