Humanity Discloses H Token Dual-Chain Attack Details, With Losses on Ethereum and BSC Exceeding $36 Million

By: WEEX|2026/06/09 20:45:34

On June 9, according to TechFlow, Humanity released a new statement on the H token security incident, saying that attackers carried out a coordinated attack on related contracts across both Ethereum and BSC on the evening of June 8. The total amount stolen and sold across the two chains has now exceeded $36 million.

According to the project team, the incident was caused by the compromise of an employee’s laptop, which led to the leakage of multiple owner keys for the Gnosis Safe that controlled the Hyperlane bridge ProxyAdmin.

Based on Humanity’s disclosed attack path, the attacker first gained control of the ProxyAdmin on Ethereum and upgraded the contract to a malicious implementation. In a single transaction, the attacker then transferred approximately 141.2 million H tokens. After that, the attacker used a similar method on BSC, taking control of the ProxyAdmin, deploying a malicious implementation with unlimited minting functionality, and minting 200 million H tokens in two transactions before continuing to sell them into the market.

Humanity said it has paused deposits and withdrawals for the related cross-chain bridge and is working with exchanges and law enforcement to investigate the incident. The team also said it is attempting to recover part of the stolen assets.

The core issue in this case is not a traditional bridge exploit in the narrow sense. Instead, the incident highlights the failure of administrative permissions supporting the bridge and token management system. In other words, the attacker obtained the key authority needed to upgrade contract logic, rather than simply gaining access to a normal transfer wallet.

Once the ProxyAdmin and multisig control path were compromised, the attacker was able to directly rewrite token logic through contract upgrades. This allowed the attacker to transfer assets, mint new tokens, and then use on-chain liquidity to sell them.

Different sources have reported different figures, and some details still require official confirmation. Earlier on-chain monitoring and third-party reports cited losses of more than $19 million, $31 million, and $34 million, with different accounts of the number of affected wallets, minted tokens, and selling activity.

However, based on Humanity’s latest statement, the incident has clearly expanded into a dual-chain coordinated attack involving contract upgrades, malicious minting, and token dumping. The full impact is still being clarified as the investigation continues.

Why It Matters

The market impact of this type of incident lies first in permission risk, rather than a single smart contract vulnerability. Even when a project uses multisig, cross-chain infrastructure, and upgradeable contracts, weaknesses in administrator key management can still allow attackers to bypass surface-level security designs and directly rewrite asset logic.

For projects that rely on bridges, proxy contracts, and multi-chain issuance, this incident raises the market’s requirements for operational security, key custody, and separation of upgrade permissions.

Second, a dual-chain token dumping event can directly disrupt pricing anchors across exchanges and on-chain markets. When the same asset trades across different chains, liquidity pools, and centralized platforms at the same time, continuous selling of stolen or newly minted tokens can amplify price discovery confusion, drain liquidity, and distort cross-market spreads.

Some key data points remain inconsistent at this stage. Further disclosure from Humanity, trading platforms, and on-chain security firms will be needed to clarify the full scope of the incident.

WEEX View

The core market question is no longer simply whether Humanity was hacked. The real issue is whether the stolen and newly minted H tokens can continue moving through market infrastructure and trigger a second round of forced clearing.

For CEXs, the first-line impact usually appears in three areas: whether deposits and withdrawals remain isolated, whether spot and derivatives pricing begin to depeg, and whether market makers are still willing to provide two-sided liquidity.

If tainted on-chain tokens continue flowing into external addresses while platforms have not completed address profiling and risk control synchronization, arbitrage traders may be the first to step in and capture spreads. But these spreads come with liquidation, freeze, and compliance risks, leaving very little safe room for execution.

The more practical business conflict is also clear. The project team wants to secure pauses, freezes, and recovery cooperation. Exchanges care more about asset tradability, user exposure, and potential compensation disputes. Market makers will quickly reassess inventory value and hedging costs.

If on-chain spot prices, cross-chain mapped token prices, and CEX derivatives prices remain split for too long, H could enter a fragmented “same name, different price” state. In that environment, institutional capital and high-frequency liquidity usually withdraw first, leaving behind a high-friction and low-depth risk market.

The next four variables are the most important to watch. First, whether Humanity discloses the affected contracts, the number of leaked keys, and a complete remediation plan. Second, whether exchanges expand quantitative risk controls, including freezing suspicious deposits, adjusting leverage parameters, or delisting related trading pairs. Third, whether any residual malicious permissions remain on BSC or Ethereum. Fourth, whether the team can provide a verifiable supply repair and circulating supply reconstruction plan.

As long as any of these remain unclear, liquidity recovery is likely to be slow, while arbitrage, liquidation, and legal recovery efforts continue to pressure each other.

Timeline

2026-06-07: Humanity Protocol announced the launch of staking and supported cross-chain deposits through its official bridge.
2026-06-08 23:59: Early monitoring indicated that wallets related to Humanity may have been attacked, with more than 17 wallets affected and reported losses initially exceeding $19 million.
2026-06-09 00:34: On-chain monitoring later suggested that losses from related addresses had exceeded $31 million, and the attacker began swapping H tokens for ETH.
2026-06-09 09:36: Further monitoring showed that the attacker was still minting and selling H tokens on BSC, with cumulative proceeds reported at around $34 million.

On June 9, The Kobeissi Letter, citing Goldman Sachs data, reported that global investors are selling South Korean stocks at an unusually rapid pace. In the latest trading session, foreign investors sold about $801 million worth of Kospi constituent stocks again; total foreign outflows last week reached about $10 billion, and the market has been in net foreign selling on nearly every trading day over the past month. According to the data cited in the report, foreign investors have sold about $75 billion worth of South Korean stocks so far this year. Meanwhile, South Korean retail and institutional investors together recorded roughly $69 billion in net buying over the same period, suggesting that the market’s main buying support has come from domestic capital rather than returning overseas funds. The information currently disclosed still mainly comes from The Kobeissi Letter’s retelling and Goldman Sachs data summaries, while public details on the statistical period and the specific definition of “selling” remain relatively limited.

Fortune Warns of Strategy’s Financing Structure Risks as Bitcoin Premium Narrows

Fortune warned that Strategy’s Bitcoin treasury model faces growing financing risks as MSTR’s net asset premium narrows and preferred stock dividend pressure increases.

Ferrari Challenge Le Mans: Carl Moon to Dominate in WEEX Livery

The art of absolute control. Inside Carl Moon’s Ferrari 296 Challenge quest at Le Mans, taming the storm together with the official WEEX livery.

Sahara AI Responds to SAHARA’s Sharp Drop: No Contract or Product Security Issues Found, Internal Investigation Underway

Sahara AI responded to SAHARA’s 60% price drop, saying no token contract or product security issues have been found and an internal investigation is underway.

WEEX Deposit/Withdrawal Dynamic Island: Your Asset Status, Always in Sight

WEEX introduces Deposit and Withdrawal Info on Dynamic Island for iOS. See fund transfer progress on your dynamic island, lock screen, or while using other apps. No more guessing. No more refreshing.

Scaling Crypto Derivatives: The Digital Asset Infrastructure Behind High-Volume Trading

In the fast-moving digital asset ecosystem, derivatives platforms face an extreme architectural test. High-leverage futures markets demand more than just standard security—they require absolute operational precision, zero-latency matching engines, and ironclad structural scalability, all while navigating intense market volatility.

As global platforms scale to meet these demands, the industry is shifting away from rigid, monolithic setups toward a more agile, "decoupled" infrastructure philosophy.

The Blueprint for High-Volume Copy Trading

For elite global exchanges like WEEX (founded in 2018), this architectural choice becomes critical when scaling high-volume retail features like social copy trading. When thousands of users automatically mirror the real-time strategies of elite traders simultaneously, it triggers sudden, monumental spikes in concurrent transactional volume.

To prevent execution latency or settlement bottlenecks during these peak volatility events, a platform's primary engine must remain entirely dedicated to risk management, copy-trade synchronization, and order matching.

The Architectural Rule: New-generation platforms must separate front-end user execution engines from heavy backend infrastructural overhead to eliminate operational friction.

By separating these layers, platforms can maintain complete sovereignty over their trading environments and user experiences while strategically aligning with institutional-grade infrastructure ecosystems. This strategic framework allows modern exchanges to leverage advanced Digital Asset Custody infrastructure such as Cobo’s behind the scenes, ensuring that backend wallet management scales elastically alongside trading spikes.

Capitalizing on Market Momentum and 400× Leverage

In a derivatives arena where platforms offer up to 400× leverage on perpetual contracts, capital efficiency and market agility are core business metrics. To capture market momentum, an exchange needs the ability to rapidly expand its asset offerings, supporting everything from legacy crypto assets to sudden, trending altcoins across a massive library of trading pairs.

Adopting a flexible, scalable Wallet-as-a-Service (WaaS) solution such as Cobo’s could completely rewrite the development timeline for high-growth exchanges. Instead of spending months of engineering capital building out custom backend wallet architectures for every new blockchain network, platforms can deploy localized infrastructure in days.

This agility allows platforms to instantly scale their listings to over a thousand trading pairs without compromising security or delaying time-to-market. It mirrors the exact operational advantages seen during high-velocity market events, similar to how advanced wallet infrastructure empowers platforms during sudden asset surges; allowing exchanges to pass that speed and liquidity directly to their global user base.

A Mature Foundation for Growth

The synergy between trusted infrastructure ecosystems and global trading platforms represents the natural evolution of a maturing crypto market. As WEEX continues to scale its global spot and derivatives offerings for over 6 million users, adopting robust backend paradigms proves that platforms no longer have to compromise between cutting-edge trading velocity and uncompromised structural security.

Morning Report | BitMine increased its holdings by 126,971 ETH last week; trader Eugene announced his exit from the crypto market

Overview of Important Market Events on June 8th

Wang Chuan: How can one not feel anxious after the neighbor Old Wang made thirty times profit by investing in storage stocks? (Seven) - A quarter-century cycle

In-depth analysis of the "reflexivity" bubble trap in storage stocks: Beware of the backlash from the bullwhip effect and the false narrative of high growth; do not let the short-term myth of wealth become a wealth abyss that cannot be recovered for 25 years.

Get Paid to Onboard? Try WEEX’s New Homepage with Rewards for Registration, Deposit & Trade

WEEX just launched a brand new homepage and a 3-step new user onboarding guidance. Complete Registration → Deposit → Trade to earn exclusive rewards. Faster navigation, clear progress, and instant bonuses. Download the latest WEEX App to try it now.

WEEX Custom Layout: Build Your Perfect Trading Workspace in Seconds

WEEX introduces custom layout on futures trading page: left/right panel switch, hide/show core modules, full-screen focus, and one-click reset. Trade your way now.

See “Buy Walls” & “Sell Walls” Instantly: WEEX Launches the Depth Chart for Smarter Trades

Spot market liquidity at a glance. WEEX’s new Depth Chart shows you buy/sell walls, support & resistance levels, and order book depth. Perfect for large orders and scalping. Try it now on WEEX Futures.