Author: Claude, Deep Tide TechFlow

Deep Tide Introduction: The decentralized identity project Humanity Protocol suffered a severe security incident today, with the foundation member's private key leak leading to over 17 associated wallets being drained, resulting in losses exceeding $31 million.

The attacker also minted 100 million $H on the BNB Chain and continued to sell off, causing the token price to crash from about $0.73 to around $0.05. On-chain investigator ZachXBT publicly questioned whether the event "could be staged," while the community pointed fingers at founder Terence Kwok's previous history of burning through $170 million of investor funds.

The $H token of Humanity Protocol experienced a catastrophic plunge in price over the past 12 hours.

According to reports from The Block and several media outlets, at around 12:00 AM (UTC) on June 9, 2026, on-chain analyst Specter was the first to discover that wallets associated with Humanity Protocol were being systematically drained. Founder Terence Kwok subsequently confirmed on platform X: a Humanity Foundation member's private key had been leaked, allowing the attacker to control multiple foundation-associated wallets.

As of the time of publication, CoinGecko data shows that $H has dropped approximately 89% over 24 hours, crashing from around $0.73 before the incident to approximately $0.13, hitting a low of $0.05 during the session. The fully diluted valuation of the project plummeted from around $7.3 billion to approximately $1.2 billion.

17 wallets drained, attacker minted 100 million tokens on BSC

On-chain data shows that the attacker stole funds from at least 17 wallets holding $H tokens, with total losses quickly escalating from an initial $5 million to over $31 million. According to tracking data cited by DropsTab, about $23.7 million has been converted to ETH, while approximately $7.9 million remains held in $H.

More destructively, the attacker operated on the BNB Chain. Security agency Blockaid detected that the attacker obtained proxy admin rights for the $H token on BSC, minting a total of 100,000,005 $H from a null address between UTC 02:02 and 02:09, valued at approximately $11.4 million at minting price. These newly minted tokens were immediately sold off through DEX platforms like PancakeSwap and Kyber Network for BNB, further intensifying selling pressure.

According to Cointelegraph, Arkham Intelligence has flagged the relevant addresses as "Humanity Protocol Exploiter," and on-chain tracking is ongoing. Humanity officials have requested all users to pause interactions with cross-chain bridges and liquidity pools, advising revocation of authorization for the Humanity Protocol contracts.

ZachXBT publicly questions: "The event may have been staged"

The officials have characterized the incident as "private key leak," but this statement is facing public challenge from on-chain investigators.

Renowned on-chain detective ZachXBT posted after the incident revealed, "It looks like the event may have been staged, I don't buy the team's explanation." He pointed out three suspicious factors: the sale of $H occurred through DEX rather than CEX, which does not align with typical hacker attack fund transfer patterns; additionally, three core team members have previous records of lawsuits, financial fraud, or mismanagement.

Independent analyst Elton’s on-chain analysis provided more specific technical clues: the attacker’s wallet had received fund injections weeks before the incident, minting permissions were already "warmed up," and there were signs of coordinated sell-offs across two chains. Elton believes these patterns "align with an insider or an external attacker possessing a leaked private key."

However, the aforementioned doubts remain speculative, and no conclusive evidence has been provided to prove it was an internal operation. The official after-action report from the Humanity team has yet to be released.

Timing question: Institutions just hoarded tokens, unlock approaching, "hacker" arrives precisely

The focus of community skepticism lies in the timing window of the incident.

According to on-chain analyst Ai Yi (@ai_9684xtpa), just four days before the incident (June 5), an address associated with digital asset custodian Hex Trust purchased 72.23 million $H within four hours, valued at about $42 million, accounting for 2.55% of the circulation. This purchase followed the Humanity Foundation’s adjustment of the token unlock plan in April: the plan allows early investors to choose to receive tokens at a 70% discount in a lump sum, set for June 26.

After the incident, Ai Yi commented that the Hex Trust-related entity had just massively hoarded tokens, with an imminent unlock, while the project side was still repurchasing tokens off-market, resulting in today's direct hacker attack, with $H on-chain price nearing zero.

According to CryptoRank data, the token unlock scale for $H originally scheduled for June was approximately $72.4 million, making it the second-largest unlocking event for the month.

These coincidences do not directly lead to conclusions, but they sufficiently explain why community trust has been severely undermined.

Founder's dark history: Tink Labs raised $170 million before bankruptcy liquidation

The trust crisis in Humanity Protocol did not begin today.

According to KuCoin news citing Odaily Planet Daily, founder Terence Kwok founded the Hong Kong smartphone rental company Tink Labs at age 20, raising approximately $170 million to $200 million from institutions like Foxconn, SoftBank, and Innovation Works, reaching a valuation of $1.5 billion at one point, becoming Hong Kong's first unicorn.

However, since 2017, the company continued to make losses, and in July 2019, over 100 employees in Europe did not receive salaries; on August 1, the company officially closed, entering bankruptcy liquidation in January 2020. According to the Financial Times, a former HR director claimed Kwok only cared about "making money," and the entire $170 million of investor funds "evaporated."

Six years later, Kwok returned to the market with Humanity Protocol, once again obtaining a unicorn valuation (approximately $1.1 billion) through the narrative of "decentralized identity" based on fingerprint recognition and zero-knowledge proof.

Investigations cited by HTX Insights also mentioned that foundation leader Mario Nawfal had previously been accused of wage arrears, improper financing, and coercion of whistleblowers. ZachXBT pointed out that three of the four core team leaders have historical controversies.

The team is incubating a new project "Everything," increasing community concerns

According to public reports, the core team of Humanity is already involved in a new project called "Everything."

Everything completed a $6.9 million seed round financing on January 26, with Humanity Investments (the venture capital arm of Humanity) as the lead investor, and participants including Animoca Brands, Hex Trust, WallStreetBets founder Jamie Rogozinski, and Three Point Capital.

This information was dug up again by the community after the $H plummet. Reports indicate that the community suspects the so-called "hacker attack" may be a way for the team to intentionally abandon the old project and redirect resources towards the new project. This speculation lacks on-chain evidence support, but the fact that Humanity Investments directly led the Everything investment objectively deepens the perception of conflict of interest.

Carelessness in private key management, or deliberate?

According to CoinDesk, this incident aligns with the primary pattern of security incidents in the crypto industry in 2026: the largest losses stem from stolen private keys, rather than flawed smart contract code. According to CCN data, in the first four months of 2026, DeFi hacker attacks have exceeded $1 billion in losses, with most stolen funds still unrecovered.

A project centered on "decentralized identity verification" suffering a devastating blow due to a single private key leak is ironically evident. Blockaid confirmed that this attack did not involve smart contract vulnerabilities or protocol-level security flaws; it was purely a failure of key management.

As of the time of publication, Binance perpetual contract quotes for $H/USDT are around $0.068 (down approximately 91%), while Bybit spot trades at about $0.15, with severe price dislocation between different exchanges. The 24-hour aggregated transaction volume is approximately $599 million, about 2.7 times the circulating market capitalization, driven by event-induced forced repricing rather than normal turnover.

The situation is still developing. The attacker’s address still holds some $H, and the treatment of the newly minted tokens on BSC remains unclear. Before these critical issues are addressed, there is no clarity regarding the treatment of newly minted tokens on BSC.

However, further on-chain data indicates that the operations of the private key leak address are difficult to explain as mere carelessness. On-chain analyst Yujin noted:

Besides the 100 million $H newly minted by the hacker, the 200 million $H sold in the earlier hours was actually aggregated from nearly 300 wallets that unlocked tokens two weeks ago and wallets that received tokens 11 months ago; and these wallets had also withdrawn gas from Gate and Bybit three weeks ago.

No official after-action report from Humanity Protocol has yet been released. Until verifiable answers on the issue are presented on-chain, any classification of "hacker attack" is premature.