Humanity was hacked for $31 million, causing its cryptocurrency price to plummet by 90%: Was it a hack or a staged attack?

Foresight News
Foresight News
  • On June 9, Humanity Protocol suffered a private key leak attack, with hundreds of wallets drained and losses exceeding $31 million.
  • The attacker swapped some H tokens for ETH and likely minted 100 million H tokens to dump for BNB.
  • H token price plunged over 90% in 24 hours, wiping out more than $1.9 billion in market cap.
  • On-chain detective ZachXBT suspects an inside job, as tokens were dumped on DEXs rather than CEXs.
  • The project was already controversial: 88% of users were bots, accused of being a knockoff, and collecting palm prints.
  • Founder Terence Kwok previously ran Tink Labs, which burned through $170 million before bankruptcy.
  • The incident highlights poor private key management, lack of multisig, and no user compensation plan.
Summary

Written by: ChandlerZ, Foresight News

On June 9th, according to on-chain analyst Specter, wallets that had interacted with the digital identity project Humanity were under continuous attack. Hundreds of addresses holding H tokens have been compromised, with total losses exceeding $31 million. Approximately $9 million has been converted to ETH, while about $9.9 million remains in the form of H tokens.

Humanity founder Terence Kwok subsequently confirmed a security incident involving the disclosure of a foundation member's private key. As a precaution, he advised users to temporarily refrain from interacting with the Humanity cross-chain bridge or any liquidity pools until further security is confirmed. The team is working with security experts and exchange partners to address the issue and will continue to update the community on the progress.

The price of H token plummeted from around 0.7 USDT to a low of 0.052 USDT, a drop of over 90% in 24 hours. As of press time, H was trading at 0.1368301 USDT, with its market capitalization falling from $2 billion to around $35.7 million.

As of 11:00 AM on June 9th, the attackers are suspected of minting 100 million Humanity Protocol tokens H and are currently selling them for BNB.

Chain detective ZachXBT tweeted that he is skeptical of the attack Humanity suffered today, believing the incident may have been orchestrated by the team or related parties. He noted the project's highly concentrated token supply and the fact that all H tokens were sold off on DEXs rather than CEXs after the attack, suggesting that market makers (MMs) used a "hacking attack" as a pretext to facilitate large-scale exits of their positions.

A project that has not truly "proved human nature"

Founded in 2024, Humanity Protocol positions itself as a decentralized digital identity network. Its core selling point is using palmprint biometrics and zero-knowledge proofs to verify whether a user is a real person. The project is built on Polygon CDK (zkEVM) and claims to solve problems such as Sybil attacks, fake accounts, and AI-generated identities without exposing personal information.

This narrative attracted significant capital attention in 2024, with Humanity Protocol completing two rounds of financing totaling $50 million. The seed round raised $30 million, valuing the company at $1 billion, with investors including Kingsway Capital, Animoca Brands, Blockchain.com, and Shima Capital. A further $20 million round in January 2025, led by Pantera Capital and Jump Crypto, raised the valuation to $1.1 billion.

The Humanity Foundation also brings together many prominent figures, led by Yat Siu, Chairman of Animoca Brands, with co-founders including Mario Nawfal, founder of an international blockchain consulting firm, and Yeewai Chong, a senior investment expert at Morgan Stanley and Ortus Capital.

On June 25, 2025, the H token was launched via the Fairdrop mechanism, touted as the first token distribution in Web3 history exclusively to verified real users. However, two days after its launch, DL News reported a leaked conversation between the founders. In the conversation, Kwok admitted that of the 9 million Human IDs created on the network, only about 1 million had completed biometric verification, meaning that as many as 88% of users were likely bots.

Furthermore, according to users on the X platform SCoin (@LianFang_) and AB Kuai. Dong (@_FOR AB), Humanity Protocol (H) may be a "domestic project in disguise." The app's code library still contains images of Shenzhen access control manufacturer Zhangteng, raising questions about its authenticity. Netizens claim that its social media buzz is largely orchestrated by the project team's alt accounts, raising doubts about actual user participation.

AB Kuai.Dong stated that those who have previously verified with Humanity should be cautious. Zhangteng Information is backed by a Shanghai-based outsourcing company specializing in full-service identity verification outsourcing. Furthermore, whistleblower SCoin claims the project collects large amounts of users' palm print information, raising privacy and security concerns.

This was fatal for a project whose core value proposition was "proving humanity." The H token plummeted by more than 61% within two days of its launch, falling from around $0.05 to a low of $0.018.

The founder's previous unicorn burned through $170 million.

Terence Kwok's personal background also adds a layer of risk to this project. In 2012, at the age of 20, Terence Kwok dropped out of the University of Chicago. After receiving a $900 roaming bill during a trip, he founded Tink Labs, providing free smartphones (branded as Handy) in hotel rooms for guests to use abroad instead of incurring hefty roaming fees. This concept initially impressed the capital market, and Tink Labs raised $170 million from Foxconn, SoftBank, Innovation Works, and the founder of Meitu, reaching a valuation of $1.5 billion and becoming Hong Kong's first unicorn. At its peak, Handy devices covered 82 countries and 600,000 hotel rooms worldwide.

Kwok's aggressive expansion strategy quickly encountered real obstacles. Global roaming fees continued to decline, hotels were unwilling to pay for Handy devices, and the company began to lose money in 2017. According to the Financial Times, SoftBank cut off funding to key projects after discovering that Tink Labs might be diverting funds from its Japanese joint venture to other loss-making markets. In July 2019, more than 100 employees in its European, Middle Eastern, and African offices did not receive their salaries. Laid-off employees smeared cake on the walls and floors when they left the Oxford office. On August 1, Tink Labs officially closed, and in January 2020, it entered bankruptcy liquidation proceedings. A former human resources executive told the FT that Kwok only cared about "making money," and its $170 million investment evaporated.

Six years later, Kwok returned to the market with Humanity Protocol, once again securing a unicorn valuation from Pantera Capital and Jump Crypto.

Private key management: an old problem with new costs

Based on current information, this attack did not involve smart contract vulnerabilities or protocol-level security flaws. The attacker obtained a foundation member's private key, representing a failure of the most traditional security management.

The security situation in the crypto industry was already severe in 2026. According to CCN statistics, in the first four months of 2026, DeFi hacks caused losses exceeding $1 billion, and most of the stolen funds remain unrecovered. The $286 million attack on Drift Protocol on April 1st was the largest single incident this year. Attackers are increasingly targeting validators, RPC nodes, and governance systems, rather than just smart contract vulnerabilities. However, private key breaches remain one of the most devastating attack types because they bypass all on-chain security mechanisms and directly gain control of assets.

For a project that has faced controversy over 88% of its users being bots and whose token has plummeted by over 90% from its peak, a $31 million private key breach could be the final blow that breaks trust. As of press time, Kwok stated that the team is working with security experts and exchange partners to address the issue, but made no mention of any user compensation plan or explained why the foundation members' private keys were not protected with basic safeguards such as multi-signature or hardware isolation.

Share to:

Author: Foresight News

Opinions belong to the column author and do not represent PANews.

This content is not investment advice.

Image source: Foresight News. If there is any infringement, please contact the author for removal.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANewsCN
Recommended Reading
PA一线

PA一线

Bitcoin volatility continues to decline, and this cycle is approximately two-thirds of the previous one.
PA一线

PA一线

Security agency: Token of Power liquidity pool suffers approximately $1.58 million loss due to malicious attack.
PA一线

PA一线

OKX Wallet becomes a co-author of the ERC-8183 standard, participating in defining the on-chain business rules for AI Agents.
PA一线

PA一线

Serenity specifically named several small- to mid-cap "AI concept stocks," stating that they may have higher return potential.
PA一线

PA一线

Address "0x97f8" significantly shorted S&P 500 contracts on-chain, with a notional size exceeding $110 million.
PA一线

PA一线

The National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) issued a risk report regarding AI Skills jailbreaking and cryptocurrency mining.

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe
PANews App
24/7 blockchain news tracking and in-depth analysis.
Download PANews App
App StoreGoogle Play
PANews APP
Spot gold falls below $4,300.
PANews Newsflash