Humanity Protocol Suffers $36M Token Bridge Security Breach

Humanity Protocol, a decentralized identity platform focused on privacy-preserving digital verification, has disclosed a major security incident that resulted in the theft and unauthorized creation of millions of its native H tokens. The breach reportedly allowed attackers to gain control of critical administrative functions across Ethereum and BNB Chain, leading to losses exceeding $36 million.

The incident highlights ongoing security challenges facing blockchain projects, particularly those that rely on cross-chain infrastructure and administrative key management to secure digital assets and protocol operations.

Compromised Device Led to Major Security Failure

According to information released by the project, the attack originated from the compromise of an employee’s laptop that contained multiple bridge administrator keys. The unauthorized access provided attackers with control over key contracts operating on both Ethereum and BNB Chain.

Humanity Protocol operates a decentralized identity network that combines palm biometric verification with zero-knowledge proof technology. The platform is designed to enable users to verify specific attributes while keeping sensitive personal information private.

Despite the project’s focus on privacy and security, the compromise of a single device reportedly exposed multiple administrative credentials, creating an opportunity for attackers to bypass intended safeguards.

The breach occurred after attackers gained access to an employee laptop containing multiple bridge administrator keys, allowing unauthorized control over critical contracts on Ethereum and BNB Chain.

Millions of Tokens Drained and Minted

The project indicated that the attackers were able to exploit multisignature wallet permissions on both blockchain networks. On Ethereum, the compromised credentials reportedly enabled the attacker to control three of the six required keys within a multisignature wallet.

Using those permissions, the attacker allegedly drained approximately 141 million H tokens from the affected infrastructure.

The attack extended beyond token theft. On BNB Chain, the intruders reportedly gained access to three of the five required administrative keys, enabling them to create approximately 200 million new H tokens. The newly minted tokens represented roughly 7% of the token’s circulating supply at the time of the incident.

Following the discovery of the breach, Humanity Protocol moved to suspend deposits and withdrawals across the affected bridge infrastructure in an effort to contain additional damage and prevent further unauthorized activity.

Attackers reportedly drained around 141 million H tokens and minted an additional 200 million tokens on BNB Chain before emergency measures were implemented.

Impact on the Ecosystem

At the time of the incident, H had a circulating supply of approximately 2.83 billion tokens and a market capitalization of roughly $563.1 million. The scale of the unauthorized minting and token extraction raised concerns about supply integrity, bridge security, and the overall impact on the project’s ecosystem.

Cross-chain bridges remain among the most frequently targeted components within blockchain infrastructure due to the significant value they manage and the complexity of their security architecture. The Humanity Protocol incident adds to a growing list of attacks involving compromised administrative credentials and bridge-related vulnerabilities.

Multisignature Security Under Scrutiny

The breach has also renewed attention on security best practices surrounding multisignature wallets. These wallets are designed to reduce the risk associated with a single compromised key by requiring approvals from multiple authorized signers before transactions can be executed.

However, cybersecurity experts have long emphasized that storing multiple signer credentials on a single device undermines the primary security advantages of a multisignature setup. If one device contains several keys, a successful compromise can effectively bypass the intended separation of authority.

The incident underscores the importance of distributing multisignature keys across dedicated devices and hardware wallets, a practice widely regarded as a fundamental security standard in the blockchain industry.

The attack serves as a reminder that even sophisticated blockchain projects remain vulnerable when operational security procedures are not fully aligned with established best practices. As Humanity Protocol investigates the incident and works to restore confidence in its infrastructure, the broader industry is likely to view the breach as another case study in the critical importance of secure key management and bridge security.

The post Humanity Protocol Suffers $36M Token Bridge Security Breach appeared first on CoinTrust.