Odaily Odaily reported that Humility Protocol released a security incident update on the X platform, stating that its H token suffered a coordinated attack on the Ethereum and BSC chains yesterday, with confirmed losses exceeding $36 million in stolen and dumped assets.

Preliminary investigations indicate the incident originated from a compromised employee computer, which led to the leakage of private keys for the multi-signature wallet controlling the Hyperlane Bridge ProxyAdmin. Specifically, the attacker obtained 3 out of 6 private keys of the Gnosis Safe wallet on the Ethereum chain, transferred ownership of the ProxyAdmin to a wallet under their control, upgraded the bridge contract to a malicious implementation, and subsequently transferred approximately 141.2 million H tokens in a single transaction.

Simultaneously, the attacker also gained control of 3 out of 5 private keys of the Safe wallet on the BSC chain, took over the ProxyAdmin using the same method, deployed a malicious contract with unlimited minting functionality, and minted 200 million H tokens in two separate transactions to their own wallet.

Humility stated that it has suspended all deposit and withdrawal operations on the affected bridge services and is collaborating with partners such as exchanges to mitigate losses. Meanwhile, it is cooperating with the police investigation and attempting to recover part of the stolen funds.

According to monitoring by on-chain analyst Ember, the "private key leak" has allowed the minting and dumping of H to continue for 13 hours. The so-called "hacker" is still able to mint H on the BSC chain and sell it off, draining every last cent from the pools. The "hacker" has minted 300 million H and sold a total of approximately 450 million H, cashing out $34 million (ETH+BNB). The H pool on BSC has been drained to just $13 in liquidity, and the price of H has plummeted 99.9% to $0.0009. Meanwhile, the perpetual contract price on CEX stands at $0.09, a 100x difference. In essence, they have de-pegged into two unrelated tokens.

Odaily reported that according to Lookonchain monitoring, the Humanity hacker has minted an additional 100 million H tokens on the BSC chain. The hacker has already obtained 18,510 ETH (worth $30.83 million) and 1,548 BNB (worth $924,000) by selling H tokens. The hacker currently still holds 111.36 million H tokens (worth $14 million) for sale. On-chain liquidity is now nearly depleted.

Odaily reports that according to monitoring by Onchain Lens, despite the hack of Humanity Protocol, a newly created wallet has received 62.68 million H tokens from BitGo, worth $7.65 million. The wallet is suspected to belong to VC Framework Ventures, though this has not yet been confirmed.

Odaily reports: In response to the "Humanity theft incident," on-chain detective ZachXBT has released a new post stating that this "incident" was very likely a staged event. He fundamentally does not believe the team's corresponding explanation, which he sees as nothing more than an excuse fabricated by those with ill intentions to escape blame.

According to earlier news, ZachXBT stated that it has not been confirmed whether the Humanity theft was a security attack or a malicious sell-off by the project team. The sell-off of the H token originated from a DEX rather than a CEX.

Odaily Odaily reported that in response to the "Humanity hack of over $31 million," on-chain detective ZachXBT stated, "It is uncertain whether this was a hacker's theft or a malicious act by the project team. Looking at the chart, given the concentration of supply, the H team was likely working with an active market maker. However, all H tokens were dumped on a decentralized exchange (on-chain), not on a centralized exchange."

Odaily reported that Humanity founder Terence has confirmed that a private key belonging to a member of the Humanity Foundation has been leaked. As a precautionary measure, please refrain from interacting with any cross-chain bridges or liquidity pools until safety is confirmed. The foundation is working with security experts and exchange partners to address the matter and will provide further updates.

Previous report: The outflow of funds from addresses associated with the Humanity Protocol is ongoing, with losses now exceeding $31 million.

Odaily Planet Daily News: According to Onchain Lens monitoring, Humanity Protocol has suffered a hacker attack, with losses exceeding $31 million. The fund outflow is ongoing, as the hacker is converting H tokens into ETH.

Odaily reported that OKX market数据显示, H has broken below 0.08 USDT, currently trading at 0.7946 USDT, with a 24-hour decline of 89.34%.

Previous News: Losses exceed $19 million, wallet associated with Humanity Protocol suspected of being hacked.

Odaily: Wallets associated with or interacted with Humanity Protocol are being compromised. Currently, over 17 wallets holding H tokens have been stolen, with total losses exceeding $19 million. The cause of the theft remains unclear, but the attack pattern suggests that the affected wallets may share a common risk exposure related to Humanity Protocol.