Humanity Protocol has disclosed that more than $36 million worth of H tokens have been stolen after attackers compromised multiple administrative keys and seized control of bridge infrastructure across Ethereum and BNB Smart Chain.<\/p>\n
\n Summary<\/span>\n <\/p>\n <\/p>\n According to Humanity Protocol\u2019s June 9 incident update, the attack originated after an employee\u2019s laptop was compromised, allowing the attacker to gain access to key holders tied to the project\u2019s bridge administration systems.<\/p>\n INCIDENT UPDATE:<\/p>\n Last night, June 8, the H token was hit by a coordinated attack across Ethereum and BSC. While we\u2019re still investigating this incident, we want to be transparent with our community about what happened.<\/p>\n As of right now, ~$36M+ has been stolen across both chains\u2026<\/p>\n \u2014 Humanity (@Humanityprot) June 9, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n The disclosure expands on an earlier statement from Humanity founder and CEO Terence Kwok, who had confirmed that private keys belonging to a Humanity Foundation member were compromised.\u00a0<\/p>\n At the time, the project warned users to avoid the Humanity bridge and related liquidity pools while an investigation was underway.<\/p>\n Details released by Humanity Protocol show that three of six Gnosis Safe owner keys controlling the Hyperlane bridge ProxyAdmin on Ethereum were compromised. Using those credentials, the attacker transferred ownership of the ProxyAdmin contract to a wallet under their control, upgraded the bridge contract to a malicious implementation, and moved about 141.2 million H tokens in a single transaction.<\/p>\n <\/p>\n On BNB Smart Chain, the attacker compromised three of five Safe owner keys and carried out a similar takeover of the bridge\u2019s ProxyAdmin contract. Humanity Protocol said the attacker then deployed a malicious contract containing an unlimited mint function and created 200,000,005 H tokens in two separate transactions.<\/p>\n Earlier on June 9, on-chain analyst Specter reported that more than 17 wallets connected to or interacting with Humanity Protocol had been drained. Initial estimates placed losses near $19 million before later blockchain trackers raised the figure above $30 million.<\/p>\n The attacker continues to drain hundreds of ethereum:0xcf5104d094e3864cfcbda43b82e1cefd26a016eb holders, with total losses now $20M + .<\/p>\n $9M has been swapped for ETH, while $9.9M remains in ethereum:0xcf5104d094e3864cfcbda43b82e1cefd26a016eb tokens and has yet to be swapped.<\/p>\n The\u2026 https:\/\/t.co\/ew5wtUmLuo<\/a> pic.twitter.com\/6QX8IbPWxh<\/a><\/p>\n\n
\n
Compromised bridge controls enabled token theft and minting<\/h2>\n
\n
![\"H\/USDT](\"https:\/\/media.crypto.news\/2026\/06\/image-99.webp\")
<\/figure>\n