Humanity says compromised laptop led to $36M bridge attack
Humanity Protocol said a laptop compromise let attackers seize bridge administration on Ethereum and BNB Chain by taking three of six Gnosis Safe owner keys. The attackers then upgraded bridge contracts to malicious versions, draining about 141.2 million H tokens on Ethereum and minting 200 million H tokens on BNB Chain after adding unlimited-mint functionality. Founder Terence Kwok said multisig keys were spread across four individuals and may have been backed up on a compromised device during setup. The project halted bridge deposits and withdrawals, is working with exchanges, and is investigating recovery options. H token fell more than 85% after the disclosure. Security analysts said the onchain pattern could indicate either a real key compromise or a coordinated, staged event, since some wallets were funded weeks in advance and activity occurred across both chains at once.
