Humanity Protocol’s H crash exposes the private keys behind its ZK identity pitch
Humanity Protocol’s H token crash stemmed from an operational key compromise, not a confirmed biometric-data breach. The project markets a privacy-preserving identity stack using palm biometrics, zero-knowledge proofs, decentralized identifiers, and verifiable credentials, but the incident exposed the brittle trust layer underneath: employee devices, private keys, bridge admin controls, liquidity, and exchange response. A compromised employee laptop allegedly exposed Gnosis Safe owner keys tied to a Hyperlane bridge ProxyAdmin. Humanity said the June 8 attack affected Ethereum and BNB Smart Chain, led to about $36 million stolen and sold, and involved roughly 141.2 million H moved on Ethereum plus 200 million H minted on BNB Smart Chain. The token fell about 76% in 24 hours. The main risk now is whether bridge, mint, and admin permissions have been fully rotated, audited, and contained. The incident shows that zero-knowledge privacy can still coexist with weak operational custody.
