Humanity Protocol Breach Sparks $32M Loss, H Token Plunges 90%

Humanity Protocol, a biometric blockchain identity project whose H token had been among crypto's standout performers in 2026, suffered a major security incident on June 9. Roughly $32 million was drained and H fell about 90% within hours. Onchain analysts flagged suspicious movements spanning more than 17 wallets. The episode quickly drew scrutiny from prominent investigator ZachXBT, who publicly questioned whether the event was a genuine external hack or a coordinated insider exit, amplifying market distrust. Two-phase exploit Investigators say the attack played out in two stages. First, the attacker minted 100 million H tokens, emptied related wallets, and swapped about $23.7 million into ETH across multiple addresses. Around $7.9 million in H remained onchain, based on Arkham Intelligence's flagged data. The activity then shifted to BNB Chain. Blockaid's monitoring indicated the H token's proxy admin contract was seized, enabling the minting of another 100 million H tokens—estimated at about $12.9 million—to a new wallet. Project response Humanity Protocol confirmed the incident in an official post on X, stating that private keys belonging to a Humanity Foundation member had been compromised. The team advised users not to interact with the bridge or any liquidity pools until further notice, adding that updates would come only from the main project account or cofounder Terence Kwok's personal account. Why suspicion escalated While the initial details aligned with a typical private-key compromise, ZachXBT pointed to patterns he said were atypical for an outside attacker. He highlighted apparent token supply concentration and noted that sales were executed on decentralized exchanges instead of leveraging centralized venues for liquidity, suggesting possible coordination with an 'active market maker.' He described the incident as 'possibly staged,' arguing it could offer a clean exit route, and called for disclosure of any market-making arrangements tied to the Hong Kong entity behind the project. ZachXBT later moderated parts of his assessment after additional onchain review suggested the private-key compromise and market-maker concerns may be unrelated. Even so, the public challenge from one of the sector's most-followed onchain investigators compounded reputational damage. Context adding to the pressure H had surged roughly 875% from its 2026 low before the crash, according to BanklessTimes. The sharp run-up followed by a sudden 90% collapse has heightened alarm. Market participants have also focused on a scheduled token unlock on June 25, about two weeks after the incident, which some view as convenient timing ahead of major vesting-related supply increases. Additional reports have raised governance concerns, citing that three of the project's four cofounders have past histories involving lawsuits, allegations of financial misconduct, and management controversies. Internal figures reportedly indicated that only about 1 million of roughly 9 million registered identities had completed the biometric verification central to Humanity Protocol's value proposition. What to watch Onchain evidence continues to be collected and reviewed. Whether the episode ultimately proves to be a third-party compromise or a coordinated insider exit remains unresolved. What is clear: about $32 million was drained, H's market value has cratered, and the project's community is left with unanswered questions and shaken confidence. Image credits: cover from Grok; ETHUSD chart from TradingView.