私鑰外洩炸裂！Humanity Protocol 遭駭逾 3,200 萬鎂，H 幣跌 90%

Decentralized Identity Project Humanity Protocol Suffered a Private Key Leak on June 9, Attackers Take Full Control of H Token Management Permissions on BSC, Not Only Draining 17 Related Wallets and Stealing Over $32 Million, But Also Maliciously Minting 100 Million H Tokens and Selling Them All, Causing the Token Price to Crash from $0.67 to a Low of $0.05, Nearly 90% Drop in a Single Day. Founder Terence Kwok Has Confirmed the Incident and Urged Users to Pause Interactions with Cross-Chain Bridges and Liquidity Pools.
(Background Recap: Solana Ecosystem Perp DEX Protocol Drift Protocol Hit by $220 Million Hack! $DRIFT Plunges 30% in Response)
(Additional Context: OpenAI Founder Project — Worldcoin Announces Launch of Mainnet and Iris Scanning Devices)

Table of Contents

Toggle

• Private Key Leak of Foundation Member, Attackers Fully Take Over H Token
• From Palm Scan New Star to Total Collapse: What Is Humanity Protocol?
• 2026 Private Key Attack Wave: From Drift to Kelp DAO, Human Errors Become the Biggest Vulnerability

A private key leak event dealt a devastating blow to the decentralized identity project Humanity Protocol on June 9. Attackers exploited the leaked foundation member’s private key to gain complete management permissions over the H token on BSC, not only draining 17 related wallets and stealing over $32 million worth of assets but also maliciously minting 100 million H tokens (about $11 million) and selling them all on-chain, triggering a price collapse.

According to on-chain data reviewed by CoinDesk, the attack is still ongoing. The H token price plummeted from about $0.67 before the incident to around $0.13, with a peak low of $0.05 during trading, a single-day decline of nearly 90%. As of press time, it hovers around $0.13, with an intraday drop of approximately 82%.

Private Key Leak of Foundation Member, Attackers Fully Take Over H Token

Humanity Protocol founder Terence Kwok confirmed on X that the incident originated from a leaked private key of a Humanity Foundation member. After obtaining the private key, the attacker gained management permissions over the H token contract on BSC, enabling them to mint new tokens at will and manipulate contract parameters.

On-chain monitoring platform Onchain Lens shows that the attacker’s related address has stolen over $31 million from protocol-related wallets, and the theft is still ongoing. The attacker is converting the stolen H tokens into ETH for cashing out while also minting and selling 100 million H tokens on BSC, creating double selling pressure that causes the token price to spiral downward.

The Humanity team has urgently urged users not to interact with their cross-chain bridge and any liquidity pools until security is confirmed, and stated they are working with cybersecurity firms and exchange partners to handle the incident.

From Palm Scan New Star to Total Collapse: What Is Humanity Protocol?

Humanity Protocol is a decentralized identity (DID) protocol based on palm-scan biometric technology, using zero-knowledge proofs (ZKP) to allow users to verify “I am a real person” without revealing private data. It is seen as a direct competitor to Sam Altman’s Worldcoin (now called World).

Unlike Worldcoin’s iris scanning, Humanity Protocol chooses palm vein patterns as biometric features, emphasizing a low-threshold approach that “does not require expensive dedicated hardware and can be completed with a smartphone.” The project has previously received backing from several well-known venture capital firms and is highly anticipated in the DID space.

However, no matter how grand the technological vision, a single private key management mistake at the foundation level can cause all assets to vanish instantly. This incident once again proves: in the crypto world, the most vulnerable link is often not the code but the people.

2026 Private Key Attack Wave: From Drift to Kelp DAO, Human Errors Become the Biggest Vulnerability

Humanity Protocol is not an isolated case. 2026 has become known as the “Year of Private Key Attacks.” In April alone, Solana’s largest perpetual contract exchange Drift Protocol lost about $285 million due to a management private key theft; in the same month, liquidity staking protocol Kelp DAO was hacked for approximately $292 million after a single validator bridge’s private key was leaked.

From smart contract vulnerabilities to poor private key management, attack vectors on-chain are shifting paradigms. Previously, hackers targeted code logic flaws (such as reentrancy attacks and flash loan exploits); now, the most effective method is to steal the keys that control everything. For project teams, establishing multi-signature (multisig), decentralized key management, and internal permission hierarchies is no longer “nice to have” but a matter of life and death infrastructure.

As of press time, the Humanity Protocol team has not announced specific plans for asset recovery or user compensation. The H token price remains highly volatile, and we will continue to monitor subsequent developments.