What happened to Humanity Project’s H token (CRYPTO:H)?

Humanity Project reported a cross-chain attack on its H token after an attacker stole a private key through phishing. The attack affected both Ethereum (CRYPTO:ETH) and BNB Chain, with about 141.18 million H tokens transferred from the Ethereum-side contract.

How did the Humanity Project H token attack happen?

The attacker allegedly sent a phishing email disguised as a Bithumb update notice to a Humanity Project board member. The victim opened a malicious attachment that installed a remote access trojan, giving the attacker control of the device and access to private keys.

How many H tokens were stolen in the Humanity Project attack?

The attacker transferred about 141.18 million H tokens from the Ethereum-side deployment. The attacker also gained control of the BSC-side ProxyAdmin contract and minted additional tokens, increasing the pressure on H token holders.

Why does the Humanity Project phishing attack matter for crypto investors?

The Humanity Project attack shows how one stolen private key can damage a token across multiple blockchain deployments. For crypto investors, it is a reminder that project security depends on both smart contracts and human operational safety.

Did the attacker dump Humanity Project’s H tokens on the market?

Yes, Humanity Project said the attacker sold stolen and newly minted tokens over roughly eight hours. The assets were dumped through Uniswap and PancakeSwap, disrupting liquidity and hurting H token holders.

Image for illustrative purposes only. Not a real photo.

Humanity Project freezes ETH contract after H scam

Written by Heidi Cuthbert Published Jun 14, 2026, 6:06 AM

Humanity Project has reported a major cross-chain attack on its H token after an attacker stole a private key through a targeted phishing campaign.

The project team said the incident took place on 8 June and affected deployments linked to both Ethereum and BNB Chain.

The attacker allegedly gained access to a board member’s device by sending a phishing email disguised as an update notice from crypto trading platform Bithumb.

The victim opened a malicious attachment that installed a remote access trojan and gave the attacker full control of the device.

The malware allowed the attacker to steal wallet data and private keys, which were then used to carry out on-chain transactions.

Humanity Project said the methods and tools used in the attack were similar to tactics previously linked to a North Korean hacking group.

The team said the attacker used the stolen key to upgrade the Ethereum-side H token contract.

The attacker then transferred about 141.18 million H tokens from the Ethereum deployment.

At the same time, the attacker took control of the BSC-side ProxyAdmin contract and minted additional tokens.

The stolen and newly minted tokens were gradually sold over roughly eight hours through decentralised exchanges.

Humanity Project said the attacker dumped the assets on Uniswap and PancakeSwap, causing liquidity disruption and losses for token holders.

The selling pressure added stress to the market for H token as the attacker converted the stolen assets into available liquidity.

The project team said it has frozen the Ethereum-side H contract through an unaffected multi-signature security mechanism.

The freeze was designed to stop further damage on the Ethereum deployment while the team works on recovery steps.

However, the BNB Chain-side deployment remains under the attacker’s control, creating the risk of further token minting.

Humanity Project said this unresolved BSC-side issue remains a key concern for users and market participants.

The team is now working with exchanges, partners and other stakeholders to prepare fixes and possible remedies.

The project also warned users to watch out for phishing links, fake updates and scam messages following the attack.

The incident highlights how social engineering remains a major threat to crypto projects even when on-chain systems include technical safeguards.

Humanity Project said the attack began with a human-targeted phishing attempt rather than a direct exploit of every contract component.

The breach shows how one compromised device can expose private keys and create serious risks across multiple blockchain deployments.

The team’s latest update suggested that recovery efforts are ongoing, but the BSC-side contract issue has not yet been fully resolved.

Users have been urged to avoid suspicious links and confirm all project updates through official Humanity Project channels.

At the time of reporting, Ethereum price was $1,677.82.