On June 9, on-chain data revealed a sustained assault on wallets interacting with the digital identity initiative Humanity, resulting in the compromise of hundreds of addresses holding H tokens. The aggregate value of stolen assets surpassed $31 million, with approximately $9 million already converted into ETH and roughly $9.9 million remaining in H tokens. Terence Kwok, the project's founder, confirmed the breach stemmed from the leakage of a private key belonging to a foundation member. In response, he issued an urgent advisory for users to cease all interactions with the cross-chain bridge and liquidity pools pending further security protocols. Data compiled by Woofun AI indicates that the market reaction was immediate and severe, with the H token price collapsing from approximately $0.7 USDT to a low of $0.052 USDT, marking a 90% decline within a 24-hour window. By the time of reporting, the asset traded at $0.1368301 USDT, erasing its market capitalization from $2 billion down to roughly $35.7 million. By 11:00 on June 9, attackers had newly minted 100 million H tokens and were actively liquidating them for BNB.

Humanity Protocol, launched in 2024 as a decentralized digital identity network, utilized palmprint biometrics and zero-knowledge proofs to verify user authenticity without exposing personal data. Built on Polygon CDK (zkEVM), the platform aimed to mitigate witch attacks, fake accounts, and AI-generated identities. This technical proposition attracted substantial capital, securing $50 million across two financing rounds. The initial $30 million seed round, valuing the entity at $1 billion, was led by Kingsway Capital, Animoca Brands, Blockchain.com, and Shima Capital. A subsequent $20 million round in January 2025, led by Pantera Capital and Jump Crypto, raised the valuation to $1.1 billion. The Humanity Foundation included high-profile figures such as Yat Siu, chairman of Animoca Brands, alongside co-founders Mario Nawfal and Yeewai Chong. On June 25, 2025, H tokens were distributed via Fairdrop, marketed as the first Web3 token allocation exclusively for verified real people.

However, the project's legitimacy faced immediate scrutiny just two days post-launch. Reports surfaced regarding leaked conversations where Kwok admitted that only about 1 million of the 9 million Human IDs created had completed biometric verification, implying up to 88% of users might be bots. Woofun AI notes that community speculation intensified on platforms like X, with users suggesting the project was a 'domestic project with a foreign shell' due to code artifacts linking to a Shenzhen access control company. Critics argued that the project's social media popularity was artificially orchestrated, casting doubt on genuine user engagement.

Furthermore, investigations revealed that the identity verification services were outsourced to a Shanghai-based firm, raising significant privacy concerns regarding the collection of palmprint data. Within two days of the token launch, prices had already dropped over 61%, falling from $0.05 to $0.018 USDT before the recent security breach.

The founder's history added another layer of risk assessment to the current crisis. In 2012, Kwok dropped out of the University of Chicago at age 20 following a $900 roaming bill incident, subsequently founding Tink Labs. The company provided free smartphones, branded as Handy, in hotel rooms to reduce roaming costs, a concept that raised $170 million from investors including Foxconn, SoftBank, and Innovation Works, achieving a $1.5 billion valuation. At its peak, Handy devices operated in 82 countries across 600,000 hotel rooms.

However, declining global roaming costs and hotel reluctance to pay for devices led to financial losses by 2017. Reports indicated SoftBank cut funding after discovering potential fund misappropriation, leading to unpaid salaries for over 100 employees in European, Middle Eastern, and African offices by July 2019. Tink Labs officially closed on August 1, 2020, after filing for bankruptcy, with a former HR manager stating the entire $170 million investment was lost.

Six years later, Kwok returned with Humanity Protocol, once again securing unicorn status from major venture firms. The current attack did not involve smart contract vulnerabilities but represented a classic failure in security management through a private key leak. Woofun AI analysis suggests that in the 2026 crypto landscape, where DeFi hackers caused over $1 billion in losses in the first four months alone, such operational lapses are becoming increasingly critical. While attackers are shifting focus toward verifiers and governance systems, private key leaks remain devastating as they bypass on-chain security entirely. For a project already grappling with allegations of 88% bot users and a 90% token price collapse, the $31 million loss threatens to be the final blow to its credibility. As of press time, while Kwok stated the team is collaborating with security experts and exchange partners, no compensation plans were announced, nor was an explanation provided for the lack of multi-signature or hardware isolation measures for the compromised foundation key.