Humanity Protocol lost about $32 million in a security incident on June 9, 2026, when attackers drained more than 17 wallets in a two-phase exploit. The project acknowledged the breach, saying that private keys belonging to a Humanity Foundation member were compromised. But on-chain investigator ZachXBT quickly questioned whether the incident was a genuine hack or a staged exit by insiders, damaging the project's already shaky credibility.
Two-phase exploit
The attack unfolded in two stages. First, the attackers minted 100 million H tokens, drained associated wallets, and converted roughly $23.7 million into ETH. Then they expanded the exploit to the BNB Chain, minting another 100 million H tokens worth about $12.9 million. The H token had surged roughly 875% above its 2026 low just before the crash. A token unlock was scheduled for June 25 — two weeks after the incident.
Questions from the blockchain
ZachXBT publicly noted that all H tokens were sold on decentralized exchanges rather than centralized exchanges, which he considered unusual for an external attacker. He also observed that concentrated token supply suggested the team was working with an active market maker. In a series of posts, he wrote: 'The incident seems possibly staged. I am not buying the team's story. It's a convenient way for the active MM to have exited.' He later walked back some concerns after additional analysis, but the damage to the project's reputation had already deepened.
In a follow-up post, ZachXBT said: 'You choose to crime pump your token for weeks with zero fundamentals... Disclose your active MM agreements with the HK entity first.'
Project's shaky background
Humanity Protocol, which aims to build a biometric identity system, had touted nine million registered identities. But reports suggested only about one million of those had completed biometric verification. More troubling: three of the project's four co-founders have documented histories involving lawsuits, financial fraud allegations, and management failures.
The team urged users to avoid interacting with the bridge or any liquidity pools until further notice. With a token unlock just two weeks away and the project's credibility under fire, the question of whether this was a hack or an inside job remains open — and the blockchain evidence isn't settling it.
