Humanity Protocol Loses $32M in Private Key Hack as ZachXBT Calls Incident ‘Possibly Staged’

A Private Key Breach Turns Into a Firestorm

The exploit deed Humanity Protocol, an identity-verification network, aboriginal connected June 9. According to onchain expert Specter, wallets that interacted with the task were systematically drained, with 17 addresses holding the H token emptied for a combined full exceeding $32 million. Consequently, its autochthonal token plunged 89% successful 24 hours, portion different trackers logged losses person to $30 cardinal tied to a private key compromise.

Humanity laminitis Terence Kwok acknowledged the breach, saying it stemmed from the compromise of private keys belonging to a subordinate of the Humanity Foundation. Blockchain information showed the attacker moving accelerated with astir $23.7 cardinal of the stolen worth swapped into ether ( ETH), portion astir $7.9 cardinal remained parked successful H tokens arsenic prices collapsed.

Image source: X

The drain did not halt astatine the archetypal theft. Analytics steadfast Lookonchain reported that the Humanity hacker minted different 100 cardinal H connected BNB Chain and, done dependable selling, had already obtained 18,510 ETH worthy astir $30.83 cardinal on with 1,548 BNB valued adjacent $924,000. The aforesaid information showed the attacker inactive holding astir 111 cardinal H (about $14 cardinal astatine depressed prices) though onchain liquidity was described arsenic “nearly exhausted,” meaning further dumping would crater the terms adjacent more.

The minting of caller tokens connected a 2nd concatenation is what has turned a regular exploit into a credibility crisis. Critics questioned however an attacker with a azygous compromised cardinal could contented caller proviso astatine will, a powerfulness that usually rests with a project’s ain administrators.

ZachXBT Throws Cold Water connected the Team’s Story

That question was sharpened by ZachXBT, the pseudonymous researcher known for unwinding crypto frauds. He publically doubted the authoritative narrative, penning that the “incident seems perchance staged” and that helium was “not buying the team’s story,” calling it “a convenient mode for the progressive marketplace shaper to person exited.”

In a abstracted connection aimed astatine the project, helium accused the squad of choosing to “crime pump your token for weeks with zero fundamentals” and demanded it disclose their “active MM agreements with the HK entity first.”

Image source: X

The allegation has flipped the occurrence from a information nonaccomplishment into a imaginable insider exit, 1 wherever a marketplace shaper mightiness person offloaded a presumption nether the screen of an “exploit.” Humanity has not publically addressed ZachXBT’s circumstantial claims, and nary autarkic confirmation of staging has emerged.

Whatever the truth, the timing is bleak arsenic the occurrence has added to a brutal 2026 for crypto security. Bitcoin.com News reported that April 2026 closed arsenic the most-hacked month successful the industry’s past by incidental count, with Defillama logging adjacent to 30 abstracted exploits. The twelvemonth has already featured the Drift Protocol exploit, which saw much than $200 cardinal drained successful a azygous onslaught aboriginal attributed to North Korea-linked actors.

Private key compromises, successful particular, person go 1 of the costliest onslaught vectors, due to the fact that they manus thieves nonstop power of funds alternatively than requiring a smart-contract bug. For Humanity Protocol, the harm whitethorn beryllium hard to reverse arsenic a token down astir 90% with exhausted liquidity is hard to rebuild around, and the task present carries the added load of an unresolved fraud allegation from 1 of the space’s most-followed sleuths.