A $36 million hack didn’t just drain Humanity Protocol’s treasury — it forced a reckoning that was already quietly building inside the company. The Humanity Protocol hack, which struck on June 9, wiped out roughly 89% of the H token’s value within hours and set off one of the more consequential strategic pivots in recent blockchain history. But according to founder Terence Kwok, the direction was changing anyway. The breach just made it impossible to ignore.
The strategic move away from blockchain identity and toward enterprise AI products didn’t begin with the exploit — it began months before it. Kwok told The Block in his first interview since the attack that the team had spent six to nine months quietly rethinking the project’s direction before June. The hack compressed that timeline dramatically.
The logic behind the shift isn’t hard to follow. Humanity Protocol originally built a proof-of-personhood blockchain designed to verify people’s credentials — employment history, assets, credit scoring — including a partnership with Mastercard on proof-of-assets applications. That foundation hasn’t been abandoned. Kwok’s argument is that as AI systems proliferate, the demand for robust identity and credential verification will only intensify, making Humanity Protocol’s infrastructure genuinely useful to enterprise customers in ways it wasn’t fully capitalizing on before.
The platform has approximately 10 million registered users, with a couple of million having completed their credential verification. That user base, built around digital identity verification, now forms the backbone of what Kwok envisions as a B2B enterprise AI offering. The team has already been testing products aimed at AI companies, with additional enterprise-focused services in development.
Kwok has been careful to frame this as evolution, not crisis management. The distinction matters, both for existing users and for potential enterprise partners assessing whether to engage with a project that just suffered a major breach. A reactive pivot signals desperation; a confirmed pre-planned transition signals direction.
Still, the hack clearly accelerated the timeline. Whatever internal deliberations were happening over those six to nine months, the exploit made the blockchain identity focus harder to defend publicly — and made the move toward enterprise AI more urgent.
The attack was methodical. A phishing email reached members of Kwok’s team, and while no one clicked it directly, attackers eventually obtained access to private keys stored on a developer device. Malware had infected the machine, which held backups of several critical keys — giving the attackers the ability to authorize transactions that looked entirely legitimate to the protocol’s systems.
Security firm Quantstamp, which reviewed the incident, confirmed the exploit had nothing to do with vulnerabilities in Humanity Protocol’s smart contracts. The flaw was entirely on the operational security side: key management on a developer machine.
Once inside, the attackers moved fast. They drained approximately 141 million H tokens from the Ethereum bridge, then minted additional tokens on BNB Smart Chain — a double-sided squeeze that flooded supply while simultaneously depleting the bridge. On-chain analysts first flagged unusual movements when losses crossed $31 million; Humanity Protocol’s own forensic review later put the final figure closer to $36 million.
The token impact was immediate and severe. As the attacker minted and sold tokens across multiple chains, the H token lost roughly 89% of its value within hours. PeckShield later noted that stolen funds were laundered across Bitcoin, Solana, Hyperliquid, and BNB Chain, with some proceeds appearing commingled with funds connected to the separate Kelp DAO exploit — a pattern that raised the possibility of a shared threat actor. Both Humanity Protocol and Quantstamp said the attack bore characteristics associated with North Korea-linked groups, a designation that carries significant weight given that North Korean operatives were responsible for the two largest crypto thefts of 2026.
The Humanity Protocol hack topped PeckShield’s June 2026 crypto loss rankings, which totaled $75.9 million across 40 incidents — a 7.1% decline from May’s $81.7 million. That broader context doesn’t soften the blow, but it does position the Humanity Protocol breach within an industry-wide pattern where developer-side operational security remains a persistent weak point, even when smart contract code itself holds up.
Humanity Protocol has issued a replacement token and distributed it to major cryptocurrency exchanges. The process is still active — Kwok said discussions are ongoing around snapshot dates, suspended deposits and withdrawals, liquidity pool arrangements, and custodian settlements. Completing compensation claims requires investigators to trace every transaction that occurred after the breach, a forensic process that takes time even when systems are cooperating.
On recovering the stolen funds, Kwok was frank. The chances are “pretty low,” he said, pointing to the experience of Bybit, which has been unable to claw back approximately $1.5 billion in ether stolen in a separate attack. For users and token holders hoping for restitution from the stolen pool itself, that comparison is sobering. The focus has shifted to ecosystem rebuilding and compensation through the token replacement process rather than fund recovery.
Law enforcement agencies in Hong Kong and the United States have been contacted as part of the ongoing investigation. The cross-jurisdictional nature of the probe reflects both where Humanity Protocol operates and where relevant investigative infrastructure exists for tracing crypto theft at scale. Progress in such cases depends heavily on cooperation between jurisdictions — and, given the suspected North Korean state-actor involvement, on the ability of law enforcement to operate in environments where attribution is possible but enforcement is far less certain.
The harder question for Humanity Protocol isn’t whether it can rebuild — the infrastructure, the user base, and the pivot direction all exist. It’s whether enterprise AI clients will engage with a blockchain identity platform freshly associated with a nine-figure hack, particularly one attributed to sophisticated state-linked actors who exploited basic operational security failures. The enterprise AI market values reliability above almost everything else. How Kwok answers that question in the months ahead will determine whether the pivot becomes a genuine second chapter or simply a new framing on an unresolved crisis.
The hack resulted from malware infecting a developer device, which compromised private keys stored on that machine and allowed attackers to authorize transactions draining tokens from the protocol’s systems.
The project issued a replacement token and distributed it to major cryptocurrency exchanges. Recovery efforts include ongoing discussions around snapshot dates, compensation claims, and liquidity arrangements, while law enforcement investigations proceed in Hong Kong and the United States.
Founder Terence Kwok said the chances of recovering the stolen funds are “pretty low,” comparing the situation to Bybit’s unsuccessful efforts to recover approximately $1.5 billion stolen in a separate attack.
Humanity Protocol is accelerating a pivot toward enterprise artificial intelligence products, moving away from its primary identity-and-blockchain framing. Kwok confirmed the shift had been under internal discussion for six to nine months before the hack compressed the timeline.
Article produced with the assistance of artificial intelligence and reviewed by the editorial team.


