Decentralized identity. Zero-knowledge proofs. Palm scans verifying you are a human. The marketing sounded quite futuristic. The reality, on June 8 and 9, was a single employee laptop, an attacker with patience, and roughly 447 million tokens vanishing across two chains. The panda is taking notes.
What Happened on June 8-9, 2026
Humanity Protocol, a zero-knowledge Layer-2 focused on proof-of-personhood, disclosed on June 9 that attackers had drained or minted approximately $36 million worth of its native H token. The attack spanned Ethereum and BNB Smart Chain. According to CoinDesk's reporting on the multisig failure, the attacker compromised three of six Gnosis Safe keys on Ethereum and three of five on BSC. That was enough to seize the bridge ProxyAdmin contracts on both networks.
Founder Terence Kwok confirmed the attack vector publicly. "Unfortunately in this scenario, the keys were backed up on a compromised device," he told CoinDesk. Translation: the multisig was distributed across signers on paper, but stored, in full, on one machine.
The contracts behaved exactly as designed. The keys behaved exactly as instructed. The laptop, less so.
Why Did a "Multisig" Live on One Laptop?
A multisig wallet exists for a specific reason. Splitting custody across independent devices means that no single compromise breaks the whole thing. Storing all the required keys on one laptop converts that multisig back into a single-signature wallet with extra branding and a longer transaction signature.
The pattern is depressingly familiar. According to Decrypt's account of the breach, the attacker drained 141.2 million H from the Ethereum bridge by upgrading the proxy contract to a malicious implementation, then minted an additional 200 million H on BSC by upgrading the token contract. The on-chain post-mortem brings the total impact to roughly 447 million H once the BSC inflation is fully accounted for.
It is, as CoinDesk noted, "an operational security failure, not a smart-contract bug." There is no Solidity audit that would have caught this. The contracts did what they were instructed to do by signers holding valid private keys. Those keys just happened to belong, collectively, to the wrong laptop.
The Numbers Behind the H Token Collapse
Markets reacted the way markets react when supply triples overnight. H traded above $0.73 on Monday morning and bottomed near $0.08 on Tuesday: an intraday drawdown of around 89 percent. By the time the founder's post-mortem thread landed, the token had stabilised closer to $0.20, still down roughly 73 percent on the week.
Context helps. The total crypto market cap sat at $2.21 trillion on June 10, with Bitcoin dominance at 55.99 percent, according to CoinGecko's global market data. H's market cap, even at fully diluted supply pre-attack, was a rounding error against that backdrop. The damage is not systemic. It is reputational, and it lands squarely on bridge architecture rather than on identity verification itself.
BSC, where the inflationary mint happened, currently hosts the protocol stack we covered yesterday in our BSC TVL jump mechanism note. None of that TVL was affected directly. But the optics of "300 million tokens minted out of thin air on BSC" do not help the chain's recurring narrative problem, and incidents like this routinely show up in the comparative L1 charts long after the actual loss has been recovered.
Why It Matters for Bridge Security
Bridges keep failing the same way. Not because the cryptography is broken, but because the operational layer that protects the cryptography is treated as an afterthought right up until the morning a post-mortem is required.
The H exploit pattern, in plain text:
- Signers exist on paper but share a backup device.
- Bridge ProxyAdmin contract is upgradeable without a timelock.
- Token contract is upgradeable without a timelock.
- One device compromise unlocks both upgrade paths simultaneously.
Each item, alone, is defensible. Stacked, they form a single point of failure dressed up as decentralised governance. The fix is unglamorous: separate hardware wallets for each signer, mandatory timelocks on critical contract upgrades, public on-chain monitoring of ProxyAdmin transactions, and incident drills that assume one signer is already lost. Most projects do none of these. The ones that quietly do them rarely show up in security headlines, which is sort of the point.
For builders on BSC and Ethereum alike, this should reopen a conversation the industry keeps closing too quickly. Shipping fast and trusting your custody setup later is how you end up writing a post-mortem instead of a roadmap. The relevant question for any project with an upgradeable bridge is not "could this happen to us" but "what would the post-mortem read like if it did."
What to Watch Next
Three things over the coming weeks. First, whether Humanity Protocol's recovery program meaningfully buys back the minted supply on BSC or accepts a permanently inflated float on the chain. Second, whether centralised exchanges freeze attacker addresses in time to recover any portion of the drained Ethereum liquidity, given how quickly mixers and cross-chain routers absorb these flows. Third, whether the project's next security disclosure includes hardware separation guarantees, which is the cheapest credibility win still available.
Dadacoin lives on BSC, and the panda watches BSC bridge incidents closely. Not because every chain hack is contagious, but because every avoidable one chips at the trust budget the entire ecosystem shares.
