Humanity's $36 million exploit happened because a 'multisig' lived on one laptop
Humanity Protocol said attackers stole over $36 million in H tokens after compromising an employee laptop that held bridge keys. The bridges used multisig wallets, but several keys were effectively stored on one device, letting the attacker meet approval thresholds on both Ethereum and BNB Chain. On Ethereum, the attacker got 3 of 6 keys, took over the bridge admin account, replaced the code with a malicious version, and drained about 141 million H. On BNB Chain, the attacker got 3 of 5 keys, installed unlimited-mint code, and created about 200 million H. The project halted bridge deposits and withdrawals, is working with exchanges and police, and removed its team page. H briefly fell to about 5 cents, then recovered to around 20 cents, still below its pre-breach level.
