Humanity Protocol Says One Infected Device Exposed Seven Keys
Highlights:
- Humanity Protocol traced the breach to one malware-infected developer machine.
- Seven stolen keys enabled bridge drains and BNB Smart Chain minting.
- The attacker used valid credentials, not contract bugs, to move funds.
Humanity Protocol traced its June 8 security breach to a malware-infected developer machine. The project said in the incident report that the attacker gained root access to the device and collected seven private keys from one location.
Advertisement
The keys included an admin hot wallet key and three Ethereum Safe owner keys. They also included three BNB Safe keys. During the June mainnet launch last year, sensitive backups reached the device, creating one point of failure.
As a result, the attacker gained control over critical bridge and token administration paths. The project said the event did not come from a bridge flaw, token bug, or Safe design issue. Instead, the attacker signed valid transactions with stolen credentials. Therefore, transfers, Safe approvals, proxy upgrades, and minting activity looked authorized on-chain.
Humanity Protocol: Attacker Obtained Seven Private Keys From One Compromised Device
Humanity Protocol said in an investigation report that the June 8 attack was caused by a key compromise after a developer machine was infected with malware, giving the attacker full root access.… pic.twitter.com/0emLZH3dxi
— Wu Blockchain (@WuBlockchain) June 10, 2026
Humanity Protocol Report Traces Single Device Breach
The first movement hit an Ethereum admin hot wallet. After obtaining the key, the attacker drained 6.04 million H from that wallet. Next, the attacker used three stolen Ethereum Safe keys from a six-owner Safe. Those signatures met the required threshold, so the attacker transferred Bridge ProxyAdmin ownership to a controlled wallet.
The attacker then upgraded the bridge to a malicious implementation. In one transaction, the attacker drained 141.18 million H from the Ethereum bridge. The report said this step carried the required Safe approvals. Therefore, the chain recorded the action as an authorized upgrade, not a smart contract exploit.
BNB Smart Chain Minting Deepened the Damage
The attacker also used three compromised BNB Smart Chain Safe keys. With those keys, the attacker took control of the token ProxyAdmin. After that, the attacker deployed another malicious implementation. The attacker then carried out three separate mint transactions of 100 million H each.
Those mints added 300 million H on BNB Smart Chain. The token supply on that chain rose from about 141.1 million to 441.1 million H. Meanwhile, the Ethereum side suffered a major bridge drain. Together, the activity involved roughly 447 million H across Ethereum and BNB Smart Chain.
Earlier disclosures had linked the breach to compromised employee devices and stolen Safe keys. However, the new report narrowed the source to one developer machine. Investigators said the attacker likely collected all seven keys from that same device. However, details remain open.
The team has not identified the first access date. It has also not confirmed the infection method or the holding period for the stolen keys.
Recovery Efforts Now Focus on Affected Contracts
The project said the attacker still controls the bridge and token administration contracts. The report also described the BNB Smart Chain token position as unrecoverable, since the attacker can mint more tokens.
After the breach, the project halted deposits and withdrawals through affected bridges. It also launched a recovery tracker to follow stolen funds and related movements. Moreover, the team offered a $1 million USDT bounty for information that helps recover assets. The project previously said recovered funds would support H token buybacks.
This page has been shared with all CEXes/DEXes/Aggregators and will be continuously updated.
We are also offering a 1M $USDT bounty for any information leading to recovery and all recovered funds will be used for the buy back of $H.
Please contact recovery@humanity.org if you… pic.twitter.com/wROrgQ5uJK
— Humanity (@Humanityprot) June 9, 2026
Market pressure followed the incident. H had dropped sharply after the exploit before it posted a partial rebound. Currently, H is trading near $0.1776, down more than 35% over the last 24 hours.
eToro Platform
Best Crypto Exchange
- Over 90 top cryptos to trade
- Regulated by top-tier entities
- User-friendly trading app
- 30+ million users
eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment, and you should not expect to be protected if something goes wrong.
Advertisement
Raymond Munene
Raymond Munene is a crypto content writer who contributes to Crypto2Community. With over three years of experience, he is interested in Bitcoin, Blockchain, and Technical Analysis. Focusing on daily market analysis, his research helps traders and investors alike. His particular interest in cryptocurrency and blockchain aids his audience.
View full profile ›ℹ️About Crypto2Community's Editorial Process
Crypto2Community's editorial policy is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict editorial policy and sourcing standards, and each page undergoes diligent review by our team of top crypto industry experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
