Humanity Protocol Hack Analysis: Exploiter Wallet Flagged on Behavior Alone

On June 8, 2026, attackers drained roughly 36 million US dollars from Humanity Protocol, a project whose H token had launched only weeks earlier. The exploit did not depend on a clever smart-contract bug. It depended on a single laptop. According to the project's own post-mortem, a developer received a phishing email impersonating South Korean exchange Bithumb, opened a malicious attachment, and installed remote access malware. That one infection exposed seven private keys stored on the same machine, including three of six Gnosis Safe owner keys controlling the Hyperlane warp-route ProxyAdmin contract on Ethereum.

With three of the six required signers compromised, the attacker upgraded the bridge proxy to a malicious implementation and drained roughly 141.18 million H tokens to a single destination wallet in one transaction. The token collapsed roughly 85 percent in the hours that followed. Additional attacker-controlled addresses operated in parallel on BNB Chain, which is outside the scope of this analysis.

This case study is not another incident recap. It takes the primary Ethereum destination wallet that Humanity Protocol itself publicly identified on its incident transparency tracker, runs it through CredScore with no special configuration, and publishes the result. The engine had no sanctions match and no entity attribution for the address. To CredScore, it was a brand new anonymous string of hex.

Every screenshot below is unedited output from a production CredScore analysis. The scoring logic is deterministic. No machine learning. Every flag has a written rationale, and every score traces back to an observable on-chain signal. The full verdict is also live at credscore.us/v/mkGlm0ukGms.

The wallet

Humanity Protocol's official incident transparency tracker identifies the destination wallet as the address that received the 141.18M H tokens from the malicious bridge implementation. That address, and the engine's observed snapshot at analysis time:

The shape matters. The wallet was created on June 8, the day of the exploit. Within 3.3 days it ran 250 transfers at an average velocity of 75 transactions per day. Inbound was dominated by a single source supplying more than 99 percent of inbound ETH value. Outbound was 133 rapid events distributing the proceeds across 51 unique counterparties, primarily moving H tokens to DEX pool contracts and intermediary addresses. The engine recorded 19 instances of repeated amount-band recirculation, the signal that captures mechanical reuse of fixed-size transfers across a narrow routing set.

The verdict

The verdict on this wallet was High Risk, a score of 36 out of 100, an Escalate decision posture, at 74 percent confidence. There was no list lookup or attribution match that produced this. The engine reached it from the observable behavior of the wallet itself.

The 74 percent confidence number matters more than the score number. CredScore reports confidence as a separate axis from risk: a high-confidence Escalate is a verdict the engine is willing to defend in a written briefing because the signal coverage is strong enough to stand on its own. Most verdicts produced on opaque addresses land at moderate confidence (50-65 percent). A high-confidence read on a wallet this young is unusual and is itself a signal worth attention.

The primary risk drivers

Three drivers carry the verdict. High activity with limited history captures the basic shape: 250 transfers on a wallet that has only existed for eight days, with a transaction velocity of 75 per day, is operating at a tempo that does not match any normal usage profile for a fresh address. High inbound value concentration reflects the single source that supplied more than 99 percent of inbound ETH value, exactly the shape produced by the malicious bridge proxy upgrade draining tokens in one transaction. Repeated amount-band recirculation captures the 19 instances of mechanical same-size routing, with a 32 percent funding-dependency concentration, the engine seeing the outflow phase as systematic distribution rather than organic activity.

Above the individual flags, the engine fires a specific compound signal labeled new wallet rapid flow; pump signature. This is a named pattern in the engine, not a generic escalation. The combination of a newly created wallet plus rapid concentrated inflow plus rapid distribution outflow matches a small set of behavioral templates the engine recognizes by name. The pump-signature label refers to the rapid distribution pattern, not to an attribution claim about the underlying activity. The engine sees the shape and applies the label to the shape, nothing more.

The signal breakdown

The signal breakdown is where the verdict becomes defensible. Each individual signal that moved the score is shown with its numeric contribution and a written rationale. Wallet age subtracts 7 points because an 8-day-old wallet has no history depth to trust. Rapid outflow activity subtracts another 7 points across 133 events. Transaction velocity at 75 per day subtracts 6 points. Attributed interaction ratio at 100 percent low-confidence labels subtracts 6 points, the engine treating opaque attribution as opacity rather than as trust credit. The structural fan-out distribution flag subtracts 4 points more. Each contribution is independent, written down, and reproducible. Run the wallet again tomorrow and you get the same arithmetic.

Observed entity context

The entity context is worth pausing on, because it reinforces why behavioral scoring exists at all. The only labels the engine observed on this wallet were mainstream infrastructure: metamask, tether, Metamask Swaps, USDT Token, Uniswap V3 Positions NFT. There is no sanctions designation, no mixer tag, no DPRK cluster, no flagged exchange. A pure list-based or entity-attribution screen looks at this panel and clears the wallet. The CredScore engine escalates it anyway, because the shape of activity does not depend on what the wallet is labeled, only on what it is doing.

The written briefing

The briefing is the part a compliance analyst actually reads when they open a case. It is assembled deterministically from the signal output, so every sentence is tied to a real value in the analysis. For an internal review or an external audit, the written justification has to match the numeric evidence exactly, not paraphrase it. A language-model-generated briefing can sound right while drifting from the underlying numbers. A deterministic one cannot.

Why this matters for compliance

Sanctions lists, mixer flags, and entity attribution databases are lagging indicators. They get populated after investigators, victims, or governments do the work of proving a wallet is dirty. In the gap between when stolen funds start moving and when an address finally lands on a list, a screening tool that only checks lists is blind. That gap is exactly where a compliance desk is most exposed: post-incident, the funds are already in motion, and the address is still clean by every list lookup.

The Humanity Protocol exploiter wallet illustrates the gap concretely. As of analysis time the address had no sanctions designation, no Tornado Cash exposure, no mixer interactions, no entity label, and no attribution to any known cluster. Every list-based check came back empty. CredScore still escalated the wallet, because the behavior was visible on-chain from the moment the malicious bridge transfer landed. The engine did not need to know who the attacker was. It only needed to read what the wallet was doing.

For a working compliance desk, the value is simple: an address does not have to be on a list to be dangerous, and the engine will tell you to stop and look before any list catches up.

What this study does not claim

An honest case study has to draw its own boundaries. Four things this analysis is explicitly not.

This is retrospective, not a discovery. The destination wallet was already public when CredScore analyzed it. Humanity Protocol identified it on its own incident transparency tracker, and Arkham Intelligence labeled it as the Humanity Protocol Exploiter entity. CredScore did not catch the hack first and did not identify the attacker. The claim is narrower: the engine independently reaches the Escalate verdict with none of the attribution that was later established.

The engine does not resolve intent. On-chain investigator ZachXBT has publicly questioned whether the incident was staged, a possibility the Humanity team has denied. CredScore sees attacker-shaped behavior. The same shape is consistent with a real external attack or with an inside actor producing the appearance of one. The engine cannot resolve that question and does not try to. What it can say is that the wallet's behavior is adversarial in shape, which is decision support, not an attribution.

The Ethereum side is the only side analyzed. The attacker also operated on BNB Chain, where additional H tokens were minted and drained from the proxy admin contract. CredScore currently covers five EVM chains (Ethereum, Base, Arbitrum, Optimism, Polygon) and does not analyze BNB Chain. The verdict here is the read on the Ethereum destination wallet only.

The verdict is decision support, not a legal conclusion. The pump-signature pattern is a review trigger, not proof of wrongdoing. The same shape can describe a token-launch operator distributing supply across a small set of pools, which is precisely why the engine says escalate and investigate, not guilty. In this case the wallet was independently confirmed by Humanity Protocol to hold the proceeds of an exploit, which is what makes it useful as ground-truth.

What this case study proves

A wallet eight days old, publicly confirmed by the victim protocol as the destination of $36M in stolen funds, with no sanctions designation and no entity attribution. CredScore assigned it High Risk, score 36, Escalate at 74 percent confidence, on observable behavior alone, with a written briefing and a signal-by-signal breakdown, produced in seconds, with no machine learning anywhere in the pipeline.

Enterprise blockchain analytics tools can reach comparable conclusions on this wallet, but behind a large annual contract and a multi-week procurement process. If you want a feature-by-feature comparison, see CredScore vs Chainalysis, CredScore vs TRM Labs, and CredScore vs Elliptic.

Run a wallet you already know

The best way to judge CredScore is not to read a case study. It is to paste in an address whose risk profile you already know and see whether the engine agrees with you. If you work in this field, you have a list of wallets where you know the right answer. Run a few and find out.

Frequently asked questions

Sources and further reading

• Humanity Protocol official incident transparency tracker at transparency.humanity.org
• Humanity Protocol incident summary and post-mortem at humanity.org/hincidentupdate
• CoinDesk reporting: Humanity Protocol $36M exploit and developer-laptop key compromise (June 9, 2026)
• The Block reporting on the Humanity Protocol exploit and on-chain analysis (June 2026)
• The Defiant reporting on the seven-key exfiltration and bridge proxy upgrade (June 2026)
• CryptoTimes reporting on the phishing email vector and DPRK link allegations (June 13, 2026)
• ZachXBT public commentary on the staged-incident question
• CredScore engine documentation at /docs