The decentralized identity protocol Humanity Protocol announced on X on June 10 that it is preparing a fund recovery plan for all users affected by the attacks, and has set up real-time tracking pages for the attacker addresses and downstream transfers. The official has also offered a bounty of 1 million USDT in search of valid leads that can help recover the stolen funds. On June 9, Humanity disclosed that about $36 million worth of assets had been stolen and sold across two chains combined.
Officially confirmed response measures
Actions confirmed by Humanity Protocol on X on June 10, 2026:
· Developing a fund recovery plan for all affected users
· Setting up real-time tracking pages for attacker addresses and downstream transfers, sharing them with centralized and decentralized exchanges and aggregators, and updating continuously
· Offering a bounty of 1 million USDT to collect effective leads for recoverable funds
· Stating that all recovered funds will be used to repurchase H tokens
The deposit and withdrawal functions of the affected bridge have been suspended, and the investigation is still ongoing (confirmed by CoinGape). The team page on Humanity Protocol’s official website has been removed after the attack occurred.
Root cause of the attack: a security flaw in multi-signature private key backups
What Humanity Protocol founder Guo Rongjing confirmed in a Telegram statement:
A multi-signature wallet was originally configured by four personnel. During the setup process, some keys were mistakenly backed up to a device that had already been compromised. Guo Rongjing’s wording in CoinDesk’s report was: “During the setup process, some keys were accidentally backed up to a device that had been compromised. For some contracts, multi-signature private keys are set up in one place and then distributed; unfortunately, the key backups ended up on the compromised device.”
Although the multi-signature design requires approval from multiple keys to execute operations, because multiple key backups were stored on the same compromised device, once the attacker broke into a single machine, they obtained enough authorizations. Blockchain investigator ZachXBT confirmed that this key leakage has no direct connection to the market-making issue of H tokens.
Technical details of the two-chain attack: confirmed operational steps
Ethereum bridge (confirmed based on Humanity Protocol’s official disclosure): The attacker obtained 3 of the 6 keys of the Ethereum bridge administrator account. After taking control, they replaced the bridge code with malicious code, and about 141 million H tokens were transferred out in a single transaction.
BNB Chain bridge (confirmed based on Humanity Protocol’s official disclosure): The attacker obtained 3 of the 5 keys of the BNB Chain bridge configuration. They implanted malicious software with an infinite minting function, and nearly 200 million H tokens were directly minted to the attacker’s wallet.
H token price confirmation data: In the weeks before the attack, it rose from about $0.20 to about $0.70; during the attack, it hit a low of about $0.05; as of the time of the report, it has recovered to around $0.20.
FAQ
What are the specific terms of Humanity Protocol’s 1 million USDT bounty?
According to Humanity Protocol’s statement on X, the bounty conditions are to provide valid leads that can help recover the stolen funds. The official did not specify a detailed submission process or review standards for leads in the announcement. The relevant tracking page has been published and is shared with major exchanges and aggregators.
What is the underlying technical vulnerability of this attack?
According to the Telegram statement from founder Guo Rongjing, the vulnerability came from backups of multi-signature private keys on an employee’s device. Multi-signature design should require multiple keys to execute operations, but because multiple keys were backed up to the same compromised device, once the attacker compromised a single device, they obtained sufficient authorization.
What is the current status of the H token bridge functionality?
According to CoinGape’s report, the deposit and withdrawal functions of the bridge affected by the attack are currently paused, and the investigation is still ongoing. The official has not yet released a specific timetable for restoring the bridge functionality.
