Skip to main content
Sign in
Terence Kwok — Humanity Protocol Staged Hack1 decision on this page

Audit log

Every state-changing event for Terence Kwok — Humanity Protocol Staged Hack: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-06-26 23:25:30Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 429,119,471
    sig
    V5wtb1aNA7wU…1fRzYyhvexplorer ↗
    hash
    ErEckaZV3pKR…o14CURDZsha256 → base58
    verifying row…full verify ↗
    canonical bytes (32579 B) ▸
    {"actor":"system:backfill","investigation_id":"fcf8176f-b437-467b-93a2-5c44585b6162","kind":"publish","page_slug":"terence-kwok-humanity-protocol-staged-hack","published_at":"2026-06-26T23:25:30.098Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Terence Kwok — Humanity Protocol Staged Hack","sections":[{"content":"On June 8–9, 2026, Humanity Protocol's H token collapsed 80–90% after a series of coordinated on-chain transactions drained approximately $36 million from project-controlled wallets and minted unauthorized tokens. The attack proceeded across three distinct vectors. First, roughly 6 million H tokens were stolen from an administrative hot wallet after its private key was compromised. Second, on Ethereum, attackers obtained control of three of six Gnosis Safe signing keys managing the Hyperlane bridge's ProxyAdmin, upgraded the bridge contract to a malicious implementation, and drained approximately 141 million H tokens in a single transaction. Third, on BNB Smart Chain, attackers similarly compromised three of five Safe owners, deployed malicious contract changes, and minted approximately 300 million additional H tokens across separate transactions. In total, approximately 447 million H tokens were stolen or minted without authorization. The H token's price fell from roughly $0.67 to an intraday low near $0.05, with a sustained level around $0.099–$0.13 in the aftermath. Stolen assets were liquidated primarily through decentralized exchanges including Uniswap and PancakeSwap, converting approximately $23–25 million in H into ETH and BNB. Terence Kwok confirmed the incident publicly, stating: 'We've detected a security incident involving the compromise of private keys belonging to a member of the Humanity Foundation.'","heading":"The June 2026 Exploit","severity":"critical","sources":[{"credibility":2,"name":"ZachXBT Calls $32M Humanity Protocol Hack 'Possibly Staged,' $H Crashes 86%","type":"news_article","url":"https://www.cryptotimes.io/2026/06/09/zachxbt-calls-32m-humanity-protocol-hack-possibly-staged-h-crashes-86/"},{"credibility":1,"name":"Humanity Protocol token crashes more than 80% after a $32 million private-key hack — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/06/09/humanity-protocol-token-crashes-more-than-80-after-a-usd32-million-private-key-hack"},{"credibility":1,"name":"Wallets linked to Humanity Protocol drained for over $32 million, token plunges 89% — The Block","type":"news_article","url":"https://www.theblock.co/post/404053/humanity-protocol-exploit"},{"credibility":2,"name":"One Laptop, $36 Million, and a Token Collapse: Inside the Humanity Protocol Exploit — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/10/one-laptop-36-million-and-a-token-collapse-inside-the-humanity-protocol-exploit/"},{"credibility":2,"name":"Humanity Protocol Founder Confirms Private Key Breach as H Token Collapses 90% — NFT Plazas","type":"news_article","url":"https://nftplazas.com/humanity-protocol-32m-exploit/"}]},{"content":"On-chain investigator ZachXBT publicly characterized the incident as 'possibly staged' on June 9, 2026, stating: 'The incident seems possibly staged. I am not buying the team's story — it's a convenient way for the active market maker to have exited.' He further accused the project of engaging in a 'crime pump,' writing: 'You choose to crime pump your token for weeks with zero fundamentals.' ZachXBT pointed to the H token's unusual price trajectory in the days before the exploit: the token surged 31% on May 30 with a 134% volume increase, then rallied an additional 61% to reach an all-time high of approximately $0.85 on June 1. He argued this price action was coordinated with market makers lacking any fundamental justification. Independent on-chain analyst Elton documented that attacker wallets had been pre-funded weeks before the exploit, with funding arriving from an exchange and a mixer in late April and May 2026. Elton also noted that the minting authority appeared to have been 'warmed up' — tested before large-scale deployment — prior to the June 8 attack. Additionally, the fact that all proceeds were sold exclusively through decentralized exchanges rather than centralized platforms struck analysts as atypical for a genuine external hack. ZachXBT later clarified that while he maintained suspicions about market-maker coordination, the private-key compromise itself could still be factual. These allegations remain unproven. No regulatory body or law enforcement agency has publicly confirmed any allegation of insider staging as of the date of this investigation.","heading":"ZachXBT's 'Possibly Staged' Allegations","severity":"critical","sources":[{"credibility":2,"name":"ZachXBT Calls $32M Humanity Protocol Hack 'Possibly Staged,' $H Crashes 86% — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/09/zachxbt-calls-32m-humanity-protocol-hack-possibly-staged-h-crashes-86/"},{"credibility":2,"name":"Humanity Protocol Loses $32M in Private Key Hack as ZachXBT Calls Incident 'Possibly Staged' — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/humanity-protocol-exploit-zachxbt-staged/"},{"credibility":2,"name":"Is Humanity Protocol's $32M Hack an Exit Scam? What ZachXBT's Investigation Reveals — Memeburn","type":"news_article","url":"https://memeburn.com/is-humanity-protocols-32m-hack-an-exit-scam-what-zachxbts-investigation-reveals/"},{"credibility":2,"name":"ZachXBT Says Humanity Crypto $32M Hack Looks 'Possibly Staged' — The Tokenist","type":"news_article","url":"https://tokenist.com/zachxbt-humanity-crypto-protocol-hack-crypto-etf-risk/"},{"credibility":2,"name":"Humanity Protocol Crash: What Exactly Caused the $31M H Token Exploit? — CoinGape","type":"news_article","url":"https://coingape.com/trending/humanity-protocol-crash-what-exactly-caused-the-31m-h-token-exploit/"}]},{"content":"On approximately June 13–15, 2026, blockchain security firm Quantstamp published its investigation into the Humanity Protocol breach, concluding that the attack bore the hallmarks of DPRK-affiliated threat actors. According to Quantstamp, the attack originated with a phishing email sent on June 5, 2026, impersonating South Korean crypto exchange Bithumb — an entity with which a Humanity Protocol director was actively communicating. The malicious attachment contained remote-access malware that, once executed, gave attackers full remote-desktop control of the compromised device while evading endpoint security systems. The malware carried a digital certificate associated with South Korean software provider Hancom; Quantstamp stated that similar certificate-signing behavior appeared in prior campaigns attributed to DPRK-linked hacking groups. Investigators identified that seven private keys were stored on the single compromised machine alongside an active email client, a critical operational security failure. The compromised laptop belonged to Humanity Protocol director Chong Yee Wai, according to one investigative report, though Quantstamp's published findings did not identify the director by name. Quantstamp stopped short of a definitive attribution, stating that 'several aspects of the malware infrastructure and certificate-signing behavior resembled techniques commonly associated with North Korean cyber groups.' This attribution, if confirmed, would shift the characterization of the incident from an alleged insider exit to a sophisticated state-level attack — though it does not resolve questions about pre-exploit price manipulation or market-maker coordination raised independently by ZachXBT.","heading":"Quantstamp Investigation: DPRK Attribution","severity":"critical","sources":[{"credibility":2,"name":"Humanity Protocol's $36M hack linked to suspected North Korean hackers, Quantstamp reports — Crypto Briefing","type":"research","url":"https://cryptobriefing.com/humanity-protocol-36m-hack-north-korean-hackers/"},{"credibility":2,"name":"Humanity Protocol $36M Hack: Phishing Email, DPRK Links Revealed — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/13/humanity-protocol-36m-hack-phishing-email-dprk-links-revealed/"},{"credibility":2,"name":"Crypto News: Humanity Protocol Hack Linked to Suspected North Korean Actors — The Coin Republic","type":"news_article","url":"https://www.thecoinrepublic.com/2026/06/15/crypto-news-humanity-protocol-hack-linked-to-suspected-north-korean-actors/"},{"credibility":2,"name":"Quantstamp Links Humanity Protocol's $36M Hack to Suspected N. Korea Group — CryptoBreaking","type":"news_article","url":"https://www.cryptobreaking.com/quantstamp-links-humanity-protocols-36m/"}]},{"content":"Before the June 2026 exploit, Humanity Protocol faced significant credibility questions about its core product metrics. In leaked conversations from June 26, 2025 — one day before the H token's public launch — founder Terence Kwok reportedly disclosed to content creator Zun that of approximately nine million Human IDs created, only 'approaching a million' had completed biometric or social verification. This admission, representing an 88% non-verified rate, contradicted the project's public marketing which advertised 'over six million' Human IDs under the tagline 'growing one human at a time.' The H token fell over 61% from its launch price in the days following the leak. Separately, users reported unfair exclusion from the 1.2 billion token airdrop, and Kwok allegedly tripled the token allocation for influential community member Zun following their private communication — an allegation suggesting preferential treatment for insiders. The project's core value proposition — preventing bots and Sybil attacks — was undermined by the apparent prevalence of unverified accounts gaming the airdrop system. Concerns were also raised about the collection and storage of users' palm biometric data; the project maintained that raw biometric images were not stored and that all biometric data was converted into encrypted mathematical representations, though this was not independently verified.","heading":"Pre-Hack Controversies: Bots, Airdrop Manipulation, and Misleading Marketing","severity":"high","sources":[{"credibility":2,"name":"Humanity Protocol token plummets as founder admits network could be up to 88% bots — DL News","type":"news_article","url":"https://www.dlnews.com/articles/people-culture/humanity-protocol-token-falls-founder-admits-network-is-mostly-bots/"},{"credibility":2,"name":"Humanity was hacked for $31 million — Was it a hack or a staged attack? — PANews","type":"news_article","url":"https://www.panewslab.com/en/articles/019eabaf-50d3-75d7-9a94-24bdcbb4adff"}]},{"content":"In January 2026, approximately five months before the June exploit, Humanity Investments — the venture arm of Humanity Protocol — led a $6.9 million seed round for a new entity called 'Everything,' described as a unified all-in-one exchange integrating perpetual futures, spot markets, prediction markets, and payment functions. The round also included Animoca Brands and the founder of WallStreetBets. Tim Tsai serves as CEO of Everything, with Terence Kwok quoted in the announcement in his capacity as Humanity CEO endorsing the integration of Humanity's Proof-of-Trust network. Kwok stated: 'Together, we're building an exchange where the community drives the rules, institutions provide security, and bots have nowhere to hide.' The HTX Insights article on the hack noted that crypto KOL Irene Zhao had disclosed profiting from early H investments and subsequently participating in Everything's KOL financing round, suggesting coordinated insider advancement ahead of the hack. Critics noted that Humanity's own venture arm deploying capital into a parallel project while the H token remained active raised questions about the team's priorities. No evidence has been publicly produced establishing a causal connection between the Everything venture and the circumstances of the June 9 exploit.","heading":"Concurrent Pivot: The 'Everything' Exchange","severity":"high","sources":[{"credibility":2,"name":"Everything: $6.9 Million Seed Funding Raised — Pulse2","type":"news_article","url":"https://pulse2.com/everything-6-9-million-seed-funding/"},{"credibility":2,"name":"Everything Raises $6.9M to Simplify Perps Trading — AInvest","type":"news_article","url":"https://www.ainvest.com/news/raises-6-9m-simplify-perps-trading-backed-humanity-animoca-brands-founder-wallstreetbets-2601/"},{"credibility":2,"name":"Over $31 Million Stolen from Humanity, Is the Team Behind It Paving the Way for a New Project? — HTX Insights","type":"news_article","url":"https://www.htx.com/news/over-31-million-stolen-from-humanity-is-the-team-behind-it-p-Ix2wi7hx/"}]},{"content":"Terence Kwok previously founded Tink Labs, which became Hong Kong's first unicorn startup. Founded in 2012 when Kwok was approximately 19–20 years old, Tink Labs supplied complimentary smartphones (branded 'Handy') to hotel guests across more than 82 countries, allowing guests to avoid roaming charges. The company raised approximately $170 million — with investors including SoftBank, Foxconn subsidiary FIH Mobile, Cai Wensheng (chairman of Meitu), and Sinovation Ventures — and reached a peak valuation of $1.5 billion. The business model became unviable as roaming charges declined and eSIM technology proliferated. SoftBank reportedly forced the abrupt halt of a major Japan joint-venture project after raising concerns that Tink Labs was 'funnelling money from the joint venture in Japan to stay afloat in other regions.' By mid-2019, Kwok struggled to pay employees and contractors. More than 100 employees across the European, Middle East, and African offices did not receive their July 2019 salaries. Tink Labs officially ceased operations on August 1, 2019, and entered formal insolvency and bankruptcy liquidation proceedings in January 2020. Kwok stated publicly at the time: 'I am trying to do what I can, but a lot of things are now out of my hands.' Protos and CCN published investigative articles drawing a direct line between the Tink Labs collapse and Kwok's subsequent role at Humanity Protocol, raising questions about whether investors and users had been adequately informed of the prior venture's failure mode.","heading":"Terence Kwok: Track Record and Tink Labs Collapse","severity":"high","sources":[{"credibility":2,"name":"How Humanity Protocol CEO drove his previous firm to insolvency — Protos","type":"news_article","url":"https://protos.com/how-humanity-protocol-ceo-drove-his-previous-firm-to-insolvency/"},{"credibility":2,"name":"Humanity Protocol Boss Terence Kwok Nearly Bankrupted Unicorn Phone Company Tink Labs — CCN","type":"news_article","url":"https://www.ccn.com/news/crypto/humanity-protocol-terence-kwok-tink-labs/"},{"credibility":2,"name":"What Happened to Tink Labs, the First Hong Kong Unicorn? — Failory","type":"news_article","url":"https://www.failory.com/cemetery/tink-labs"},{"credibility":2,"name":"How this $1.5B hotel phone empire burned $170M in 7 years — The Runway","type":"news_article","url":"https://www.therunway.ventures/p/tink-labs"}]},{"content":"Humanity Protocol raised $50 million across two primary rounds. A $30 million seed round was completed in May 2024, led by Kingsway Capital and joined by Animoca Brands, Blockchain.com, and Shima Capital, at a reported $1 billion fully diluted valuation. A subsequent $20 million round closed in January 2025, led by Pantera Capital and Jump Crypto, at a reported $1.1 billion valuation. The project positioned itself as a decentralized alternative to Worldcoin, using palm-scan biometrics and zero-knowledge proofs to let users prove humanity without disclosing personal data. Mario Nawfal, a controversial crypto promoter who has separately faced allegations of unpaid wages and improper financing at his IBC Group and NFT Tech entities (investigated by FBI and SEC according to Protos reporting), served in an advisory or board capacity at Humanity Protocol. Yat Siu, whose company Animoca Brands was delisted from the Australian Securities Exchange over blockchain investment issues, was also publicly associated with the project. The combination of these associations has been cited by critics as a pattern of high-profile promotional involvement outpacing substantive due diligence.","heading":"Humanity Protocol: Fundraising and Investor Background","severity":"medium","sources":[{"credibility":1,"name":"Pantera Capital and Jump Crypto lead $20 million funding round for Humanity Protocol — The Block","type":"news_article","url":"https://www.theblock.co/post/337538/pantera-capital-and-jump-crypto-lead-20-million-funding-round-for-humanity-protocol"},{"credibility":2,"name":"FBI and SEC likely investigating Mario Nawfal after wave of complaints — Protos","type":"news_article","url":"https://protos.com/fbi-and-sec-likely-investigating-mario-nawfal-after-wave-of-complaints/"},{"credibility":2,"name":"Humanity Protocol Founder Confirms Private Key Breach as H Token Collapses 90% — NFT Plazas","type":"news_article","url":"https://nftplazas.com/humanity-protocol-32m-exploit/"}]},{"content":"On June 16, 2026, Humanity Protocol announced a recovery plan proposing to replace compromised H tokens with a newly audited ERC-20 token on Ethereum. User balances would be reconstructed using a snapshot taken on June 8, 2026, at 17:25:35 UTC, immediately before the exploit, and distributed at a 1:1 ratio. Externally owned accounts were to receive tokens directly; assets held in liquidity pools would transfer to a dedicated vault awaiting stakeholder verification. A dedicated H Compensation Fund was established for cases not resolvable through automated distribution, including third-party protocol integrations, LP exposure, and post-snapshot purchases. Because investigators linked the exploit to DPRK-affiliated actors, the recovery plan required identity verification procedures for claimants — a condition that introduced friction for anonymous or pseudonymous holders. Humanity Mainnet was announced to relaunch within weeks using the new H token as its native gas token. As of the date of this investigation, stolen funds had not been publicly confirmed as recovered.","heading":"Recovery Plan and Token Replacement","severity":"medium","sources":[{"credibility":2,"name":"Humanity Protocol Unveils H Token Recovery and Airdrop Plan Post $36M Hack — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/16/humanity-protocol-unveils-h-token-recovery-and-airdrop-plan-post-36m-hack/"},{"credibility":2,"name":"Humanity Protocol Plans New H Token After $36 Million Key Compromise — NewsBTC","type":"news_article","url":"https://www.newsbtc.com/news/humanity-protocol-plans-new-h-token-after-36-million-key-compromise/"},{"credibility":2,"name":"Humanity Protocol blames North Korea-linked hackers for $36M theft — Crypto.news","type":"news_article","url":"https://crypto.news/humanity-protocol-blames-north-korea-linked-hackers-for-36m-theft/"}]},{"content":"Regardless of whether the incident involved insider staging or external attack, post-incident analyses identified severe operational security failures at Humanity Protocol. Seven private keys with administrative authority over the protocol's bridge and token-minting infrastructure were generated, stored, and accessed from a single laptop connected to an active email client. This collapsed the theoretical security model of the multisig system: while the BNB Chain multisig required three of five signers and the Ethereum bridge multisig required three of six, all required keys were accessible from the same device. Industry standards for this level of custody mandate hardware security modules (HSMs), air-gapped signing processes, geographically distributed key holders, and strict separation of key storage from internet-connected devices. The failure to implement any of these controls — for a project that had raised $50 million and reached a $1.1 billion valuation — has been cited by security researchers as a fundamental governance and engineering failure independent of the question of external versus internal origination of the attack.","heading":"Operational Security Failures","severity":"critical","sources":[{"credibility":2,"name":"One Laptop, $36 Million, and a Token Collapse: Inside the Humanity Protocol Exploit — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/10/one-laptop-36-million-and-a-token-collapse-inside-the-humanity-protocol-exploit/"},{"credibility":2,"name":"Humanity Protocol $36M Hack: Phishing Email, DPRK Links Revealed — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/13/humanity-protocol-36m-hack-phishing-email-dprk-links-revealed/"},{"credibility":2,"name":"Explained: The Humanity Protocol Hack (June 2026) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-humanity-protocol-hack-june-2026"}]}],"sources_used":[{"credibility":2,"name":"ZachXBT Calls $32M Humanity Protocol Hack 'Possibly Staged,' $H Crashes 86% — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/09/zachxbt-calls-32m-humanity-protocol-hack-possibly-staged-h-crashes-86/"},{"credibility":2,"name":"Humanity Protocol Loses $32M in Private Key Hack as ZachXBT Calls Incident 'Possibly Staged' — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/humanity-protocol-exploit-zachxbt-staged/"},{"credibility":1,"name":"Humanity Protocol token crashes more than 80% after a $32 million private-key hack — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/06/09/humanity-protocol-token-crashes-more-than-80-after-a-usd32-million-private-key-hack"},{"credibility":1,"name":"Wallets linked to Humanity Protocol drained for over $32 million, token plunges 89% — The Block","type":"news_article","url":"https://www.theblock.co/post/404053/humanity-protocol-exploit"},{"credibility":1,"name":"Pantera Capital and Jump Crypto lead $20 million funding round for Humanity Protocol — The Block","type":"news_article","url":"https://www.theblock.co/post/337538/pantera-capital-and-jump-crypto-lead-20-million-funding-round-for-humanity-protocol"},{"credibility":2,"name":"One Laptop, $36 Million, and a Token Collapse: Inside the Humanity Protocol Exploit — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/10/one-laptop-36-million-and-a-token-collapse-inside-the-humanity-protocol-exploit/"},{"credibility":2,"name":"Humanity Protocol $36M Hack: Phishing Email, DPRK Links Revealed — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/13/humanity-protocol-36m-hack-phishing-email-dprk-links-revealed/"},{"credibility":2,"name":"Humanity Protocol's $36M hack linked to suspected North Korean hackers, Quantstamp reports — Crypto Briefing","type":"research","url":"https://cryptobriefing.com/humanity-protocol-36m-hack-north-korean-hackers/"},{"credibility":2,"name":"Humanity Protocol Unveils H Token Recovery and Airdrop Plan Post $36M Hack — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/16/humanity-protocol-unveils-h-token-recovery-and-airdrop-plan-post-36m-hack/"},{"credibility":2,"name":"Is Humanity Protocol's $32M Hack an Exit Scam? What ZachXBT's Investigation Reveals — Memeburn","type":"news_article","url":"https://memeburn.com/is-humanity-protocols-32m-hack-an-exit-scam-what-zachxbts-investigation-reveals/"},{"credibility":2,"name":"Humanity Protocol token plummets as founder admits network could be up to 88% bots — DL News","type":"news_article","url":"https://www.dlnews.com/articles/people-culture/humanity-protocol-token-falls-founder-admits-network-is-mostly-bots/"},{"credibility":2,"name":"Everything: $6.9 Million Seed Funding Raised — Pulse2","type":"news_article","url":"https://pulse2.com/everything-6-9-million-seed-funding/"},{"credibility":2,"name":"Over $31 Million Stolen from Humanity, Is the Team Behind It Paving the Way for a New Project? — HTX Insights","type":"news_article","url":"https://www.htx.com/news/over-31-million-stolen-from-humanity-is-the-team-behind-it-p-Ix2wi7hx/"},{"credibility":2,"name":"How Humanity Protocol CEO drove his previous firm to insolvency — Protos","type":"news_article","url":"https://protos.com/how-humanity-protocol-ceo-drove-his-previous-firm-to-insolvency/"},{"credibility":2,"name":"What Happened to Tink Labs, the First Hong Kong Unicorn? — Failory","type":"news_article","url":"https://www.failory.com/cemetery/tink-labs"},{"credibility":2,"name":"How this $1.5B hotel phone empire burned $170M in 7 years — The Runway","type":"news_article","url":"https://www.therunway.ventures/p/tink-labs"},{"credibility":2,"name":"Humanity was hacked for $31 million — Was it a hack or a staged attack? — PANews","type":"news_article","url":"https://www.panewslab.com/en/articles/019eabaf-50d3-75d7-9a94-24bdcbb4adff"},{"credibility":2,"name":"Humanity Protocol Founder Confirms Private Key Breach as H Token Collapses 90% — NFT Plazas","type":"news_article","url":"https://nftplazas.com/humanity-protocol-32m-exploit/"},{"credibility":2,"name":"FBI and SEC likely investigating Mario Nawfal after wave of complaints — Protos","type":"news_article","url":"https://protos.com/fbi-and-sec-likely-investigating-mario-nawfal-after-wave-of-complaints/"},{"credibility":2,"name":"Explained: The Humanity Protocol Hack (June 2026) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-humanity-protocol-hack-june-2026"},{"credibility":2,"name":"Humanity Protocol Plans New H Token After $36 Million Key Compromise — NewsBTC","type":"news_article","url":"https://www.newsbtc.com/news/humanity-protocol-plans-new-h-token-after-36-million-key-compromise/"},{"credibility":2,"name":"Humanity Protocol blames North Korea-linked hackers for $36M theft — Crypto.news","type":"news_article","url":"https://crypto.news/humanity-protocol-blames-north-korea-linked-hackers-for-36m-theft/"},{"credibility":2,"name":"ZachXBT Says Humanity Crypto $32M Hack Looks 'Possibly Staged' — The Tokenist","type":"news_article","url":"https://tokenist.com/zachxbt-humanity-crypto-protocol-hack-crypto-etf-risk/"}],"summary":"Terence Kwok is the founder of Humanity Protocol, a biometric decentralized identity project that raised $50 million from investors including Pantera Capital and Jump Crypto at a $1.1 billion valuation. On June 8–9, 2026, the project suffered a breach in which approximately $36 million was stolen via compromised private keys, causing the H token to crash 80–90%. On-chain investigator ZachXBT publicly characterized the incident as 'possibly staged,' citing pre-funded attacker wallets and a pattern consistent with a market-maker exit, though a subsequent investigation by security firm Quantstamp attributed the attack to DPRK-affiliated threat actors using a phishing campaign.","timeline":[{"date":"2012-01-01","event":"Terence Kwok founds Tink Labs in Hong Kong, approximately age 19–20, to supply complimentary smartphones to hotel guests.","source":"Failory / The Runway","source_url":"https://www.failory.com/cemetery/tink-labs"},{"date":"2019-07-01","event":"Over 100 Tink Labs employees in European, Middle Eastern, and African offices do not receive their July salaries as the company runs out of funds. SoftBank had previously forced a halt to a Japan joint venture over concerns about misallocation of funds.","source":"Protos","source_url":"https://protos.com/how-humanity-protocol-ceo-drove-his-previous-firm-to-insolvency/"},{"date":"2019-08-01","event":"Tink Labs officially closes. The company subsequently enters formal insolvency and bankruptcy liquidation proceedings in January 2020.","source":"Failory","source_url":"https://www.failory.com/cemetery/tink-labs"},{"date":"2024-05-01","event":"Humanity Protocol closes a $30 million seed round led by Kingsway Capital, with Animoca Brands, Blockchain.com, and Shima Capital participating, at a reported $1 billion valuation.","source":"The Block","source_url":"https://www.theblock.co/post/337538/pantera-capital-and-jump-crypto-lead-20-million-funding-round-for-humanity-protocol"},{"date":"2025-01-28","event":"Humanity Protocol closes a $20 million funding round led by Pantera Capital and Jump Crypto at a $1.1 billion fully diluted valuation.","source":"The Block","source_url":"https://www.theblock.co/post/337538/pantera-capital-and-jump-crypto-lead-20-million-funding-round-for-humanity-protocol"},{"date":"2026-01-26","event":"Humanity Investments, Humanity Protocol's venture arm, leads a $6.9 million seed round for 'Everything,' a unified perpetual-futures and payments exchange. Animoca Brands and WallStreetBets founder also participate.","source":"Pulse2","source_url":"https://pulse2.com/everything-6-9-million-seed-funding/"},{"date":"2025-06-26","event":"A leaked conversation surfaces in which Terence Kwok tells content creator Zun that of approximately nine million Human IDs created, only about one million have completed biometric verification, implying up to 88% bot accounts. The H token subsequently falls over 61% from its launch price.","source":"DL News","source_url":"https://www.dlnews.com/articles/people-culture/humanity-protocol-token-falls-founder-admits-network-is-mostly-bots/"},{"date":"2026-05-30","event":"H token surges 31% in a single day with a 134% volume increase, beginning a price run-up in the weeks before the exploit.","source":"CryptoTimes","source_url":"https://www.cryptotimes.io/2026/06/10/one-laptop-36-million-and-a-token-collapse-inside-the-humanity-protocol-exploit/"},{"date":"2026-06-01","event":"H token reaches an all-time high of approximately $0.85 following a 61% single-day rally.","source":"CryptoTimes","source_url":"https://www.cryptotimes.io/2026/06/10/one-laptop-36-million-and-a-token-collapse-inside-the-humanity-protocol-exploit/"},{"date":"2026-06-05","event":"According to Quantstamp's post-incident investigation, the attack begins with a phishing email sent to a Humanity Protocol director, impersonating South Korean exchange Bithumb and containing a malicious attachment with remote-access malware.","source":"Crypto Briefing","source_url":"https://cryptobriefing.com/humanity-protocol-36m-hack-north-korean-hackers/"},{"date":"2026-06-06","event":"Humanity Protocol announces H token staking launch with 30 million tokens in rewards, generating additional market interest days before the exploit.","source":"CryptoTimes","source_url":"https://www.cryptotimes.io/2026/06/09/zachxbt-calls-32m-humanity-protocol-hack-possibly-staged-h-crashes-86/"},{"date":"2026-06-08","event":"Attackers execute the exploit on June 8–9, draining approximately 141 million H tokens from the Ethereum bridge, minting approximately 300 million H on BNB Chain, and stealing roughly 6 million H from an administrative wallet. Total losses exceed $36 million. H token collapses 80–90% from its recent high.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2026/06/09/humanity-protocol-token-crashes-more-than-80-after-a-usd32-million-private-key-hack"},{"date":"2026-06-09","event":"Terence Kwok publicly confirms the breach. ZachXBT posts to his Telegram channel characterizing the incident as 'possibly staged,' citing pre-funded attacker wallets and the exclusive use of DEXs for liquidation.","source":"CryptoTimes / Bitcoin.com News","source_url":"https://www.cryptotimes.io/2026/06/09/zachxbt-calls-32m-humanity-protocol-hack-possibly-staged-h-crashes-86/"},{"date":"2026-06-13","event":"Security firm Quantstamp releases its investigation findings, attributing the attack to DPRK-affiliated threat actors based on phishing methodology, malware certificate signatures, and operational patterns consistent with North Korean cyber groups.","source":"CryptoTimes","source_url":"https://www.cryptotimes.io/2026/06/13/humanity-protocol-36m-hack-phishing-email-dprk-links-revealed/"},{"date":"2026-06-16","event":"Humanity Protocol announces a recovery plan: a 1:1 token replacement airdrop using a June 8 pre-exploit snapshot, an H Compensation Fund for edge cases, identity verification requirements for claimants linked to DPRK attribution, and a planned Humanity Mainnet relaunch.","source":"CryptoTimes","source_url":"https://www.cryptotimes.io/2026/06/16/humanity-protocol-unveils-h-token-recovery-and-airdrop-plan-post-36m-hack/"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision caf8abef-22d8-4259-bc38-c6fe9dc44d28
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.