Humanity-linked H token plunges after private-key leak, wallet drain and heavy selling
Humanity says leaked production signing keys backed up on a development machine, not smart contract flaws, caused the breach; more than $36 million in H was stolen and sold as recovery, compensation and token updates are prepared.
Humanity Protocol said a June 9 security incident that sent its H token sharply lower was caused by leaked production signing keys and malware on a developer device, not vulnerabilities in its smart contracts, bridge, token or Safe system. The project said more than $36 million in H on Ethereum and BNB Chain was stolen and sold after attackers transferred about 141.2 million H on Ethereum and minted 200 million H on BSC, while retaining ProxyAdmin control over the ETH bridge and the BNB Chain token. Humanity said the attacker obtained an admin hot wallet private key and six Gnosis Safe signer keys, that deposits and withdrawals for affected bridge services were suspended, and that external security firms are conducting forensics as the team prepares user recovery or compensation plans and token contract updates. On-chain analysts had earlier estimated losses at roughly $32 million to $34 million and reported additional minting and heavy selling as liquidity collapsed.
- Gnosis Safe signer keys: Private keys held by authorized signers of a multi-signature wallet, where several approvals are needed to execute transactions.
- ProxyAdmin: An administrative control contract that can manage or upgrade certain proxy-based smart contract systems.
- production signing keys: Private keys used to authorize live blockchain transactions and administrative actions in deployed systems.