Three of six Gnosis Safe owner keys controlling the Hyperlane bridge ProxyAdmin sat on one machine. When the laptop was breached, the attacker drained 141 million H on Ethereum and minted 200 million more on BSC — and the H token fell 89 per cent.
Humanity Protocol confirmed on Tuesday that a single compromised employee laptop is the reason its bridge admin keys are now in an attacker's wallet and roughly $36 million of H tokens are gone. The breach unfolded across Ethereum and BNB Chain on the night of June 8, drained 141.2 million H from the protocol's Hyperlane bridge in a single Ethereum transaction, and ended with the attacker minting another 200,000,005 H on BSC out of thin air. By Tuesday morning the token had collapsed from a Monday high of $0.7313 to $0.0796 — an 89 per cent drop in under twenty-four hours.
Founder Terence Kwok posted the initial advisory on X within hours, telling holders not to interact with the bridge or any of the protocol's liquidity pools until further notice. The full incident report came later. Three of six Gnosis Safe owner keys tied to the Hyperlane bridge ProxyAdmin on Ethereum had been compromised; on BSC, three of five owner keys were taken the same way. That is precisely the multisig threshold in both cases — meaning the attacker had exactly enough to seize ownership, swap the bridge contract for a malicious implementation, and move the funds before anyone in the foundation noticed the keys were no longer theirs.
The cause is the part that should worry every other protocol still running a Safe with informal key custody. Humanity's own post-mortem says "some of the keys were accidentally backed up to a compromised device during setup." A multisig with a 3-of-6 threshold only delivers its security guarantee if the six keys are held on six separate, properly isolated machines. Put three of them on one laptop and the threshold collapses to whatever the weakest endpoint is. In this case that endpoint was a single employee device with enough material on it to clear both chains.
The on-chain mechanics tell the same story twice. On Ethereum, the attacker used the captured signatures to transfer ownership of the bridge ProxyAdmin contract, upgrade the underlying logic to a malicious implementation, and drain 141.2 million H tokens in one transaction. On BSC, the same playbook produced an upgraded token contract with an unrestricted mint function, which the attacker then used to mint 200 million new H across two transactions. Together with the roughly 6 million H lifted from a separate hot wallet, the totals come out to about 447 million tokens compromised. The dollar figure cited by Humanity is north of $36 million; The Block and Cointelegraph have both reported the loss as $32 million based on prices at the moment the tokens hit exchanges. The discrepancy comes down to whether you mark to Monday's price or Tuesday's.
Humanity halted deposits and withdrawals to the affected bridges, said it is working with exchanges to freeze and trace the stolen H, and confirmed law enforcement involvement. Kwok wrote that the foundation is "deeply sorry" and would keep the community updated; the apology will not console anyone who bought H above seventy cents on Monday and watched the chart go vertical the wrong way on Tuesday.
The bigger problem for Humanity is that this is the second project in a month to lose admin control through a single point of failure. Echo Protocol on Monad lost an admin key three weeks ago and an attacker minted 1,000 eBTC worth $76.7 million before liquidity constraints capped the actual take at $821,700. THORChain was drained for $10.7 million on May 15 through a GG20 TSS exploit, and Verus's bridge went for $11.58 million the same week using the same class of vulnerability. The Humanity incident is bigger by an order of magnitude and the root cause is more embarrassing — not a novel cryptographic attack but operational sloppiness around where keys live.
The longer-term question is whether the Humanity Foundation can recover the token economy at all. The 200 million minted on BSC are effectively counterfeit; whether the team can credibly distinguish them from legitimate supply, freeze them at exchanges, or socially coordinate a chain split will determine how much of the 89 per cent drop is permanent. The bridge can be redeployed. The trust cannot be redeployed by press release.
What this means for everyone else running a bridge with Safe multisigs is straightforward, and Humanity has done the industry the unintentional service of demonstrating it in production. If three of your six keys can be obtained from one device, your threshold is one, not three. Hardware separation is the security model. Anything less and you are publishing your private keys with extra steps.
