Humanity: Developing Fund Recovery or Compensation Plan, and Token Contract Upgrade Plan

BlockBeats News, June 9th, Humanity released an update on the attack incident, stating that this was not a smart contract exploit. There was no vulnerability in the bridge, token itself, or the Safe system. Every action taken by the attacker—including transfers, Safe transactions, and proxy contract upgrades—was authorized through legitimate private keys.

The reason behind this attack was solely key leakage, stemming from an insecure key management practice: the key used for production environment signatures was backed up on a general-purpose development machine without the use of isolated hardware protection. This was a human and operational security oversight.

Currently, Humanity is still investigating how the breach occurred and the specific timeline of the attacker's access. We have engaged external security experts to forensically examine the compromised devices. As the investigation progresses, Humanity will provide the community with further updates. Additionally, Humanity is working on a fund recovery or compensation plan for affected users, actively developing a token contract upgrade plan that will be promptly disclosed once the details are finalized.