Humanity Stolen $31 Million; A Single Private Key Causes Token Price to Crash 90%
Original author: ChandlerZ, Foresight News
On June 9, according to on-chain analyst Specter, wallets that have interacted with the digital identity project Humanity are being continuously targeted.
Hundreds of addresses holding H tokens have been compromised, with total losses exceeding $31 million. Approximately $9 million has been exchanged for ETH, and another $9.9 million remains in H tokens.
Humanity founder Terence Kwok later confirmed a security incident involving the compromise of a foundation member’s private key.
As a precaution, users are advised to temporarily avoid interacting with the Humanity cross-chain bridge or any liquidity pools until security is further confirmed. The team is working with security experts and exchange partners to address the issue and will continue to provide updates to the community.
The H token price plummeted from around 0.7 USDT to a low of 0.052 USDT, dropping over 90% in 24 hours. As of writing, H is trading at 0.1368301 USDT, with its market cap falling from $2 billion to approximately $35.7 million.
As of June 9 at 11:00, the attacker is suspected of minting 100 million new Humanity Protocol tokens (H) and is selling them for BNB.
A project that has not truly proven humanity
Humanity Protocol, founded in 2024, positions itself as a decentralized digital identity network, with its key selling point being the use of palm print biometrics and zero-knowledge proofs to verify that users are real humans. The project is built on Polygon CDK (zkEVM) and claims to address sybil attacks, fake accounts, and AI-generated identities without exposing personal information.
This narrative attracted significant capital attention in 2024, with Humanity Protocol completing two funding rounds totaling $50 million. The seed round raised $30 million at a $1 billion valuation, with investors including Kingsway Capital, Animoca Brands, Blockchain.com, and Shima Capital.
In January 2025, a round led by Pantera Capital and Jump Crypto raised $20 million, raising the valuation to $1.1 billion.
The Humanity Foundation also brings together many prominent figures, led by Yat Siu, Chairman of Animoca Brands, with co-founders including Mario Nawfal, founder of an international blockchain consulting firm, and Yeewai Chong, senior investment specialist from Morgan Stanley and Ortus Capital.
On June 25, 2025, the H token launched via the Fairdrop mechanism, touted as the first token distribution in Web 3.0 history exclusively for verified real humans. But just two days after launch, DL News reported a leaked conversation with the founders. In the conversation, Kwok admitted that of the 9 million Human IDs created online, only about 1 million had completed biometric verification, suggesting that up to 88% of users may have been bots.
Additionally, users on X platform such as SCoin (@LianFang_) and AB Kuai Dong (@_FOR AB) have reported that Humanity Protocol (H) may be a "domestic project with a shell," noting that images from Shenzhen-based access control company Zhangteng Information still remain in the app’s code repository, raising questions about its authenticity. Netizens claim the project’s social media buzz is largely orchestrated by the team’s own fake accounts, casting doubt on actual user engagement.
AB Kuai.Dong warned that those previously verified on Humanity should be cautious. Zhongteng Information is backed by a Shanghai outsourcing company specializing in full-service identity verification. Additionally, whistleblower SCoin claimed the project extensively collects users' palm print data, raising privacy and security concerns.
This is fatal for a project whose core value proposition is "proof of humanity"; within two days of the H token's launch, its price dropped over 61%, falling from around $0.05 to a low of $0.018.
The founder's previous unicorn burned through $170 million.
Terence Kwok’s personal background also adds a note of risk to this project: in 2012, at age 20, Terence Kwok dropped out of the University of Chicago and founded Tink Labs after receiving a $900 roaming bill during a trip, offering free smartphones (brand name Handy) in hotel rooms for guests to use abroad as an alternative to expensive roaming charges.
This concept once captivated the capital markets; Tink Labs raised $170 million from Foxconn, SoftBank, Innovation Works, and the founder of Meitu, reaching a $1.5 billion valuation and becoming Hong Kong’s first unicorn. At its peak, Handy devices covered 82 countries and 600,000 hotel rooms worldwide.
But Kwok’s aggressive expansion strategy soon encountered real-world headwinds: global roaming fees continued to decline, hotels were unwilling to pay for Handy devices, and the company began posting losses starting in 2017. According to the Financial Times, SoftBank cut funding for key projects after discovering that Tink Labs may have diverted funds from the Japanese joint venture to other loss-making markets.
In July 2019, over 100 employees from the Europe, Middle East, and Africa offices did not receive their salaries. Departing employees covered the walls and floors of the Oxford office with cake. On August 1, Tink Labs officially shut down, and entered bankruptcy liquidation in January 2020. A former HR executive told the FT that Kwok cared only about "making money," and the $170 million in investment vanished entirely.
Six years later, Kwok returned to the market with Humanity Protocol, once again securing a unicorn valuation from Pantera Capital and Jump Crypto.
Private Key Management: An Old Problem, A New Cost
Based on the current information, this attack did not involve any smart contract vulnerabilities or protocol-level security flaws. The attacker gained access to a private key belonging to a foundation member, representing a classic failure in security management.
The security landscape for the crypto industry in 2026 was already grim; according to CCN, losses from DeFi hacking attacks in the first four months of 2026 exceeded $1 billion, with most stolen funds still unrecovered. On April 1, Drift Protocol suffered a $286 million attack, the largest single incident of the year.
Attackers are increasingly targeting validators, RPC nodes, and governance systems, not just smart contract vulnerabilities. However, private key compromises remain one of the most devastating attack types, as they bypass all on-chain security mechanisms and grant direct control over assets.
For a project that once faced controversy over 88% bot users and saw its token drop more than 90% from its peak, a $31 million private key leak could be the final blow to trust.
As of the time of this report, Kwok stated in a statement that the team is working with security experts and exchange partners to address the issue, but did not mention any user compensation plan or explain why the foundation members’ private keys were not protected by basic measures such as multi-signature or hardware isolation.
Original link
Click to learn about the open positions at BlockBeats
Welcome to the official BlockBeats community:
Telegram subscription group: https://t.me/theblockbeats
Telegram group: https://t.me/BlockBeats_App
Official Twitter account: https://twitter.com/BlockBeatsAsia