One Compromised Laptop Cost Humanity Protocol $36 Million – Here’s What We Know

TLDR

• An employee’s laptop was compromised, exposing private keys to Humanity Protocol’s bridge contracts.
• Attackers used three of six multisig keys to take control of token bridges on Ethereum and BNB Chain.
• Around 141 million H tokens were drained on Ethereum, and 200 million tokens were minted on BNB Chain.
• The H token dropped over 85%, falling from around $0.67 to a low of $0.05.
• Blockchain investigators flagged unusual pre-attack wallet activity, but no definitive link to an insider has been confirmed.

Humanity Protocol disclosed on Tuesday that an attacker stole over $36 million worth of its native H token after gaining access to private keys stored on a compromised employee laptop.

The protocol runs token bridges that allow H tokens to move between Ethereum and BNB Chain. To protect those bridges, Humanity used multisignature (multisig) wallets — a system that requires approvals from multiple private keys before any transaction or contract change can go through.

Founder Terence Kwok said the setup was distributed across four individuals, as intended. But during setup, some of the keys were accidentally backed up onto a single device that was later compromised.

How the Attack Played Out

On Ethereum, the attacker obtained three of six keys linked to the bridge admin account. That was enough to take control. They replaced the legitimate bridge contract with a malicious version and drained roughly 141.2 million H tokens in a single transaction.

On BNB Chain, attackers accessed three of five keys. They added an unlimited mint function to the bridge contract and used it to generate 200 million new H tokens, which were sent directly to their own wallet.

The team halted deposits and withdrawals on the affected bridges after discovering the breach.

Token Price and Market Impact

The H token had been climbing in the weeks before the attack, rising from around $0.20 to $0.70. After the exploit was disclosed, the price collapsed to roughly $0.05 — a drop of more than 85%.

The token later recovered toward $0.20, but the damage was done. Humanity Protocol’s team page was also removed from the official website following the incident.

Questions Around the Attack’s Origins

Blockchain investigator ZachXBT initially questioned whether unusual market-making and over-the-counter activity involving H tokens was connected to the attack. He later said those activities appeared separate from the key compromise.

Researcher Elton Shehdula of Allium Labs said the on-chain pattern pointed to a more planned operation. He noted that wallets involved in the attack were funded from an exchange and a mixer weeks in advance. The attacker also appeared to “warm up” minting access days before the actual exploit, and the drain happened across both chains at the same time.

Shehdula said the level of preparation was consistent with either an insider or an outside actor who had held the compromised key quietly for some time.

Cyvers security lead Hakan Unal said the on-chain evidence remains mixed. He said a genuine outside hack tends to show rushed behavior — funds moved to fresh wallets, swaps at poor prices, and mixer use. A staged event may show more orderly timing, especially near token unlocks or vesting dates.

As of now, Humanity Protocol says it is working with exchanges and other parties to investigate recovery options. The cause of the original laptop compromise has not been publicly disclosed.

The post One Compromised Laptop Cost Humanity Protocol $36 Million – Here’s What We Know appeared first on CoinCentral.