Daily Crypto Briefs 
CASABLANCA, June 9, 2026
Humanity Protocol said a compromised employee laptop exposed bridge administrator keys and led to more than $36 million in H token value being stolen or minted across Ethereum and BNB Chain, sending the H token into a sharp intraday crash as markets weighed another key-management failure.
The decentralized identity project, which markets palm-based proof-of-humanity credentials, said the attack hit administrative controls tied to its bridge infrastructure. The incident is not being framed publicly as a normal smart-contract bug; the central issue is whether too many bridge control keys were reachable from one compromised device.
Market data showed the damage moving quickly through the token. CoinGecko listed H near $0.159682 late June 9, with about $291.7 million in market capitalization, roughly $364.8 million in 24-hour volume, and a 24-hour low near $0.057809 after trading above $0.70 a day earlier.
Humanity Protocol
HHumanity Protocol said in its incident update that three of six Gnosis Safe owner keys controlling the Ethereum Hyperlane bridge ProxyAdmin were compromised. It said the attacker used those keys to transfer ProxyAdmin ownership, upgrade the bridge to a malicious implementation, and move about 141.2 million H tokens in one transaction.
The same update said the BNB Chain side was also hit. There, the attacker allegedly obtained three of five Safe owner keys, took over the ProxyAdmin path, deployed a malicious implementation with an unlimited mint function, and minted 200,000,005 H tokens in two transactions.
The timing is especially sensitive because the project is built around trust in identity credentials. Daily Crypto Briefs recently covered Coinbase’s World ID integration, where biometric proof-of-human systems already faced privacy and custody questions. Humanity’s incident adds an operational security layer to that same identity-crypto debate.
The immediate implication is narrow but serious: a bridge can fail even when the visible user app looks normal. If admin keys can be reached from one compromised machine, a multisig threshold can become less meaningful than it looks on paper.
What remains unclear is the final recovery path. Humanity Protocol has not yet published a full post-mortem, a compensation plan, a final attacker-wallet accounting, or a detailed timeline for when affected bridges and liquidity pools can safely return to normal use.
Laptop Breach Hit Bridge Keys
The cleanest confirmed fact is that this was a key-control incident. CoinDesk reported that the bridge admin keys were stored on the compromised laptop, which allowed the attacker to meet both the Ethereum and BNB Chain signing thresholds.
That detail changes the risk analysis. A multisig wallet is supposed to require multiple independent approvals, but it only works as intended if the keys are separated across people, devices and security environments. If enough keys sit on one laptop, the structure can behave like a single point of failure.
On Ethereum, the attacker did not only move tokens out of a wallet. Humanity Protocol said the attacker seized control of the bridge ProxyAdmin, upgraded the bridge contract, and then moved about 141.2 million H tokens to attacker-controlled wallets.
On BNB Chain, the attacker used the same broad path but with a more damaging minting route. The project said a malicious implementation included an unlimited mint function, allowing the attacker to create 200,000,005 H tokens directly.
This is why the story has stronger search potential than a normal token dump. Readers are not only asking why H crashed. They are asking how a proof-of-humanity project could lose bridge control through private-key custody, and whether the reported multisig setup offered real separation.
H Token Selling Drained Liquidity
The market reaction followed the mechanics of the exploit. CoinDesk’s earlier report said H fell more than 80% as the attacker dumped stolen H for ether and minted additional H on BNB Chain.
CoinGecko’s intraday range showed the pressure clearly. H traded as low as $0.057809 on June 9 and later rebounded near $0.159682, but it was still down 34.8% over 24 hours at the time the data was checked. The token’s 24-hour volume, near $364.8 million, was larger than its market capitalization, a sign that turnover was extreme relative to the remaining value of the asset.
The loss estimate also changed as the incident widened. CoinDesk initially cited losses above $32 million from at least 17 wallets, while Humanity Protocol’s later update put the total above $36 million. The exact net loss may still change if funds are frozen, returned, bridged again, or sold into thin liquidity.
That is the same pattern Daily Crypto Briefs tracked in the Gnosis Pay Delay Module exploit, though the scale here is much larger. In both cases, the user-facing product depends on smart-account or bridge plumbing that most token holders cannot audit in real time.
The broader security backdrop is already weak. Our April roundup found that crypto platforms lost more than $605 million to cyberattacks in under 20 days, and many of those failures were not exotic code bugs. They came from signer workflows, bridges, domains, internal access and operational controls.
Recovery Depends on Key Rotation
Humanity Protocol’s next job is not only tracing the attacker. It has to show that the compromised administrative path has been removed, that bridge contracts cannot be upgraded through the same key set, and that any remaining owner keys have been rotated or replaced.
That is harder than posting a warning. Bridge users need to know which pools, routes and wrapped token supplies are safe, which balances are impaired, and whether exchanges have isolated deposits or markets tied to the compromised H supply.
The team also has to answer the custody question directly. If multiple required signatures were available from one employee laptop, then the threshold design did not provide the separation that users would normally assume from a multisig setup.
Market sentiment is already stressed, which makes recovery communication more important than usual.
Fear & Greed Index
June 9, 2026The incident also intersects with the wallet-security pressure seen in Ledger and Trezor phishing infrastructure. Attackers keep moving toward the human and operational layers because those layers can be cheaper to break than audited code.
For now, the confirmed facts are enough to keep the story urgent: Humanity Protocol says a laptop compromise exposed bridge admin keys, H supply was stolen or minted across Ethereum and BNB Chain, and the token’s market structure absorbed a violent selloff. The next public updates need to clarify the final loss, the compensation plan, the bridge restart criteria and whether the project can prove that one compromised device cannot recreate the same failure.
Stay up to date
Get the latest crypto insights delivered to your inbox
Primary sources and further reading
| Source | Title |
|---|---|
| | Humanity Protocol incident update on X |
| | CoinDesk: Humanity Protocol token crash after private-key hack |
| | CoinDesk: Humanity exploit tied to compromised laptop |
| | CoinGecko: Humanity price |
| | Alternative.me: Crypto Fear and Greed Index |
Fact-checked by: Daily Crypto Briefs Fact-Check Desk
Related Articles
Frequently Asked Questions
What happened to Humanity Protocol?
Humanity Protocol said an employee laptop was compromised, exposing bridge admin keys that let an attacker take control of bridge contracts and steal or mint H tokens across Ethereum and BNB Chain.
How much was stolen in the Humanity Protocol exploit?
Humanity Protocol put the loss at more than 36 million in H token value, while earlier on-chain assessments cited by CoinDesk placed the loss above 32 million.
Why did the H token crash?
The attacker moved and minted large amounts of H, then sold into market liquidity. CoinGecko data showed H touching an intraday low near 0.0578 on June 9 before rebounding.
Was this a smart-contract bug?
The public materials point first to compromised private keys and bridge administrator controls, not a normal contract logic exploit. The attacker allegedly used those controls to upgrade bridge contracts and mint or move tokens.
What should users watch next?
Watch for Humanity Protocol's full post-mortem, any exchange freezes, bridge restart conditions, compensation details and evidence on whether all compromised admin keys have been rotated.