$32M Gone: Humanity Protocol Hack or Staged Exit?

iEXExchanger
$32M Gone: Humanity Protocol Hack or Staged Exit?

The H token crashed 86% after $32M was drained from the project's wallets. On-chain investigator ZachXBT says the exploit looks 'possibly staged,' pointing to wallets pre-funded weeks before the attack.

Between Sunday evening and Monday morning, more than $32 million left Humanity Protocol's wallets. Whether it was taken — or handed over — is now the central question.

The project built its reputation as the palm-scanning alternative to Sam Altman's Worldcoin. Users prove their personhood through hand biometrics and zero-knowledge cryptography, without surrendering a retinal scan or a government ID. The H token had been trading around $0.72 going into the weekend. By Monday, it was near $0.10.

The attacker compromised private keys belonging to a member of the Humanity Foundation, drained more than 17 wallets across chains, then minted an additional 100 million H tokens on BNB Chain — created from nothing, worth roughly $11 million — and sold those into the market too. Total losses passed $32 million. The intraday low touched $0.05, a near-90% collapse in a single session.

Founder Terence Kwok confirmed the breach and asked users to avoid the project's bridge and liquidity pools while his team works with security firms and exchange partners to contain the damage.

ZachXBT isn't buying the official version. The on-chain investigator publicly called the exploit "possibly staged," accused the team of manipulating H's price before the collapse, and demanded they disclose their active market-maker agreements. Analyst Elton added forensic detail: the attacker's wallets were funded through exchanges and mixers as far back as late April and early May, weeks before the breach. The minting contract showed signs of being tested in the days prior — someone running through privileged functions before going live. The dumps on Ethereum and BNB Chain happened in tight coordination, not the scattered pattern of a hurried external hack.

That leaves two explanations: an outside attacker who held a stolen key quietly for months and timed their exit, or someone from inside the organization. Either way, around $4 million has already reached mixers. For a project whose core promise is verifiable identity, having its own story be the least verifiable thing right now is an uncomfortable position to defend.

Questions and answers

Frequently asked questions about this article

What is Humanity Protocol and how does it differ from Worldcoin?

Humanity Protocol is a decentralized identity project using palm-scan biometrics and zero-knowledge cryptography to verify personhood without exposing personal data. Unlike Sam Altman's Worldcoin, which uses iris scanning, Humanity Protocol relies on hand biometrics.

How was Humanity Protocol exploited?

The attacker compromised private keys belonging to a Humanity Foundation member and drained more than 17 wallets across Ethereum and BNB Chain. They also minted 100 million new H tokens on BNB Chain and sold them into the market. Total losses exceeded $32 million.

Why does ZachXBT think the hack may have been staged?

On-chain analysis revealed that the attacker's wallets were pre-funded through exchanges and mixers weeks before the breach. The minting contract was tested days prior. Synchronized dumps across two chains within minutes of each other suggest a planned operation rather than an opportunistic external attack.

Can affected H token holders recover their funds?

Prospects are dim. Around $4 million has already been routed through mixers, making tracking very difficult. The team says it is working with exchanges, but no specific compensation commitments have been announced. Recovery after private-key exploits involving mixing protocols is rare.

How can projects protect against private key exploits?

Store private keys offline in hardware wallets. For contracts with privileged functions like minting, require multisig authorization so no single key can execute critical operations alone. Conduct regular access audits on privileged protocol functions and rotate key holders periodically.

Read also