A devastating exploit struck the interoperability bridge between Ethereum and BNB Chain (ETH-BSC bridge). An attacker managed to compromise the protocol’s security, assuming the administrator role and minting hundreds of millions of the network’s tokens (identified as H tokens) out of thin air. Through an official statement, Humanity Protocol explained the technical details of the incident, which once again brings the vulnerability of multi-chain infrastructure to the forefront and sounds the alarm on centralization risks in upgradable smart contracts.
Anatomy of the Attack: The Keys to the Kingdom Compromised
On-chain data analysis and the report shared by Humanity Protocol reveal a critical situation. The ETH-BSC bridge (address 0x44F161ae) was left with a malicious implementation and an insignificant residual balance of just 6 H tokens. The real problem lies in the fact that the attacker took absolute control of the ProxyAdmin contract on Ethereum (via wallet 0xD1ea823D), allowing them to alter the bridge’s code at will.
The worst part of the attack unfolded on the BNB Smart Chain (BSC). The hacker took control of the BSC ProxyAdmin via address 0x6Aa22CB8. With this privileged access, they modified the token implementation on BSC and proceeded to carry out massive, unauthorized mints.
Millions of H Tokens in Circulation and Liquidation Risk
Up to the last report validated by the Humanity Protocol team, the total supply of the asset on BSC artificially inflated to reach 441,118,403 H tokens. The attacker executed three consecutive mints of 100 million units each (with the last one registered in transaction 0x813b340c…e746).
The blockchain ledger distributes the digital loot as follows:
Aggregation Wallet (0x9e995952): Holds approximately $21.74M in H tokens which, fortunately, have not yet been liquidated on the open market.
Attacker’s Wallet on BSC (0x6Aa22CB8): After the first two mints, the wallet accumulated 52 million units and 1,038 BNB. The final balance after the third massive mint (+100M) is pending on-chain verification due to the distribution flow.
The most concerning factor for the ecosystem is that, by maintaining control of the ProxyAdmin, the attacker possesses the technical capability to continue minting more assets at any time, destroying the token’s economic scarcity.
Historic Crash and Market Resilience
The financial impact of this attack was immediate and devastating for asset holders. On June 8, driven by panic and uncertainty, the token price plummeted 86% in a single session, wiping out millions of dollars in market capitalization within hours.
However, the outlook began to change drastically. Over the last few days, the token price has registered a significant recovery. This unexpected bullish rebound is the market’s direct response to the swift countermeasures and explanations issued by the protocol, restoring a temporary vote of confidence among investors looking to hunt for bargains amid the chaos.
The Silver Lining: Networks Safe and Damage Control
It is not all bad news for the Humanity Protocol community. Security mechanisms on other networks withstood the impact in an exemplary manner:
The token on the Ethereum network (0xcf5104D) remains completely safe. This was possible thanks to a clean upgrade executed via a 4-of-7 multisig wallet (Safe).
The official Arbitrum bridge (0x8620F893) also suffered no damage, safely securing close to 87 million H tokens.
Market Impact
In the short term, the latent selling pressure from the more than $21.74M held in the aggregation wallet represents a Sword of Damocles for the asset’s price. If the attacker finds enough liquidity on decentralized exchanges (DEXs) to dump the funds, the token’s value could suffer another setback. In the medium term, this ETH-BSC bridge hack reminds the investment community that security in decentralized finance (DeFi) still hangs by a thread: the proper management of admin keys. The team behind the protocol is already working on countermeasures to completely isolate the attacker’s wallets.
Disclaimer: This article is purely informative and does not constitute financial, investment, or legal advice. The crypto-asset market is highly volatile; conduct your own research before making investment decisions.
Communications Professional. Crypto Enthusiast. Economic Journalist. Bitcoiner & Altcoiner.
