Overnight on June 8th, one of crypto's more ambitious identity projects lost somewhere between $30 million and $36 million in a matter of hours.

Humanity Protocol, a decentralized proof-of-humanity project built on the premise that cryptography can replace broken trust systems, became the latest example of what happens when humans in crypto make mistakes.

Here's what we know, what's still unclear, and what this incident tells us about where crypto security is still failing, decades later, in 2026.

What Happened: The Private Key Setup

Hyperlane is a cross-chain bridging protocol used by Humanity Protocol to move its native $H token between Ethereum and BNB Chain. Those bridges are controlled by Gnosis Safe multisignature wallets, meaning multiple keyholders have to sign off before any administrative action can be taken. It's a widely used and generally sound approach.

According to the team's official incident update posted on June 9, an employee's laptop was compromised. That compromise allegedly gave attackers access to enough private keys to meet the signing threshold on both multisigs: 3 out of 6 on Ethereum, and 3 out of 5 on BNB Chain.

With that access, the attackers did two things. First, on Ethereum, they transferred administrative ownership of the bridge contracts to their own wallet and upgraded them to a malicious implementation, draining approximately 141.2 million $H tokens (~$98-$103 million USD) in a single transaction.

On BNB Chain, had the same takeover process, but this time, the malicious upgrade included an unlimited mint function. The attackers minted 200 million additional $H tokens and swapped everything they could for ETH and BNB on decentralized exchanges before anyone could respond.

The team halted bridges, warned users to revoke contract approvals, and promised a full post-mortem. However, the attackers realized ~$31-$36 million USD in total from the entire operation.

The official post-mortem has not yet been published.

This is Where Things Get Complicated

The official explanation is that one compromised laptop yielded enough keys to breach the signing threshold on two separate multisignature wallets on two separate blockchains.

Multisig wallets exist precisely to prevent this.

The whole point of requiring 3 out of 6 signatures is that no single point of failure, no single laptop, no single person, should be able to authorize an action alone. If one laptop compromise is enough to collect three or more private keys, that means those keys were stored together, on the same device or connected systems, in a way that completely defeats the purpose of the architecture.

Among the most credible explanations: the keys were held in software wallets on a networked machine rather than on hardware devices with physical confirmation requirements. No timelocks were in place on contract upgrades, meaning once the attacker had the keys, nothing slowed them down. Additionally, there appears to have been no real-time monitoring that would have flagged the ProxyAdmin transfer before the drain completed.

What the Community Says

It would be incomplete to write about this incident without acknowledging what's being discussed on X. Alongside genuine (and relatable) sympathy for holders, a significant portion of the conversation involves allegations that this was not an external hack at all, but an insider event, potentially timed to token unlock schedules and preceded by attempts to sell large positions OTC in the days before the incident.

But these are just theories floating on CT, not established facts. On-chain analysis is ongoing and the full picture is not yet clear and is something the post-mortem will need to address directly.

The Real Lesson

The Humanity Protocol incident is not a story about a sophisticated exploit. There was no clever vulnerability in the core protocol code, no novel attack vector that nobody had anticipated. This was an administrative compromise. Someone got access to private keys that should never have been accessible from a single point of failure, and they used that access to take control of upgradeable contracts with no delay mechanism to stop them.

This is a pattern that is becoming more common As core smart contract code gets more audited and more battle-tested, attackers are increasingly targeting the human and operational layer instead. The weakest point in most crypto projects is not the code, it’s humans, and it’s the key management practices of humans.

The checklist that would have prevented this is not complicated.

  • Hardware wallets for signing keys, not software wallets on networked laptops.
  • Geographic and organizational separation of multisig keyholders, so no single device or single breach can reach threshold.
  • Timelocks on critical contract upgrades, giving the team and community time to detect and respond before damage is done.
  • Real-time monitoring of on-chain administrative actions.

These are basic security measures, for any company handling assets.

The harder question the industry needs to sit with is: how many other projects, right now, are one compromised laptop away from the same outcome?

What Comes Next

The Humanity Protocol team has committed to a full post-mortem, law enforcement involvement, and ongoing investigation. The $H token continues trading but remains heavily depressed. Bridges are halted and users who interacted with the affected contracts have been advised to revoke approvals immediately.

Whether the project recovers depends less on the technical rebuild and more on community. In crypto, trust is the product and community is the backbone of it. We’re mindful of the difficult situation everyone is in regarding this exploit and hope we can learn from it as an industry.

If you’re ready to up your security standards, head over to our website to find out how Ryder One can help you.

Meet Ryder One
Meet Ryder One

The only crypto wallet you can install on a crowded subway.
Set it up in less than 60 seconds and just tap your phone to send, swap, and recover.

Learn More