Humanity Protocol suffered a $36 million exploit after an employee's compromised laptop held all multisig keys to control token bridges on Ethereum and BNB Chain. The breach, disclosed to CoinDesk, involved attackers obtaining three of six keys on Ethereum and three of five on BNB Chain, allowing them to drain 141 million H and mint 200 million H respectively. Founder Terence Kwok admitted keys were accidentally backed up to the compromised device during setup, violating multisig security best practices. The project, backed by Pantera Capital and Jump Crypto with a $1.1 billion valuation, has since halted bridge operations and is working with exchanges and police. On-chain investigator ZachXBT noted no connection to separate suspicious market-making activity but questioned pre-breach token price surges from $0.20 to $0.70 ahead of a large unlock. H token fell to $0.05 during the attack, later recovering to $0.20, still far below the $0.67 pre-incident level. The incident underscores critical security lapses in key management for decentralized projects.

Key facts

• Employee laptop compromised, storing all multisig keys for token bridges.
• Attackers obtained 3 of 6 keys on Ethereum, 3 of 5 on BNB Chain.
• Drained 141 million H on Ethereum, minted 200 million H on BNB Chain.
• Founder admitted accidental key backup to compromised device during setup.
• ZachXBT flagged suspicious token price surge before the exploit.

KeyAudit data perspective