$H Incident Summary
Contents
Investigation
Summary
INVESTIGATION SUMMARY
Compromise of the Humanity Protocol $H token, 8 June 2026
Date: 11 June 2026
Prepared for: Humanity Protocol
Prepared by: Quantstamp, Inc. â Incident Response
Re: Compromise of the Humanity Protocol $H token, 8 June 2026 (Ethereum and BSC)
Status: May be updated as the investigation continues.
1. Engagement
Humanity Protocol engaged Quantstamp on 8 June 2026 after the $H token was minted and sold without authorization on Ethereum and BNB Smart Chain (BSC). We reconstructed the on-chain activity and examined the two devices belonging to Mr Chong Yee Wai, a director of the issuer, whose keys the attacker stole and used. This is our summary of findings to date.
2. What happened on-chain
The attacker ran a coordinated operation across both chains on 8 June 2026. Everything below is on-chain and verifiable by transaction hash.
â Ethereum: using Mr Chong's stolen account key (0xe943dbD064Ec283bDc95c39FaEE6184E9D26d026), the attacker replaced the implementation of a Hyperlane warp-route proxy and moved about 141.18 …
Summary
INVESTIGATION SUMMARY
Compromise of the Humanity Protocol $H token, 8 June 2026
Date: 11 June 2026
Prepared for: Humanity Protocol
Prepared by: Quantstamp, Inc. â Incident Response
Re: Compromise of the Humanity Protocol $H token, 8 June 2026 (Ethereum and BSC)
Status: May be updated as the investigation continues.
1. Engagement
Humanity Protocol engaged Quantstamp on 8 June 2026 after the $H token was minted and sold without authorization on Ethereum and BNB Smart Chain (BSC). We reconstructed the on-chain activity and examined the two devices belonging to Mr Chong Yee Wai, a director of the issuer, whose keys the attacker stole and used. This is our summary of findings to date.
2. What happened on-chain
The attacker ran a coordinated operation across both chains on 8 June 2026. Everything below is on-chain and verifiable by transaction hash.
â Ethereum: using Mr Chong's stolen account key (0xe943dbD064Ec283bDc95c39FaEE6184E9D26d026), the attacker replaced the implementation of a Hyperlane warp-route proxy and moved about 141.18 …
IoC
e943dbD064Ec283bDc95c39FaEE6184E9D26d026
d1ea823d421e0c829ee11f772af487fd352678ea
6Aa22CB8420E94Fc2119364b4c7885710aE753bB
b5cb1f2e0e246fcdde9ddaa7f36037341948158f4c4a0c3ec6fea121cbf0194b
d73cd1117646625ffe23a55860035ac62fa8720d
d1ea823d421e0c829ee11f772af487fd352678ea
6Aa22CB8420E94Fc2119364b4c7885710aE753bB
b5cb1f2e0e246fcdde9ddaa7f36037341948158f4c4a0c3ec6fea121cbf0194b
d73cd1117646625ffe23a55860035ac62fa8720d