Humanity Protocol Confirms Developer Machine Breach Sparks H Token Exploit

Humanity Protocol confirms a devastating cyberattack on its H token stemmed from a compromised developer workstation. Late Monday, malware granted an intruder root access to a machine containing critical production keys backed up during the June 2025 mainnet launch.

The breach exposed private keys for an Ethereum admin hot wallet and multi-signature Safe setups on both Ethereum and Binance Smart Chain. Between June 8 and June 9, the attacker leveraged these legitimate credentials to drain roughly 147 million H tokens across Ethereum networks and minted an additional 300 million H on BSC. The total compromised supply reaches approximately 447 million tokens.

The Binance Smart Chain deployment remains critically vulnerable, with the attacker retaining control of the token administrative functions. Humanity Protocol has officially classified the BSC token as permanently compromised. Meanwhile, a clean Ethereum multi-signature wallet successfully froze the Ethereum-side H token, securing roughly 87 million tokens on the unaffected Arbitrum bridge.

Protocol representatives emphasize the breach resulted from key exposure, not smart contract vulnerabilities. Forensic experts are now tracing the malware origin and timeline. A victim recovery program is underway. Following the breach, the H token experienced extreme volatility, shedding over seventy percent of its value to trade near twenty-one cents.