“Decentralized Identity” Project Compromised by a Single Private Key: Post-Mortem of Humanity Protocol’s $31 Million Security Incident
TechFlow Selected TechFlow Selected
“Decentralized Identity” Project Compromised by a Single Private Key: Post-Mortem of Humanity Protocol’s $31 Million Security Incident
H Plummets 90%: Was the Hacker Too Fast, or Was the Timing Just Too Convenient?
Navigating Web3 tides with focused insightsAuthor: Claude, TechFlow
TechFlow Intro: Humanity Protocol, a decentralized identity project, suffered a severe security incident today. The private key of a foundation member was compromised, resulting in the draining of over 17 associated wallets and losses exceeding $31 million.
The attacker also minted 100 million additional $H tokens on BNB Chain and has been continuously dumping them, causing the token price to plunge from approximately $0.73 to near $0.05. On-chain investigator ZachXBT publicly questioned whether the incident “may have been staged,” while the community pointed to founder Terence Kwok’s prior entrepreneurial history—having burned through $170 million in investor funds at his previous startup.
The $H token of Humanity Protocol experienced a catastrophic crash over the past 12 hours.
According to The Block and multiple other media outlets, on June 9, 2026 (UTC), blockchain analyst Specter first detected systematic theft from wallets linked to Humanity Protocol. Founder Terence Kwok subsequently confirmed on X that a private key belonging to a Humanity Foundation team member had been leaked, enabling the attacker to gain control over multiple foundation-associated wallets.
As of press time, CoinGecko data shows $H’s 24-hour decline at approximately 89%, dropping from roughly $0.73 pre-incident to around $0.13, with an intraday low of $0.05. The project’s fully diluted valuation shrank from approximately $7.3 billion to about $1.2 billion.
17 Wallets Drained; Attacker Mints 100 Million Tokens on BSC
On-chain data reveals the attacker drained funds from at least 17 wallets holding $H tokens. Total losses rapidly escalated from an initial $5 million to over $31 million. According to Specter’s tracking data cited by DropsTab, approximately $23.7 million worth of $H was swapped for ETH, while roughly $7.9 million remains held as $H.
Even more damaging were the attacker’s actions on BNB Chain. Security firm Blockaid detected that the attacker gained proxy admin privileges over the $H token on BSC and, between 02:02 and 02:09 UTC, minted a total of 100,000,005 $H tokens from the null address. Valued at approximately $11.4 million at the time of minting, these newly minted tokens were immediately dumped on DEXs—including PancakeSwap and Kyber Network—for BNB, further amplifying selling pressure.
Per Cointelegraph, Arkham Intelligence has labeled the associated addresses as the “Humanity Protocol Exploiter” entity, and on-chain tracking remains ongoing. Humanity officially urged all users to suspend interactions with cross-chain bridges and liquidity pools and recommended revoking approvals granted to Humanity Protocol contracts.
ZachXBT Publicly Questions: “The Incident May Have Been Staged”
While the official narrative attributes the event to a “private key leak,” this explanation is now facing public scrutiny from on-chain investigators.
Renowned on-chain detective ZachXBT posted shortly after the incident: “This looks possibly staged—I don’t buy the team’s story.” He highlighted three red flags: the $H tokens were sold exclusively via DEXs rather than centralized exchanges (CEXs), inconsistent with typical hacker fund-movement patterns; and three core team members previously faced lawsuits, allegations of financial fraud, or accusations of mismanagement.
Independent analyst Elton provided more specific technical clues in his on-chain analysis: the attacker’s wallet received funding weeks before the incident, minting permissions had already been “pre-warmed,” and sell-offs across both chains showed signs of coordination. Elton concluded these patterns “align with those of insiders or long-term holders who obtained leaked private keys.”
However, these claims remain speculative, and no conclusive evidence currently proves internal involvement. Humanity’s official post-mortem report has yet to be released.
Timing Under Scrutiny: Institutions Just Accumulated; Unlock Looms; “Hackers” Arrive Precisely
Community skepticism centers on the timing of the incident.
According to on-chain analyst Ai Aunt (@ai_9684xtpa), just four days before the incident—on June 5—a Hex Trust–linked address purchased 72.23 million $H tokens within four hours, valued at approximately $42 million, representing 2.55% of circulating supply. This purchase occurred shortly after the Humanity Foundation revised its token unlock schedule in April, permitting early investors to claim tokens at a 70% discount in a single batch on June 26.
Ai Aunt commented post-incident that Hex Trust–affiliated entities had just accumulated massively, the unlock was imminent, and the project was still conducting off-chain token buybacks—yet today, a “hack” occurred, sending $H’s on-chain price nearly to zero.
Per CryptoRank data, $H’s scheduled June unlock totals approximately $72.4 million, making it the second-largest unlock event of the month.
While these coincidences do not prove causation, they sufficiently explain why community trust has been severely eroded.
Founder’s Checkered Past: Tink Labs Raised $170M, Then Went Bankrupt
The crisis of confidence surrounding Humanity Protocol did not begin today.
Per KuCoin News citing Odaily Planet Daily, founder Terence Kwok launched Hong Kong–based smartphone leasing company Tink Labs at age 20. It raised approximately $170 million to $200 million from Foxconn, SoftBank, and Innovation Works, achieving a peak valuation of $1.5 billion and becoming Hong Kong’s first unicorn.
Yet the company incurred continuous losses starting in 2017. In July 2019, over 100 European employees went unpaid, and the company formally shut down on August 1, 2019. It entered bankruptcy liquidation in January 2020. As reported by the Financial Times, a former HR director stated Kwok cared only about “making money,” and the entire $170 million in investor funds “evaporated.”
Six years later, Kwok re-entered the market with Humanity Protocol, leveraging a narrative combining palm-vein biometrics and zero-knowledge proofs for “decentralized identity,” and secured another unicorn valuation (~$1.1 billion) led by Pantera Capital and Jump Crypto.
An investigation cited by HTX Insights also notes that Mario Nawfal, head of the Humanity Foundation, was previously accused of wage withholding, improper fundraising, and coercing whistleblowers. ZachXBT points out that three of the four core leadership members have controversial histories.
Team Already Incubating New Project “Everything,” Deepening Community Doubts
Public reports indicate the Humanity core team is already involved in a new project named “Everything.”
“Everything” closed a $6.9 million seed round on January 26, co-led by Humanity Investments—the venture arm of Humanity—and joined by Animoca Brands, Hex Trust, WallStreetBets founder Jamie Rogozinski, and Three Point Capital.
This information resurfaced in the wake of $H’s crash. Reports suggest community speculation that the so-called “hack” may be a deliberate exit strategy—abandoning the old project to redirect resources toward the new one. While no on-chain evidence supports this theory, Humanity Investments’ direct lead role in Everything’s funding objectively intensifies perceptions of conflict of interest.
Was It Careless Key Management—or Intentional?
Per CoinDesk, this incident aligns with the dominant pattern of crypto security breaches in 2026: the largest losses stem from stolen private keys—not flawed smart contract code. Per CCN data, DeFi-related hacks in the first four months of 2026 have already cost over $1 billion, with most stolen funds remaining unrecovered.
The irony is stark: a project built around “decentralized identity verification” suffered a devastating blow due to a single compromised private key. Blockaid confirmed this attack involved no smart contract vulnerabilities or protocol-level security flaws—only a failure in key management.
As of press time, Binance perpetual futures $H/USDT trades at ~$0.068 (down ~91%), while Bybit spot quotes ~$0.15—indicating severe price dislocation across venues. The 24-hour aggregated trading volume stands at ~$599 million, roughly 2.7× the circulating market cap, reflecting event-driven forced repricing rather than normal turnover.
The incident remains ongoing. The attacker’s address still holds some $H, and the handling plan for the newly minted tokens on BSC remains unclear. Until these critical questions are addressed, the resolution path for the newly minted $H tokens on BSC remains uncertain.
However, further on-chain data suggests the operations originating from the compromised private key address are difficult to attribute to mere negligence. On-chain analyst Yujin noted:
Beyond the 100 million $H tokens newly minted by the hacker, the earlier sale of over 200 million $H tokens occurred across nearly 300 wallets—most of which had unlocked tokens two weeks prior or received tokens 11 months ago. Moreover, these wallets withdrew gas fees from Gate and Bybit into their addresses three weeks ago.
Humanity Protocol’s official post-mortem report has not yet been released. Until verifiable on-chain answers emerge, any definitive characterization of this event as a “hack” remains premature.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
深潮TechFlow
