On-Chain Investigator Questions Legitimacy of $32 Million Humanity Protocol Crypto Breach

The alleged $32 million crypto hack of Humanity Protocol's token raises doubts as an on-chain analyst suggests the attack may have been staged by insiders rather than an external breach.

Editorial Team · Jun 9, 2026 · 2 min read · Source: bitcoinist.com

Humanity Protocol, a blockchain project focused on biometric digital identity, experienced a significant security breach resulting in the loss of approximately $32 million worth of its native H token. The incident triggered a dramatic 90% plunge in the token’s value within hours, raising urgent concerns about the project’s security and transparency.

The attack unfolded in two distinct phases involving multi-chain exploits. Initially, hackers minted a massive 100 million new H tokens and drained assets totaling close to $23.7 million, mainly converted into ETH, from over 17 wallets. In a subsequent phase, the exploit expanded to the BNB Chain, where the attackers seized control of the token’s proxy admin contract, minting another 100 million H tokens valued around $12.9 million and transferring them to a new wallet. Blockchain security firms and analytic platforms tracked these movements in real-time, confirming the scale and complexity of the breach.

Following the breach, Humanity Protocol confirmed that private keys linked to a key member of the Humanity Foundation had been compromised. The team advised users to avoid interacting with the project’s bridge and liquidity pools until further notice and promised official updates only through verified social media accounts.

However, the narrative of an external hack was swiftly questioned by ZachXBT, a well-known on-chain analyst. Through a series of posts on social media, he dissected the circumstances surrounding the event, suggesting that the attack bore hallmarks of an orchestrated exit by insiders rather than a genuine external breach.

ZachXBT pointed out several unusual characteristics. The majority of the H tokens were sold via decentralized exchanges, not centralized ones, a strategy inconsistent with typical hacker behavior focused on liquidity maximization. Additionally, he highlighted the involvement of an active market maker with concentrated token holdings, insinuating possible collusion to facilitate a convenient market exit under the guise of an attack.

His assessment evolved over several detailed posts, challenging the project’s public explanations and demanding transparency regarding market-making agreements linked to the entity managing the token. While later clarifications tempered some initial suspicions, the incident severely damaged the project’s credibility and investor trust.

This case underscores the increasing scrutiny on crypto projects’ governance and security practices, especially when large-scale token crashes coincide with suspicious transactional patterns. As the investigation continues, users remain cautioned against engaging with the compromised tokens or related liquidity pools.