'Chinese Worldcoin' Crashes 85% After $36 Million Private Key Hack: What Happened to the Humanity Protocol?
Share
Key Takeaways
H token crashed roughly 85% on June 9, falling from about $0.70 to near $0.08 in 12 hours.
Humanity Protocol says $36 million or more was stolen across Ethereum and BNB Chain. Trackers logged $30 million to $32 million mid-theft.
Root cause was an employee laptop breach, not a smart contract bug, leading to multisig key theft.
Attackers seized three of six Gnosis Safe keys on Ethereum and three of five on BSC, then took ProxyAdmin control of the bridges.
Humanity Protocol, the palm-scanning identity project often branded the “Chinese Worldcoin,” saw its H token collapse by roughly 90% on June 9 after attackers seized control of its cross-chain bridges and drained tens of millions of dollars in a single coordinated raid.
The token fell from about $0.70 to near $0.08 over roughly 12 hours, with some trackers logging a brief touch as low as $0.05.
That wipeout erased nearly all of a recent rally that had carried H to record highs and exposed how fragile the project’s foundations were beneath the marketing.
The team now says the damage exceeds early estimates. In a detailed thread, Humanity Protocol confirmed that around $36 million or more had been stolen across Ethereum and BNB Chain and dumped into the market.
What Happened in the Humanity Protocol Hack
The breach did not exploit a smart contract bug, but it exploited people.
Humanity Protocol traced the incident to a compromise that began after an employee’s laptop was breached. That single foothold handed attackers access to the signing keys controlling the project’s bridge infrastructure, the machinery that moves H tokens between blockchains.
From there the raid escalated within hours, and onchain investigators flagged the drains almost in real time.
Humanity Protocol: Attacker Obtained Seven Private Keys From One Compromised Device
Humanity Protocol said in an investigation report that the June 8 attack was caused by a key compromise after a developer machine was infected with malware, giving the attacker full root access.… pic.twitter.com/0emLZH3dxi
The attacker did not sit on the loot. Analysts watched the exploiter offload stolen H into the open market and convert it into Ethereum, with one estimate putting roughly $23.7 million in stolen assets already swapped into ETH, while millions more in H remained under the attacker’s control.
The exploiter routed large H swaps through automated market makers and aggregators, including Kyber Network and PancakeSwap, turning the bridge breach into relentless sell pressure that drove the price into freefall.
Every block brought fresh tokens hitting the market, and ordinary holders had no way to front-run an attacker selling into thin liquidity.
How Attackers Seized the Bridge Contracts
The Humanity Protocol incident was not caused by a flaw in the smart contract code itself. Instead, it stemmed from a compromise of the project team’s private keys.
Attackers infected a developer’s laptop with malware, exposing several critical private keys stored on that device. These keys controlled Gnosis Safe multisignatures that governed the upgrade permissions for the project’s token bridges on Ethereum and BNB Smart Chain.
Step-by-Step Attack Execution
1. Gaining Multisig Control
The bridges relied on Hyperlane infrastructure using upgradeable proxy contracts (specifically ProxyAdmin contracts) owned by Gnosis Safes.
On Ethereum, the attackers obtained 3 out of 6 owner keys.
On BSC, they secured 3 out of 5 keys.
This was enough to meet the required threshold and execute transactions from the Safes.
Threat Actors in the Humanity Protocol attack. | Source: Humanity Protocol
2. Transferring Ownership
Using the compromised keys, the attackers submitted Safe transactions that transferred ownership of the ProxyAdmin contracts to wallets they controlled.
3. Upgrading to Malicious Implementations
Once they owned the ProxyAdmin, they upgraded the bridge proxy contracts to new malicious versions. These upgraded contracts contained backdoors, including functions that allowed unlimited minting of H tokens and direct draining of bridged funds.
4. Executing the Theft
On Ethereum, attackers first drained funds from an admin hot wallet, followed by a massive withdrawal of roughly 141 million H tokens from the bridge.
On BSC, they minted over 200 million H tokens through the compromised bridge contract. They quickly swapped large portions of the stolen and newly minted tokens for ETH and BNB on decentralized exchanges, causing the H token’s price to crash dramatically.
The project responded by using unaffected multisignature wallets to freeze the Ethereum token contract and limit further damage. Other chains like Arbitrum reportedly remained secure.
Humanity has been exploited, with losses exceeding $30M. | Source: @lookonchain
Core Reason for the Breach
This was fundamentally an operational security failure. Multiple high-privilege keys were kept on a single laptop rather than being properly separated across hardware wallets, air-gapped environments, or distributed among trusted parties with strict access controls.
Malware on that device gave attackers everything they needed to take over the administrative controls.
Incidents like this highlight why robust key management and separation of duties remain critical for any project managing cross-chain bridges and upgradeable contracts.
The team has since collaborated with security experts to investigate and contain the breach.
Humanity Protocol’s Response to the Hack
The project team, led by founder Terence Kwok, quickly acknowledged the security incident and attributed it to the compromise of private keys from a single developer’s laptop infected with malware.
They emphasized that this was not due to any vulnerability in their smart contracts, bridge code, or Gnosis Safe setup.
Key Actions Taken
Paused operations: Immediately halted all deposits and withdrawals on the affected bridges (Ethereum and BSC) as a precaution. Users were advised not to interact with the bridges or related liquidity pools until further notice.
Contract mitigation: Used unaffected multisignature wallets to freeze the Ethereum H token contract and limit additional damage.
Collaboration: Worked with external security experts for forensic investigation, coordinated with exchanges to track and potentially freeze stolen funds, and involved law enforcement (police) to aid in recovery efforts.
We're aware of a security incident involving the compromise of private keys belonging to a member of the Humanity Foundation. The safety of our community is our top priority, and we want to be fully transparent about what we know. As a precaution, please do NOT interact with the…
The team expressed deep regret and apologized to the community. Kwok stated on X:
“We’ve detected a security incident involving the compromise of private keys belonging to a member of the Humanity Foundation. As a precaution, please do not interact with the bridge or any liquidity pools until we confirm it’s safe.”
The team mentioned they are developing a recovery plan for affected parties. As of the latest updates, no stolen funds have been recovered, and the focus remains on containment, investigation, and supporting impacted holders.
The project continues to provide regular updates through its official X account (@Humanityprot) and founder Terence Kwok.
Who Is Behind Humanity Protocol
Humanity Protocol is primarily driven by Terence Kwok, its founder and public face.
Founder: Terence Kwok
Background: Hong Kong-based tech entrepreneur. He previously founded Tink Labs in 2012, a company that provided “Handy” smartphones for hotel guests. Tink Labs became one of Asia’s early unicorns after raising significant funding (including from SoftBank).
Role: He leads the vision for Humanity Protocol, focusing on decentralized identity using palm vein biometrics, zero-knowledge proofs, and blockchain to verify real humans while preserving privacy.
He remains actively involved as the project’s founder and has been communicating directly during recent events, including the bridge hack.
Key Supporting Figures & Foundation
Yeewai Chong: Serves as interim CEO of the Humanity Foundation. He has a background in investment (Morgan Stanley, Ortus Capital) and holds a Ph.D. in economics from Stanford.
Yat Siu (Chairman of Animoca Brands): Founding director of the Humanity Foundation and a key advisor/influencer in the project.
Mario Nawfal (Founder of International Blockchain Consulting) is also a founding director of the Humanity Foundation.
Backers and Investors
Humanity Protocol has raised roughly $50 million across funding rounds and achieved unicorn status (a valuation of around $1.1 billion following a 2025 round). Notable investors include:
Pantera Capital and Jump Crypto (co-led a $20M round)
Angel/backer support from figures like Sandeep Nailwal (Polygon co-founder)
Why the Timing Raises Questions
The timing of the Humanity Protocol hack has sparked significant skepticism in the crypto community. The attack occurred just two weeks before a major investor token unlock scheduled for June 25, which would have flooded the market with new supply.
Following a massive 875% price surge earlier in the year, driven by heavy promotion, the hack triggered an immediate 90% crash. This sequence allowed large holders and market makers to potentially exit positions with minimal additional selling pressure from the upcoming unlock.
Prominent onchain investigator ZachXBT initially suggested the incident appeared possibly staged as a convenient exit route, noting the dumps occurred mainly on DEXes. Although he later softened his stance, the rapid execution across chains and the project’s prior issues with bot registrations have kept doubts alive.
You choose to crime pump your token for weeks with zero fundamentals and think CT will blindly trust your story?
Disclose your active MM agreements with the HK entity first….
He questioned how the project lost around $31 million despite multiple multisig keys allegedly being stored on a single developer’s laptop, calling the security setup highly suspicious.
Humanity Protocol founder (@terencekwok) took $60K from a $100K InfoFi rewards campaign for himself
The same protocol that paid Chinese scam KOLs has now suffered a $31M exploit
Additionally, he pointed to past controversies involving founder Terence Kwok, including allegations that the founder personally took funds from a rewards campaign and that the project paid Chinese KOLs for promotion, suggesting a pattern of questionable practices. His comments used skeptical tones to imply that the official explanation of the hack raised many red flags.
While the technical explanation of a compromised developer laptop remains plausible, the alignment with classic exit patterns has left many questioning whether the breach provided cover for damage control or strategic liquidation.
Full transparency and a detailed post-mortem are now demanded by the community.
Bigger Picture: Private Key Hacks Dominate 2026
In 2026, private key compromises emerged as the leading cause of major crypto losses, surpassing traditional smart contract exploits.
While code vulnerabilities still occur, the majority of high-value incidents involve attackers gaining control of administrative or treasury keys through malware, phishing, or social engineering — often targeting developers or team members.
Notable examples include:
Drift Protocol ($285M loss) via a sophisticated, months-long operation targeting admin keys.
Kelp DAO ($292M) is linked to compromised bridge validators.
Multiple bridge and treasury hacks, such as Resolv Labs, Step Finance, and IoTeX ioTube, stemming from stolen private keys.
The Humanity Protocol incident fits this pattern perfectly: attackers seized control via keys stored on a single laptop, upgraded bridge contracts, and drained funds.
Security reports show private key compromises accounted for a massive share of stolen funds in early 2026, with losses reaching hundreds of millions across DeFi and bridges. This trend highlights a persistent industry weakness — human and operational security.
Even with audited smart contracts and multisig wallets, poor key management (centralized storage, insufficient separation, or device vulnerabilities) creates exploitable single points of failure. As projects grow, the attack surface shifts from code to people and processes.
The message for 2026 is clear: robust key custody, hardware isolation, distributed multisigs, and continuous team security training are now essential defenses. Without them, even well-funded projects remain highly vulnerable.
H token crashed roughly 85% on June 9 after attackers seized control of the project’s cross chain bridges and drained tens of millions of dollars. Its price fell from about $0.70 to near $0.08 in roughly 12 hours, wiping out a recent rally to record highs.
How did hackers steal from Humanity Protocol?
Hackers did not exploit a smart contract bug. They breached an employee laptop, compromised a majority of the multisig keys controlling the bridge contracts, then took over the ProxyAdmin and swept funds across Ethereum and BNB Chain. On BSC they also deployed a malicious contract with an unlimited mint function and minted hundreds of millions of fresh H.
How much did Humanity Protocol lose in the hack?
Figures vary as funds were still moving during the theft. Humanity Protocol’s own thread puts the loss at around $36 million or more across both chains, while several on chain trackers estimated closer to $30 million to $32 million.
Is Humanity Protocol the same as Worldcoin?
No, though it competes directly with it. Humanity Protocol verifies users with palm scans rather than the iris scans Worldcoin uses, and its Hong Kong rooted leadership under founder Terence Kwok earned it the “Chinese Worldcoin” nickname
Disclaimer:
The information provided in this article is for informational purposes only. It is not intended to be, nor should it be construed as, financial advice. We do not make any warranties regarding the completeness, reliability, or accuracy of this information. All investments involve risk, and past performance does not guarantee future results. We recommend consulting a financial advisor before making any investment decisions.
Dr. Guneet Kaur is a senior editor at CCN.com and a Science Fellow at Exponential Science. She is a fintech and blockchain expert with extensive experience in digital finance education, blockchain ecosystems, and cryptocurrency markets. She has worked with global media such as Cointelegraph, as well as education and blockchain platforms, to design and lead strategic content and learning initiatives. As an educator and assessor for top-tier executive programs, she bridges real-world fintech trends with academic insight.
Dr. Kaur is also a published researcher and peer reviewer across fintech and data science journals, including Financial Innovation Journal and International Journal of Big Data Intelligence and Applications. Her work spans data-driven analysis, Web3 innovation, and technical content development. With a strong foundation in both industry and academia, she translates complex financial technologies into practical applications, empowering learners, professionals, and institutions across the rapidly evolving digital finance landscape.
Easy 
