Humanity Protocol: H Token Crashes 85% After a $32M Key Hack

The H token of Humanity Protocol crashed more than 85% on June 9, 2026, after attackers compromised the private keys of a Humanity Foundation member. The thieves drained roughly 17 wallets for over $32 million, then minted an additional 100 million H on BNB Chain, worth around $11 million, to amplify the dump. Founder Terence Kwok confirmed the breach and urged users to stop interacting with the bridge.

Key Takeaways

• H token fell from $0.67 to $0.13 with an intraday low at $0.05, a 90% drop
• $32M drained from 17 wallets after a Humanity Foundation member key was compromised
• 100 million additional H minted on BNB Chain to amplify the sell pressure

How a private key hack erased the token in hours

The incident started overnight on June 9, 2026, with the first public alert coming through at 4:54 am. Within a few hours the H token fell from roughly $0.67 to $0.13, an 82% drop. The intraday low briefly touched $0.05, marking a 90% decline from the opening price.

The attacker did not exploit a code vulnerability. They obtained the private keys of a Humanity Foundation member and drained around 17 wallets tied to the protocol. The total loss exceeds $32 million in H tokens, quickly swapped for ether to move beyond the reach of any counter measure.

To deepen the damage, the attacker minted 100 million new H tokens on BNB Chain, representing about $11 million in initial market value. This sudden supply expansion pushed the order book imbalance well beyond what the token’s liquidity could absorb.

The protocol bridge effectively became unusable during the morning. Terence Kwok publicly asked users to stop touching the bridge and any liquidity pools while the team worked with security partners and exchanges to assess the scope of the compromise.

From proof-of-humanity to the biggest incident of the year

Humanity Protocol is not a marginal name. The project builds decentralised identity infrastructure based on palm-scan biometrics and zero knowledge cryptography, positioning itself as a direct rival to Worldcoin. The pitch is to prove humanity without revealing any personal data.

That positioning attracted institutional partners and meaningful venture capital, which made the H token attractive both to speculative books and to thematic identity funds. Pre-attack market cap sat near the level reached at the last private round, and H was among the most followed identity tokens of the cycle.

The hack fits a structural pattern of 2026. Key compromise events now dwarf code exploits in terms of dollar value drained. Drift Protocol lost $285 million under similar circumstances, and Kelp DAO $292 million, two recent incidents that emptied entire treasuries in a matter of hours. For context, see our earlier piece on Cryptonomic: Kelp DAO Hack: $292 Million Stolen.

Human vulnerability is becoming the real attack surface of modern protocols. Code audits, however rigorous, cover neither founder key storage nor multisig permission rotation. Humanity Protocol is a stark reminder that protocol security rests as much on its operators as on its code.

Also on Cryptonomic:

• Strategy Buys 1,550 Bitcoin After Selling Just 32 BTC
• Bitcoin Slips Below $63,000 as Iran-Israel Tensions Lift Oil
• Worldcoin: Arthur Hayes Dumps Entire Position as WLD Plunges

What this means for the token and the identity sector

In the short term, H will only recover if the foundation manages to neutralise the supply minted fraudulently on BNB Chain and to reassure holders on the security of remaining wallets. The next 48 hours of announcements will determine whether liquidity returns or whether the token enters a long capitulation phase. Surviving holders face heavy dilution.

Centralised exchanges will play a decisive role. If one or more platforms suspend deposits and withdrawals of H, the attacker’s cash out options shrink, but token liquidity contracts further. The first feedback from the security firms cited by the Humanity Foundation will be watched very closely.

Over three to six months, the decentralised identity sector must absorb the impact. Worldcoin, Humanity and their competitors had built their narrative on the idea that biometrics plus zero knowledge offered a superior security standard. A founding member compromise undermines that pitch, regardless of how strong the underlying cryptographic primitives are.

For investors, two signals now matter. The first is the post mortem transparency. A detailed report on the compromise chain is expected within two to four weeks, and its contents will weigh heavily on residual confidence. The second is the posture of institutional partners, some of whom may pause integrations until full clarity emerges. H lost 85% in a single morning. Rebuilding trust will take months.

Follow the story on Cryptonomic.