Humanity Protocol, a decentralized identity project that uses palm scans to try to prove that users are human, has suffered a $36 million loss after attackers compromised a laptop belonging to an employee. After the laptop was infected with malware, the malicious code gained root access, then stole seven private keys that were reportedly accidentally stored in a backup. Several of the keys were sufficient to satisfy multisignature requirements, which are intended to prevent private key leaks from allowing attackers to gain control over sensitive infrastructure like bridges. With multisignature wallets, keys are supposed to be stored separately across multiple individuals and devices; however, in this case, attackers only needed to compromise one laptop to gain control over multisig-protected contracts.With the keys, the attacker stole more than 6 million of Humanity's H token, then used other keys to upgrade a bridge and drain 141 million more tokens. With the bridge access, they also minted 300 million new H tokens. The attacker then quickly swapped the ill-gotten tokens for ETH, causing the H price to plummet by 80–90%.
Humanity Protocol markets itself as a competitor to Sam Altman's World (formerly Worldcoin), a decentralized identity project that aims to use iris scans to prove that users are unique humans. Humanity raised $20 million in 2025 from Pantera Capital and Jump Crypto.
