Humanity Protocol’s H token crashed over 80% after a security breach compromised project keys, leading to a theft exceeding $36 million. The attack, which involved draining and maliciously minting tokens, followed an employee laptop compromise. This incident adds to a severe year for DeFi security, with hundreds of millions already lost to exploits in 2026.
The native token H collapsed more than 80% after attackers compromised private keys tied to Humanity Protocol, seizing bridge controls and stealing over $36 million across Ethereum and BNB Chain. In a detailed thread, the project stated the coordinated attack was traced to a breach occurring *”after an employee’s laptop was compromised.”*
Attackers drained about 141.2 million H and minted another 200 million through malicious contract upgrades after seizing control. The token’s value plummeted from a high near $0.73 to a low of approximately $0.08, erasing most of its recent gains.
Founder Terence Kwok confirmed the breach and warned users, stating, “We’ve detected a security incident involving the compromise of private keys belonging to a member of the Humanity Foundation.” The team has halted bridge activity and is working with exchanges and law enforcement to recover the stolen funds.
According to DeFiLlama data, this breach extends one of the worst stretches for DeFi security, with over $885 million lost to hacks in the first half of 2026. Meir Dolev, CTO at Cyvers, characterized the incident as “an operational security failure, not a smart-contract bug.”
Dolev explained the attacker abused admin functions to mint new tokens and swap them for other cryptocurrencies. He noted the core failure was structural, with one key trusted “with both the funds and the power to rewrite the rules.”
On-chain sleuth ZachXBT initially flagged the event as possibly staged but later walked back the claim. After further analysis, he stated the suspicious market activity and the private key compromise appeared to be independent.
