Humanity Protocol blames H token exploit on developer machine compromise

Humanity Protocol said the exploit that hit its H token late Monday was caused by a compromised developer machine that exposed several private keys tied to the project’s token and bridge infrastructure.

In a post mortem update, the team said a colleague’s machine was infected with malware, giving the attacker root access to the device. Several production keys were inadvertently backed up on that machine during Humanity Protocol’s mainnet launch around June 2025, including an admin hot wallet key, three Ethereum Safe owner keys, and three BSC Safe owner keys.

The incident affected Humanity’s H token across Ethereum and BSC between June 8 and June 9.

The team said the attacker first stole about 6 million H from an admin hot wallet on Ethereum, then drained roughly 141 million H from the Ethereum bridge after taking control of its ProxyAdmin. The attacker also minted 300 million H on BSC after compromising three Safe owner keys tied to the BSC token’s ProxyAdmin.

The total impact reached about 447 million H across both chains, including the direct Ethereum theft, the bridge drain, and the newly minted BSC tokens. Humanity said the 15 million H initially moved into the Ethereum bridge was already included in the 141 million H bridge drain and should not be counted separately.