Humanity Protocol Traces $36M Hack to Single Malware-Infected Machine That Held Seven Keys - "The Defiant"

Humanity Protocol published a forensic incident report Tuesday tracing its $36 million breach to a single malware-infected developer machine that stored backups of seven private keys, giving an attacker unilateral control over the protocol's Ethereum and BNB Smart Chain infrastructure.

The keys, inadvertently backed up to the device during Humanity's mainnet launch around June 2025, included the admin hot wallet key, three Ethereum Safe owner keys, and three BNB Smart Chain Safe owner keys, according to the incident report published on the protocol's Notion page.

Investigators say the attacker gained root access to the machine via malware, then extracted all seven keys from a single point of compromise. As The Defiant reported Monday, the breach resulted in roughly 447 million H tokens stolen or minted across both chains and an estimated $36 million in losses.

The protocol said the breach carried no bug in its bridge contracts, token contracts, or Safe architecture. All transfers, Safe transactions, and proxy upgrades carried valid private key signatures, making each action appear as an authorized operation.

The attack proceeded in three waves between June 8 and June 9. First, 6.04 million H were drained from an Ethereum admin hot wallet after its key was compromised. The attacker then used three of the six Ethereum Safe owner keys to seize ProxyAdmin ownership of the bridge, upgraded the bridge to a malicious implementation, and drained 141.18 million H in a single transaction.