Overview
- The breach began on June 8 when attackers used stolen private keys to control bridge multisigs, draining about 141.2 million H from the Ethereum bridge in a single transaction.
- On BNB Smart Chain the attacker seized ProxyAdmin rights, deployed a malicious contract and minted roughly 200 million new H tokens that expanded supply under the exploiter’s control.
- Humanity Protocol estimates roughly $36M has been stolen across Ethereum and BSC and on‑chain trackers show the attacker swapped tens of millions of dollars of H into ether.
- The project has halted deposits and withdrawals on affected bridges, engaged security firms, coordinated with exchanges and law enforcement, and pledged a full post‑mortem and forensic investigation.
- The incident highlights a 2026 pattern of losses caused by key and privileged‑access failures rather than smart‑contract bugs and has left users facing large losses and thin liquidity that limits recovery options.