A $36 million hack didn’t just drain Humanity Protocol’s treasury — it forced a reckoning that was already quietly building inside the company. The Humanity ProtocolA $36 million hack didn’t just drain Humanity Protocol’s treasury — it forced a reckoning that was already quietly building inside the company. The Humanity Protocol

Humanity Protocol Hack Wipes 89% of Token Value, Triggers AI Pivot

For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com
Humanity Protocol hack

A $36 million hack didn’t just drain Humanity Protocol’s treasury — it forced a reckoning that was already quietly building inside the company. The Humanity Protocol hack, which struck on June 9, wiped out roughly 89% of the H token’s value within hours and set off one of the more consequential strategic pivots in recent blockchain history. But according to founder Terence Kwok, the direction was changing anyway. The breach just made it impossible to ignore.

Key takeaways

  • Attackers exploited malware on a developer device to compromise private keys, draining 141 million H tokens from the Ethereum bridge and minting additional tokens on BNB Smart Chain.
  • The H token collapsed roughly 89% within hours of the breach, with onchain analysts estimating losses initially above $32 million; Humanity Protocol’s own investigation placed total losses at $36 million.
  • Founder Terence Kwok confirmed the pivot toward enterprise AI had been under discussion for six to nine months before the hack accelerated the shift.
  • A replacement token has been issued and distributed to major exchanges; Kwok said the odds of recovering stolen funds are “pretty low.”
  • Law enforcement agencies in Hong Kong and the United States are actively investigating; the attack bears characteristics associated with North Korea-linked threat actors, according to Humanity Protocol and security firm Quantstamp.

Humanity Protocol shifts focus to enterprise AI after major hack

The strategic move away from blockchain identity and toward enterprise AI products didn’t begin with the exploit — it began months before it. Kwok told The Block in his first interview since the attack that the team had spent six to nine months quietly rethinking the project’s direction before June. The hack compressed that timeline dramatically.

The logic behind the shift isn’t hard to follow. Humanity Protocol originally built a proof-of-personhood blockchain designed to verify people’s credentials — employment history, assets, credit scoring — including a partnership with Mastercard on proof-of-assets applications. That foundation hasn’t been abandoned. Kwok’s argument is that as AI systems proliferate, the demand for robust identity and credential verification will only intensify, making Humanity Protocol’s infrastructure genuinely useful to enterprise customers in ways it wasn’t fully capitalizing on before.

The platform has approximately 10 million registered users, with a couple of million having completed their credential verification. That user base, built around digital identity verification, now forms the backbone of what Kwok envisions as a B2B enterprise AI offering. The team has already been testing products aimed at AI companies, with additional enterprise-focused services in development.

Founder confirms the pivot was pre-planned, not panic-driven

Kwok has been careful to frame this as evolution, not crisis management. The distinction matters, both for existing users and for potential enterprise partners assessing whether to engage with a project that just suffered a major breach. A reactive pivot signals desperation; a confirmed pre-planned transition signals direction.

Still, the hack clearly accelerated the timeline. Whatever internal deliberations were happening over those six to nine months, the exploit made the blockchain identity focus harder to defend publicly — and made the move toward enterprise AI more urgent.

Details of the $36 million hack and token devaluation

The attack was methodical. A phishing email reached members of Kwok’s team, and while no one clicked it directly, attackers eventually obtained access to private keys stored on a developer device. Malware had infected the machine, which held backups of several critical keys — giving the attackers the ability to authorize transactions that looked entirely legitimate to the protocol’s systems.

Security firm Quantstamp, which reviewed the incident, confirmed the exploit had nothing to do with vulnerabilities in Humanity Protocol’s smart contracts. The flaw was entirely on the operational security side: key management on a developer machine.

141 million H tokens drained across two chains

Once inside, the attackers moved fast. They drained approximately 141 million H tokens from the Ethereum bridge, then minted additional tokens on BNB Smart Chain — a double-sided squeeze that flooded supply while simultaneously depleting the bridge. On-chain analysts first flagged unusual movements when losses crossed $31 million; Humanity Protocol’s own forensic review later put the final figure closer to $36 million.

The token impact was immediate and severe. As the attacker minted and sold tokens across multiple chains, the H token lost roughly 89% of its value within hours. PeckShield later noted that stolen funds were laundered across Bitcoin, Solana, Hyperliquid, and BNB Chain, with some proceeds appearing commingled with funds connected to the separate Kelp DAO exploit — a pattern that raised the possibility of a shared threat actor. Both Humanity Protocol and Quantstamp said the attack bore characteristics associated with North Korea-linked groups, a designation that carries significant weight given that North Korean operatives were responsible for the two largest crypto thefts of 2026.

A breach that followed a familiar playbook

The Humanity Protocol hack topped PeckShield’s June 2026 crypto loss rankings, which totaled $75.9 million across 40 incidents — a 7.1% decline from May’s $81.7 million. That broader context doesn’t soften the blow, but it does position the Humanity Protocol breach within an industry-wide pattern where developer-side operational security remains a persistent weak point, even when smart contract code itself holds up.

Recovery efforts and ongoing investigations

Humanity Protocol has issued a replacement token and distributed it to major cryptocurrency exchanges. The process is still active — Kwok said discussions are ongoing around snapshot dates, suspended deposits and withdrawals, liquidity pool arrangements, and custodian settlements. Completing compensation claims requires investigators to trace every transaction that occurred after the breach, a forensic process that takes time even when systems are cooperating.

Kwok draws a direct comparison to Bybit

On recovering the stolen funds, Kwok was frank. The chances are “pretty low,” he said, pointing to the experience of Bybit, which has been unable to claw back approximately $1.5 billion in ether stolen in a separate attack. For users and token holders hoping for restitution from the stolen pool itself, that comparison is sobering. The focus has shifted to ecosystem rebuilding and compensation through the token replacement process rather than fund recovery.

Law enforcement in Hong Kong and the US now involved

Law enforcement agencies in Hong Kong and the United States have been contacted as part of the ongoing investigation. The cross-jurisdictional nature of the probe reflects both where Humanity Protocol operates and where relevant investigative infrastructure exists for tracing crypto theft at scale. Progress in such cases depends heavily on cooperation between jurisdictions — and, given the suspected North Korean state-actor involvement, on the ability of law enforcement to operate in environments where attribution is possible but enforcement is far less certain.

The harder question for Humanity Protocol isn’t whether it can rebuild — the infrastructure, the user base, and the pivot direction all exist. It’s whether enterprise AI clients will engage with a blockchain identity platform freshly associated with a nine-figure hack, particularly one attributed to sophisticated state-linked actors who exploited basic operational security failures. The enterprise AI market values reliability above almost everything else. How Kwok answers that question in the months ahead will determine whether the pivot becomes a genuine second chapter or simply a new framing on an unresolved crisis.

FAQ

What caused the Humanity Protocol hack?

The hack resulted from malware infecting a developer device, which compromised private keys stored on that machine and allowed attackers to authorize transactions draining tokens from the protocol’s systems.

How is Humanity Protocol responding to the hack?

The project issued a replacement token and distributed it to major cryptocurrency exchanges. Recovery efforts include ongoing discussions around snapshot dates, compensation claims, and liquidity arrangements, while law enforcement investigations proceed in Hong Kong and the United States.

Will the stolen funds be recovered?

Founder Terence Kwok said the chances of recovering the stolen funds are “pretty low,” comparing the situation to Bybit’s unsuccessful efforts to recover approximately $1.5 billion stolen in a separate attack.

What strategic changes is Humanity Protocol making after the hack?

Humanity Protocol is accelerating a pivot toward enterprise artificial intelligence products, moving away from its primary identity-and-blockchain framing. Kwok confirmed the shift had been under internal discussion for six to nine months before the hack compressed the timeline.

Article produced with the assistance of artificial intelligence and reviewed by the editorial team.

Market Opportunity
Gensyn Logo
Gensyn Price(AI)
$0.02877
$0.02877$0.02877
-7.78%
USD
Gensyn (AI) Live Price Chart

World Cup Combo: Aim for 200x

World Cup Combo: Aim for 200xWorld Cup Combo: Aim for 200x

Combine up to 20 World Cup matches in one order

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.