Humanity, a cross-chain infrastructure startup backed by Pantera Capital and Jump Crypto, lost $36 million this weekend after attackers exploited a compromised laptop that hosted one of the company's multisig wallets. The breach gave the attackers control over several cross-chain bridges, draining funds before the team could react.
How the attack unfolded
The vulnerability wasn't in the bridge smart contracts themselves. It came down to operational security. According to the company's initial postmortem, a laptop used to sign transactions for the multisig wallet had been infected. Once the attackers had access to that signing key, they could push through transfers that triggered bridge withdrawals. The entire theft took under two hours, and by the time Humanity detected the unusual activity, the funds were already moving across multiple chains.
The backers and the hit
Humanity had raised a significant seed round from Pantera and Jump Crypto, two of the biggest names in crypto venture capital. This exploit is a sharp reminder that even well-funded teams can be undone by basic opsec failures. Neither Pantera nor Jump have issued public statements since the news broke. Humanity says it is working with law enforcement and security firms to trace the stolen funds, though such efforts rarely succeed once assets cross several blockchains.
Why this keeps happening
Multisig wallets are designed so no single key can move funds alone. In theory, they're more secure than a single-key setup. But if one signer stores their key on an internet-connected laptop, that extra layer of protection is largely nullified. Many crypto teams now use hardware wallets or air-gapped machines for signing. Humanity hasn't disclosed whether the compromised laptop was the only signing device, but the speed of the theft suggests few obstacles stood in the attacker's way. The company hasn't announced a timeline for restoring bridge operations, leaving users and investors waiting for answers.
