The co-founder of Humanity Protocol, Terence Kwok, said a compromised laptop may have been the entry point for a $36 million bridge attack. Kwok disclosed that some multisignature keys could have been accidentally backed up to the infected device during the initial setup process.
The $36 million bridge exploit
Cryptocurrency bridge attacks have become a recurring problem in decentralized finance. In this case, the attacker drained roughly $36 million from a cross-chain bridge operated by Humanity Protocol. The company has not publicly named the specific bridge or the chains involved, but Kwok's statement provides the clearest explanation so far of how the theft may have occurred.
Accidental key exposure
Kwok said the multisig keys — the digital signatures needed to authorize transactions — may have been backed up onto a laptop that was later compromised. That backup, he suggested, was not intentional but may have happened automatically during setup. If true, it means the security failure was not a sophisticated hack but a basic lapse in operational security.
“A compromised laptop may have led to a $36 million bridge attack,” Kwok stated. He added that “some multisig keys may have been accidentally backed up to the compromised device during setup.” The company is still investigating how the laptop was infected and whether the keys were indeed stored on it.
What the company is doing now
Humanity Protocol has not yet announced a full recovery plan or a timeline for reimbursing affected users. Kwok’s comments suggest the team is focused on figuring out the exact cause before making further commitments. The company has not stated whether law enforcement or third-party security auditors have been brought in.
The incident raises a basic but uncomfortable question for the crypto industry: how much trust can you place in a single team member’s personal device? If multisig keys could be accidentally backed up onto a laptop, other projects may want to review their own key management protocols.
