On the evening of June 8, 2026, the cross-chain bridge built around the H token by Humanity/Humility simultaneously fell on Ethereum and BSC/BNB Chain: the attacker first gained access through an employee's laptop, obtaining the private key of the Gnosis Safe multi-signature owners used to control the Hyperlane bridge ProxyAdmin. By controlling 3 of the 6 multi-signature keys on the Ethereum side, they exceeded the threshold and directly took over the actual control over the bridge on both chains. Subsequently, assets related to the H token were transferred and sold off. According to the project team and multiple media reports, a total of about $36 million across the two chains was completely looted. This event has been officially classified as "privilege abuse due to private key leakage" rather than a vulnerability in the contract code. In a system that prides itself on being "trustless," the fate of the funds ultimately rested on a compromised personal computer, forcing the crypto market in 2026 to confront an old issue once again: as long as key private keys remain concentrated in the hands of a few, a single management failure can trigger losses and a trust crisis equivalent to any contract black hole.
Loss of Private Key: Employee Computer as the Attack Entry Point
In a subsequent announcement, the Humanity team provided a straightforward explanation: an employee's laptop was compromised, marking the starting point of the entire attack. More fatal was that what was stored or accessible on this terminal was not an ordinary wallet's private key but the Gnosis Safe multi-signature owners' private key used to control the Hyperlane cross-chain bridge ProxyAdmin. The Gnosis Safe on the Ethereum side was originally set up with 6 owner keys, which required a certain threshold to execute critical operations by design. However, the attacker obtained and successfully utilized 3 of these keys through this computer, directly meeting the multi-signature threshold and gaining effective control over the ProxyAdmin.
Once in possession of these 3 owner private keys, the attacker could not only command the critical modules of the Hyperlane bridge on the Ethereum side but could also extend their control to the bridging contracts related to the H token on BSC/BNB Chain using the same permission structure. On the surface, this still appeared to be a "6-person co-managed" multi-signature structure; however, upon tracing back the results, at least half of the effective weight of these 6 keys was practically "concentrated" in a single device or a terminal within the same security domain, allowing a single point compromise to bypass the multi-signature threshold. This revealed not a flaw in the multi-signature contract itself but the weaknesses in permission management and operational procedures: multiple high-sensitivity private keys were overly concentrated, isolation strategies were virtually non-existent, and multi-signatures were treated as mere "paper security" for reassurance, leaving real single-point risks unaddressed.
Cross-Chain Coordinated Attack Between Ethereum and BNB Chain
Once the multi-signature threshold was crossed, the cross-chain bridge originally intended to "bridge assets" between Ethereum and BNB Chain was quickly misused as a channel for simultaneous crimes. After gaining access to the Gnosis Safe multi-signature owner private keys, the attacker first acquired actual control over the Hyperlane bridge ProxyAdmin on both chains and then began to rewrite the power dynamics between the cross-chain bridge and the H token. According to publicly available information, they adjusted the bridge contract configurations and permissions related to the H token using ProxyAdmin, effectively directing the balance management, mint, and transfer rights that were originally supposed to be controlled by the protocol towards addresses under their control, thereby acquiring the ability to manipulate H token assets simultaneously on both Ethereum and BNB Chain.
With control in hand, the attack path was clear and direct: one side transferred large quantities of H tokens out from the bridge contract or associated addresses, while the other side utilized the acquired permissions to continue creating sellable chips, subsequently dumping them on the secondary markets of both chains. Preliminary statistics disclosed by the project team indicated that approximately $36 million in assets related to the Humanity/Humility protocol associated Hyperlane bridge were transferred and sold off on Ethereum and BNB Chain. Public documents also mentioned that after completing operations related to the H token, the attacker further exchanged the proceeds for other crypto assets and transferred them out. What the opponent truly exploited was not a technical flaw of a specific chain but the structure of the cross-chain bridge acting as a single control point across multiple chains: once the ProxyAdmin central was compromised, the single point failure could be exponentially amplified in a multi-chain environment, rapidly evolving into systemic losses of tens of millions of dollars. This incident laid bare the structural risks of "single point control and multi-chain amplification."
The Official Narrative Blames a Laptop Incident, but the Community is Skeptical
After the incident was exposed, Humanity’s version was succinct: an employee's laptop was compromised, and the Gnosis Safe multi-signature owner private keys stored within were stolen, allowing the attackers to gain control over the Hyperlane bridge ProxyAdmin on Ethereum and BSC/BNB Chain, enabling them to operate on H token-related assets and cash out. The official stance emphasized that this was a "private key incident" stemming from the loss of a single device, and they have since suspended deposits and withdrawals on the affected cross-chain bridge, collaborating with law enforcement to track down the approximately $36 million in stolen funds, promising a comprehensive technical review and accountability clarification when conditions permit.
However, this narrative of "blaming a laptop" quickly faced scrutiny in the on-chain world. On social media, on-chain analyst ZachXBT questioned: in a multi-signature structure based on 6 owner keys, why could the attacker obtain 3 keys that satisfied the threshold by compromising just one device, thus gaining cross-chain management over multi-signature and minting-related permissions? The community's discussions escalated, raising concerns about whether the multi-signature design was too centralized, if internal security management was imbalanced, and extending to speculation of "internal governance flaws" or even "self-directed drama." However, as of June 9, none of these more radical accusations were corroborated by any on-chain evidence or authoritative investigations; they resembled an emotional amplification in a trust crisis, where the only fact substantiated by on-chain events was a highly centralized permission system being dragged into disaster by a few compromised private keys.
In 2026, Why is Private Key Security Still a Major Challenge?
Placing Humanity within a broader timeline of DeFi and cross-chain incidents reveals that it is not a novel contract hack but rather a familiar script replay: the authorities have already classified this attack as stemming from private key leakage rather than code vulnerabilities, essentially reiterating that "if the keys are lost, the door is locked in vain." Although there are 6 owners in the Gnosis Safe on the Ethereum side, the attacker only needed to obtain 3 private keys to meet the threshold, directly taking over the ProxyAdmin of the Hyperlane bridge and having full license over H token-related assets on Ethereum and BSC/BNB Chain. In past DeFi and cross-chain incidents, the same path has been followed: critical permissions are highly concentrated in a few multi-signature addresses, and if locks are centralized while keys are not sufficiently dispersed, breaching a few private keys equates to controlling the entire bridge.
This is also why the mantra "using multi-signature is secure" has been repeatedly discredited by reality. Tools like Gnosis Safe can mitigate single point failure risks but cannot shield against the vulnerabilities of the most fragile segments—people and devices: this attack originated from an employee’s laptop being compromised. The project team claimed that this led to the loss of the multi-signature and ProxyAdmin, and even if this detail has been publicly questioned by on-chain analysts, what is definitively known is that as long as the threshold is reached, multi-signature is no longer "multiple." For ordinary users and institutions, this implies that assessing a protocol should not only focus on TVL and yields, but also on who holds the private keys, whether the permission design is overly concentrated, and whether the upgrade and suspension rights are controlled by a few addresses. In events like Humanity's, the fate of $36 million ultimately lies not with any single chain but with the age-old and challenging issue of private key governance.
Private Key Warnings After the Humanity Incident
The Humanity incident exposed a seemingly "old chestnut" risk to the extreme: an employee laptop, a few multi-signature owner private keys, when interconnected with the cross-chain bridge and ProxyAdmin permissions, amplified into the reality of over $36 million worth of assets being instantaneously transformed across Ethereum and BNB Chain. For Humanity itself, the impact has gone beyond digital losses to a erosion of the project's narrative and governance credibility—once users realize that "multi-signature is merely a single point risk wrapped up with a few private keys," future considerations such as asset migration willingness, partner review thresholds, and potential regulatory inquiries will accumulate around this layer of permission failure. According to public information, following the incident, the affected Hyperlane H token's cross-chain bridge deposits and withdrawals have been suspended to prevent risk spread, and the project team indicated that they will release a complete review of the event and attempt to recover funds through judicial and cooperative institutions. However, as of June 9, 2026, no public announcements regarding large-scale successful recovery of stolen assets have been made. Moving forward, what warrants close attention is not just "how much money can be recovered," but how Humanity will reorganize the permissions and multi-signature structure of the cross-chain bridge and token contracts—whether it will reduce the importance of a single device, raise the signature threshold, introduce more independent participants, and whether these mechanisms will be transparently incorporated into governance rules and external disclosures. Meanwhile, the incident has already heightened discussions within the industry on multi-signature thresholds, private key custody methods, and the decentralization of cross-chain bridge permissions. Whether Humanity can provide a sufficiently rigorous answer in the complete review, permission reconstruction, and fund tracking will determine whether this $36 million incident is ultimately remembered as an isolated accident or a turning point that changes industry private key governance rules.
Join our community to discuss and become stronger together!
AiCoin's exclusive Hyperliquid benefits: https://app.hyperliquid.xyz/join/AICOIN88
AiCoin's exclusive Aster benefits: https://www.asterdex.com/zh-CN/referral/9C50e2
On-chain Telegram community: https://t.me/AiCoinWhaleData
On-chain community: https://www.aicoin.com/link/chat?cid=N6OVMor5g
AiCoin on-chain Twitter: https://x.com/aicoinwhaledata
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
