TechFlow reports that on June 9, Humanity released an incident update stating that its H token was subjected to a coordinated attack on Ethereum and BSC on the evening of June 8, resulting in approximately $36 million worth of tokens being stolen and dumped across both chains. The project disclosed that the attack originated from a compromised employee laptop, which led to the leakage of multiple owner keys for the Gnosis Safe controlling the Hyperlane bridge ProxyAdmin.
On Ethereum, the attacker seized ownership of the ProxyAdmin and upgraded the contract to a malicious implementation, transferring approximately 141.2 million H tokens in a single transaction. On BSC, after similarly gaining control of the ProxyAdmin, the attacker deployed a malicious implementation with infinite minting functionality, minting 200 million H tokens in two transactions and continuously dumping them. Humanity has suspended deposits and withdrawals on the affected cross-chain bridge and is collaborating with exchanges and law enforcement to investigate the incident and recover part of the stolen funds.
