The H token associated with Humanity Protocol experienced a massive decline of nearly 90% on Tuesday following a sophisticated security breach. Attackers managed to compromise private keys linked to the project, resulting in the theft of over $30 million in assets, marking one of the most significant targeted exploits of 2026.
Security firm PeckShieldAlert identified that multiple wallets associated with the project were actively targeted. The exploit resulted in the draining of approximately 187.6 million $H tokens from more than 280 individual wallets, causing immediate and severe market volatility.
The hack decimated the token’s market capitalization within hours, erasing the significant gains achieved during a recent rally that had propelled $H nearly 875% above its yearly low just days prior.
Details of the Exploit
According to data released by PeckShieldAlert, the attack involved a highly coordinated effort to drain assets from over 280 wallets within the Humanity Protocol ecosystem.
The attackers successfully extracted approximately 187.6 million $H tokens, which were subsequently converted into roughly 16,500 ETH (valued at approximately $27.5 million) and 2,700 BNB (approximately $1.6 million).
The breach extended to the Binance Smart Chain (BSC), where the attacker seized the H token’s proxy admin rights. This allowed the unauthorized party to mint an additional 100 million H tokens—worth roughly $12.9 million—to a new wallet, creating immense sell pressure and raising alarms regarding unauthorized supply inflation. In response, the project team advised users to stay away from its bridge and liquidity pools while collaborating with exchanges and security specialists.
Humanity Protocol founder Terence Kwok confirmed the breach, attributing the vulnerability to compromised private keys belonging to a member of the Humanity Foundation.
Context and Previous Controversies
Humanity Protocol operates as a decentralized digital identity network, utilizing zero-knowledge proofs and palm biometrics to verify unique human identities and mitigate bot activity.
Since its inception in 2024, the project has attracted significant venture capital, raising $50 million in two funding rounds backed by major players such as Pantera Capital, Jump Crypto, Animoca Brands, and Blockchain.com, leading to a reported valuation of $1.1 billion.
However, the project has faced scrutiny since its token launch in June 2025. Internal reports suggested that only about 1 million of the 9 million registered identities had actually completed biometric verification, leading to skepticism regarding the authenticity of the network’s user base.
Unverified online allegations have also questioned the technical origins and engagement metrics of the project.
Broader Market Implications
The 2026 cybersecurity landscape in crypto has seen a shift toward private key compromises rather than smart contract vulnerabilities; DeFi losses due to such breaches have already exceeded $1 billion in the first four months of the year. This incident serves as a stark reminder of how a single point of failure in key management can cause the total collapse of an entire ecosystem.