On June 8, unknown attackers compromised wallets associated with the Humanity Protocol project, causing an estimated loss of $31 million.
We’ve detected a security incident involving the compromise of private keys belonging to a member of the Humanity Foundation. As a precaution, please do not interact with the bridge or any liquidity pools until we confirm it’s safe.
We’re already working with security experts…
— Terence Kwok 「 🖐️ ✦ 🌏 」 (@terencekwok) June 9, 2026
According to the platform’s founder, Terence Kwok, the incident likely occurred due to the compromise of private keys belonging to an employee.
“As a precaution, please do not interact with the bridge or any liquidity pools until we confirm the safety of operations,” he added.
Humanity is a DeFi identification protocol based on zkEVM, focused on identity proof using palm biometrics.
Following the attack, the platform’s native token, H, plummeted nearly 90% in a day, from $0.7 to $0.08. By the time of writing, the asset had recovered to $0.2.
According to analysts at Specter, the hacker managed to gain control over several dozen Humanity wallets and withdrew H tokens from them.
The attacker continues to drain hundreds of ethereum:0xcf5104d094e3864cfcbda43b82e1cefd26a016eb holders, with total losses now $20M + .
$9M has been swapped for ETH, while $9.9M remains in ethereum:0xcf5104d094e3864cfcbda43b82e1cefd26a016eb tokens and has yet to be swapped.
The… https://t.co/ew5wtUmLuo pic.twitter.com/6QX8IbPWxh
— Specter (@SpecterAnalyst) June 8, 2026
The attacker exchanged coins through Kyber Network and PancakeSwap, as well as other decentralized exchanges. Additionally, the perpetrator issued 100 million H, which were then swapped for BNB.
Meanwhile, on-chain researcher ZachXBT questioned the team’s explanation. He suggested the incident might be linked to a dishonest market maker.
“I don’t believe the team’s version. It’s a convenient way for an active market maker to exit the game,” he noted.
Back in May, ZachXBT suspected an attack on a Polymarket-related UMA CTF Adapter contract on the Polygon network. The platform’s team confirmed they were aware of the incident.