OverviewRoughly 141.2 million H tokens left Humanity Protocol's Ethereum contracts on June 8, 2026. Another 200 million were minted from nothing on BNB Smart Chain. Total damage across both chains: abOverviewRoughly 141.2 million H tokens left Humanity Protocol's Ethereum contracts on June 8, 2026. Another 200 million were minted from nothing on BNB Smart Chain. Total damage across both chains: ab

Humanity Protocol Pivots to Enterprise AI After $36M Hack: What H Token Holders Need to Know

 

Overview

Roughly 141.2 million H tokens left Humanity Protocol's Ethereum contracts on June 8, 2026. Another 200 million were minted from nothing on BNB Smart Chain. Total damage across both chains: about $36 million. The token fell 89% inside a day, from a June 2 high near $0.84 to roughly $0.08.
None of it required breaking a smart contract. The zero-knowledge proof layer and the biometric verification layer both held exactly as designed; the failure point was a compromised laptop holding the private keys that governed the project's cross-chain bridges.
Founder Terence Kwok has since confirmed that Humanity Protocol is repositioning from a decentralized identity blockchain into an enterprise AI company; a shift he says was already six-to-nine months underway before the exploit accelerated it. Recovery odds are low, since the stolen assets moved through mixers within hours and remain unrecovered. Security firm Quantstamp traced the attack to DPRK-affiliated actors, using a phishing email that impersonated the South Korean exchange Bithumb. For holders, the practical questions sit downstream of the wreckage: a sunsetted token, a new audited ERC-20, a 1:1 airdrop against a pre-exploit snapshot, and a compensation fund gated by identity verification.

1. What Humanity Protocol Actually Was

 

 
Humanity Protocol ran a zkEVM-based Layer-2 built around "Proof of Humanity", palm-scan biometrics plus zero-knowledge proofs to verify a unique human without storing the raw biometric. The pitch was trust without exposure, Prove you're a person; leak nothing.
Roughly 10 million registered users sat on the network, a couple million of them with completed credentials, alongside backing from Animoca Brands and Polygon Labs, market-making from Jump Trading, and a proof-of-assets collaboration with MasterCard. Hong Kong leadership under Kwok who previously built the hospitality-tech unicorn Tink Labs before it collapsed in 2019 after raising around $160 million earned the project its "Chinese Worldcoin" nickname, running the same proof-of-personhood thesis as Sam Altman's network but with palm scans in place of iris scans.

2. The Anatomy of the Breach: Threshold Math Meets Human Error

A Gnosis Safe multisig is a threshold signature scheme. On Humanity's Ethereum bridge, the configuration was 3-of-6, meaning any three of six owner keys could authorize a transaction, while the BNB Smart Chain deployment ran a 3-of-5. Distributed across multiple individuals, this is the treasury-security gold standard, precisely because no single person can move funds and no single compromise can drain anything. The math only holds though while the keys stay physically separated.
They didn't stay separated. According to Quantstamp's post-mortem, backup files for seven private keys had been stored on a single director's Windows machine during setup, and a phishing email impersonating Bithumb delivered malware to that device and opened remote access to it. Kwok's later account holds that no one clicked the link directly, but the endpoint was compromised regardless, and the keys were sitting on it
At that point the threshold scheme becomes theater. A single machine held enough keys to satisfy both the 3-of-6 and the 3-of-5 simultaneously, so the attacker never had to defeat the multisig at all, they simply collected a signing quorum off one hard drive.
What followed was a clean well-executed bridge attack following this sequence:
1.) ProxyAdmin capture. With a quorum, the attacker transferred ownership of the Hyperlane bridge's ProxyAdmin contract; the upgrade-authority role that controls cross-chain token movement to a wallet under their control.
2.) Malicious upgrade. They pointed the bridge proxy at a new implementation. On BSC, that implementation carried an unlimited mint function.
3.) Drain and mint. Roughly 141.2 million H drained on Ethereum and around 200 million minted on BSC, after which the attacker swapped the combined haul for ETH and BNB and consolidated it.
4.) The dump. The proceeds hit decentralized liquidity pools with thin books and one-directional flow, and with no bid depth to absorb the sell pressure, price gapped down through every support level in a single session.
Monitoring flagged the abnormal token movement and the team traced the compromised keys inside a short window, but the timing worked against them: mapping the full breach across the project's devices took several days of forensics while the funds took only hours to launder. Kwok compared the recovery outlook to Bybit's failure to claw back roughly $1.4 billion in ether last year, and put his own read on the odds bluntly, calling recovery unlikely.
The structural lesson here is narrow and brutal. An upgradeable proxy sitting behind a bridge concentrates catastrophic authority on whoever holds the admin quorum, which means a contract audit only describes half the attack surface. If the admin keys share a filesystem, that audit is documenting a lock on a door that is already standing open.

3. The DPRK Attribution and the Rug-Pull Question

On-chain investigator ZachXBT flagged the event as "possibly staged," pointing to convenient timing for an active market maker and to prior controversies around Kwok, including allegations tied to a rewards campaign
He later walked it back. After analyzing the laundering flow, ZachXBT concluded that the sketchy market-maker activity and the private-key compromise were independent events rather than a coordinated insider exit.
Quantstamp's forensics went further and attached a profile to the attacker: DPRK-affiliated threat actors, consistent with North Korea's documented pattern of social-engineering crypto infrastructure rather than attacking code directly. That attribution now carries real operational weight, since it is the stated reason certain compensation claims require identity verification and AML compliance.

4. The Enterprise AI Pivot

Kwok has stated the team spent the prior six-to-nine months rethinking direction, which means the exploit accelerated a move already in motion rather than originating it. That distinction changes the risk read considerably. A company fleeing into a buzzword to escape a disaster is one thing; a company that was already drifting off its original thesis and used a crisis to finally commit is another, and the second is what the primary-source interview describes.
On substance, Humanity Protocol intends to present itself less as a blockchain or decentralized identity project and more as a builder of products for the enterprise AI market, and the thesis carries a certain internal logic. AI systems face escalating pressure from data poisoning, sybil attacks, and synthetic-identity fraud, so verification layers matter more rather than less as model pipelines scale. In that reading, Humanity's proof-of-personhood credentialing spanning employment, assets, credit scoring, and the MasterCard proof-of-assets work becomes a B2B integrity product rather than a consumer token economy.
The colder read comes from development activity, which tells a different story than the pitch. The last documented substantive protocol work was the 2024 palm-scan integration, with recent engineering effort concentrated on exchange listings, airdrops, and now incident response operational expansion rather than core protocol depth. A move into enterprise AI also competes against entrenched identity-verification vendors that already hold sales motions and compliance certifications, and against that competition Humanity brings a battered brand, a credentialing dataset of uncertain enterprise portability, and no disclosed enterprise pipeline. This shows the addressable market is large, but the path into it remains undefined.

5. The H Token Migration and Compensation Plan

The recovery mechanics are where holders should focus, because this is the part that moves value.
 
Old token status
Original H on Ethereum, BSC, and Humanity Mainnet sunsetted; old contract
New token
Newly audited ERC-20 on Ethereum, still trading under ticker H
Snapshot
June 8, 2026, 17:25:35 UTC; captured before the exploit
Distribution
1:1 airdrop to eligible externally-owned accounts against snapshot balances
Excluded
Attacker-controlled addresses flagged by Quantstamp
Non-EOA balances
H in liquidity pools or contracts routed to a vault
Compensation Fund
Third-party integrations, DEX liquidity exposure, post-snapshot buyers still holding
KYC requirement
Post-snapshot claimants must complete identity verification (DPRK/AML link)
Mainnet relaunch
Humanity Mainnet to relaunch "in the coming weeks," new H as native gas token
 
The snapshot design is the fair part. Balances frozen at a block before the attack means the attacker's minted and drained supply is scoped out, and honest holders are made whole in unit terms against their pre-exploit position. Eligible EOAs receive the new token directly. Edge cases like liquidity providers, protocol integrations, anyone who bought after the snapshot and still holds a route through a separate H Compensation Fund and a claims portal, with identity verification required before anything releases.
The token did find a floor and bounce, rallying roughly 41% in mid-June after bottoming before settling well below its pre-hack level. Whether that was a dead-cat move on a broken thesis or the start of a re-rate on the pivot is something that has not yet been decided.
 
Frequently Asked Questions
 
What happened to Humanity Protocol? A $36 million exploit on June 8, 2026. A phishing email impersonating Bithumb installed malware on a project director's laptop, exposing private keys that controlled the cross-chain bridges. Attackers drained and minted hundreds of millions of H, crashing the price roughly 89%. Founder Terence Kwok has since confirmed a pivot from decentralized identity to enterprise AI.
How much was stolen in the Humanity Protocol hack? About $36 million across Ethereum and BNB Smart Chain. On-chain analysts first estimated $19–32 million as funds moved during the theft; the project's own figure settled at $36 million or more.
Was the Humanity Protocol hack a smart contract bug? No. It was an operational security failure. The multisig and contracts were configured correctly, but backup copies of seven private keys sat on one compromised laptop, letting attackers meet the multisig thresholds and seize the bridge admin roles.
Who was behind the Humanity Protocol exploit? Quantstamp linked the attack to DPRK-affiliated (North Korea-linked) actors via a phishing email impersonating Bithumb. ZachXBT initially suspected an inside job, then concluded the evidence supported a genuine key compromise.
Will Humanity Protocol recover the stolen funds? Unlikely. The funds moved through mixers within hours, and Kwok has called recovery odds low, comparing the situation to Bybit's failure to recover its far larger 2025 theft.
Is my H token still valid after the hack? The original H was sunsetted. A new audited ERC-20 is being airdropped 1:1 based on a June 8, 2026 pre-exploit snapshot. Attacker addresses are excluded. Exchange holders should follow their platform's specific migration instructions.
How do I claim Humanity Protocol H token compensation? Eligible externally-owned accounts receive the new token automatically. Edge cases such as liquidity pool exposure, third-party integrations, and post-snapshot buyers still holding go through the H Compensation Fund and a claims portal, with identity verification required due to the AML/DPRK link. Trust only verified Humanity Protocol channels.
Why is Humanity Protocol pivoting to enterprise AI? Kwok says the shift was six-to-nine months in progress before the hack accelerated it. The argument: enterprise AI needs identity and verification layers against data poisoning and sybil attacks, and Humanity's proof-of-personhood credentialing can serve that B2B market without a public consumer token's exposure.
Was user biometric data stolen in the Humanity Protocol breach? No evidence indicates biometric data or personally identifiable information was accessed. The breach centered on admin keys and bridge roles, not the biometric verification layer.
 
Disclaimer: This article is for informational purposes only and does not constitute financial, investment, or trading advice. Digital assets are volatile and you may lose capital. Conduct your own research before making any decision.
Market Opportunity
Humanity Logo
Humanity Price(H)
--
----
USD
Humanity (H) Live Price Chart

Description:Crypto Pulse is powered by AI and public sources to bring you the hottest token trends instantly. For expert insights and in-depth analysis, visit MEXC Learn.

The articles shared on this page are sourced from public platforms and are provided for reference only. They do not represent the position or views of MEXC. All rights belong to Emmanuel Olamiye. If you believe any content infringes upon the rights of a third party, please contact service@support.mexc.com for prompt removal. MEXC does not guarantee the accuracy, completeness, or timeliness of any content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be interpreted as a recommendation or endorsement by MEXC. For expert insights and in-depth analysis, visit MEXC Learn.