Verify a decision

{"actor":"system:backfill","investigation_id":"bf6890ab-103f-42e0-9e2a-e5dc9d2237a5","kind":"publish","page_slug":"humanity-protocol-h-token-hack","published_at":"2026-06-23T23:08:36.225Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Humanity Protocol H Token Hack","sections":[{"content":"Humanity Protocol is a decentralized identity project founded by Terence Kwok that uses palm-vein biometrics combined with zero-knowledge proofs to allow users to prove their humanity without revealing personal data. The protocol operates a native L1 blockchain and bridges its H token across Ethereum and BNB Smart Chain via a Hyperlane-based bridge secured by Gnosis Safe multisig wallets. On June 8-9, 2026, attackers exploited compromised private keys belonging to a Humanity Foundation member to drain approximately $36 million in H tokens across multiple chains. The exploit is classified as an operational security failure — no smart contract code vulnerabilities were involved. The H token, which had reached an all-time high of approximately $0.67 on June 1, 2026, collapsed to below $0.08 within hours of the attack, representing a peak intraday decline of approximately 88-89%. At the time of the incident, Humanity Protocol was valued at over $1 billion.","heading":"Incident Overview","severity":"critical","sources":[{"credibility":1,"name":"Humanity Protocol token crashes more than 80% after a $32 million private-key hack","type":"news_article","url":"https://www.coindesk.com/tech/2026/06/09/humanity-protocol-token-crashes-more-than-80-after-a-usd32-million-private-key-hack"},{"credibility":2,"name":"Humanity Protocol Loses $36M After Private Keys Compromised, Token Crashes 73%","type":"news_article","url":"https://decrypt.co/370485/humanity-protocol-loses-36m-after-private-keys-compromised-token-crashes-73"},{"credibility":2,"name":"One Laptop, $36 Million, and a Token Collapse: Inside the Humanity Protocol Exploit","type":"news_article","url":"https://www.cryptotimes.io/2026/06/10/one-laptop-36-million-and-a-token-collapse-inside-the-humanity-protocol-exploit/"}]},{"content":"The attack originated from a targeted phishing email impersonating South Korean exchange Bithumb, sent to a Humanity Protocol director. The malicious attachment installed remote-access malware on the recipient's device, granting the attacker root access. The compromised machine contained private keys for seven wallet accounts across Ethereum and BNB Smart Chain, including admin hot wallets and Gnosis Safe owner keys used to control the protocol's Hyperlane bridge.\n\nThe breach involved three distinct attack vectors:\n\n1. Admin hot wallet compromise: The attacker stole a private key from an admin-controlled wallet and drained approximately 6 million H tokens directly.\n\n2. Ethereum bridge takeover: Three of the six Gnosis Safe owner keys controlling the Hyperlane bridge ProxyAdmin contract on Ethereum were compromised. This provided the attacker with the threshold majority needed to transfer proxy admin ownership, upgrade the bridge contract to a malicious implementation, and drain approximately 141.2 million H tokens in a single transaction.\n\n3. BNB Smart Chain unauthorized minting: Using compromised three-of-five Gnosis Safe keys on BSC, the attacker gained ProxyAdmin control of the H token contract and minted approximately 100-300 million additional H tokens in separate transactions (figures vary by source between $12.9 million and approximately $36 million in total cross-chain impact).\n\nThe core vulnerability was not a smart contract bug but an operational security failure: multiple critical private keys were stored or inadvertently backed up to the same compromised device, collapsing the effective security of the multisig model. Humanity's post-mortem indicated the keys 'were accidentally backed up to a compromised device during setup.' Founder Terence Kwok disclosed the breach publicly and urged users to 'stop touching its bridge' and avoid liquidity pools until containment was confirmed.","heading":"Attack Vector and Technical Details","severity":"critical","sources":[{"credibility":1,"name":"Humanity's $36 million exploit happened because a multisig lived on one laptop","type":"news_article","url":"https://www.coindesk.com/tech/2026/06/09/humanity-s-usd36-million-exploit-happened-because-a-multisig-wallet-lived-on-one-laptop"},{"credibility":2,"name":"One Laptop, $36 Million, and a Token Collapse: Inside the Humanity Protocol Exploit","type":"news_article","url":"https://www.cryptotimes.io/2026/06/10/one-laptop-36-million-and-a-token-collapse-inside-the-humanity-protocol-exploit/"},{"credibility":2,"name":"Explained: The Humanity Protocol Hack (June 2026)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-humanity-protocol-hack-june-2026"},{"credibility":2,"name":"Humanity Protocol Reveals Employee Laptop Breach Behind $36M Exploit","type":"news_article","url":"https://www.cryptotimes.io/2026/06/09/humanity-protocol-reveals-employee-laptop-breach-behind-36m-exploit/"},{"credibility":2,"name":"Humanity Protocol founder reveals employee laptop breach behind $36M exploit","type":"news_article","url":"https://crypto.news/humanity-founder-reveals-employee-laptop-breach-behind-36m-exploit/"}]},{"content":"The total unique impact of the exploit is estimated at approximately 447 million H tokens, comprising tokens stolen directly from bridge wallets and tokens minted without authorization on BNB Smart Chain. The dollar-denominated loss is reported variously between $32 million and $36 million across sources, reflecting the rapidly falling token price during the incident window.\n\nThe H token declined from an approximate high of $0.67-$0.73 (reached June 1, 2026) to below $0.08 within hours of the attack becoming public on June 9, 2026 — an intraday drop of approximately 82-89%. At its lowest point, the token briefly traded near $0.05. The attacker swapped a significant portion of the stolen H tokens for ETH on decentralized exchanges including Kyber Network and PancakeSwap, generating sustained sell pressure. None of the stolen funds were moved through centralized platforms at the time of reporting, according to on-chain analysis.\n\nThe hack timing coincided with a scheduled unlock of approximately 266.5 million additional H tokens on June 25, 2026, which had created further uncertainty about the token's recovery prospects.\n\nBy June 12, 2026, the H token staged a partial relief rally of approximately 43-44%, though it remained significantly below pre-hack levels.","heading":"Financial Impact and Token Price Collapse","severity":"critical","sources":[{"credibility":2,"name":"Humanity Protocol Loses $36M After Private Keys Compromised, Token Crashes 73%","type":"news_article","url":"https://decrypt.co/370485/humanity-protocol-loses-36m-after-private-keys-compromised-token-crashes-73"},{"credibility":1,"name":"Wallets linked to Humanity Protocol drained for over $32 million, token plunges 89%","type":"news_article","url":"https://www.theblock.co/post/404053/humanity-protocol-exploit"},{"credibility":2,"name":"Humanity Protocol Token Jumps 44% in Post-Exploit Relief Rally","type":"news_article","url":"https://beincrypto.com/humanity-protocol-h-token-relief-rally/"},{"credibility":2,"name":"Humanity Protocol H Token Crashes 82% After $32M Hack","type":"news_article","url":"https://bitcoinfoundation.org/news/crimes-and-fraud-news/humanity-protocol-hacked/"}]},{"content":"Blockchain security firm Quantstamp investigated the malware used in the attack and identified tooling and certificate-signing patterns characteristic of DPRK-affiliated hacking groups. Quantstamp attributed the hack to 'suspected North Korean hackers,' stopping short of a definitive attribution to a specific unit such as the Lazarus Group, but describing the attack chain as consistent with North Korean intrusion methodologies observed in prior crypto-sector attacks.\n\nAccording to Quantstamp's analysis, the attack chain followed a documented DPRK playbook: spearphishing via a convincing exchange impersonation, malware delivery through a malicious attachment, remote access establishment to exfiltrate private keys, and coordinated multi-chain exploitation. The Humanity Protocol attack shares structural characteristics with the February 2026 Bybit hack, which was attributed to the Lazarus Group and involved similar bridge and multisig exploitation techniques.\n\nOn-chain analyst Elton's earlier review of pre-exploit wallet activity noted that attacker wallets had been pre-funded weeks in advance using a combination of exchange withdrawals and mixer transactions in late April and May 2026, suggesting the attack was planned rather than opportunistic. This pre-positioning pattern is also consistent with DPRK operational tradecraft.\n\nNo official government body had issued a formal public attribution as of the time of this investigation.","heading":"Attribution: Suspected DPRK-Affiliated Threat Actors","severity":"critical","sources":[{"credibility":2,"name":"Humanity Protocol's $36M hack linked to suspected North Korean hackers, Quantstamp reports","type":"research","url":"https://cryptobriefing.com/humanity-protocol-36m-hack-north-korean-hackers/"},{"credibility":2,"name":"Quantstamp Investigation Links Humanity Protocol Hack To DPRK Actors, 141M H Moved","type":"news_article","url":"https://blockchainreporter.net/quantstamp-investigation-links-humanity-protocol-hack-to-dprk-actors-141m-h-moved/"},{"credibility":2,"name":"Humanity Protocol Hack Tooling Linked to North Korean Hackers: Quantstamp","type":"news_article","url":"https://cointelegraph.com/news/humanity-protocol-hack-linked-north-korean-actors-quantstamp"}]},{"content":"Shortly after the exploit became public, on-chain investigator ZachXBT publicly questioned the legitimacy of the team's account. ZachXBT wrote that the incident 'seems possibly staged' and stated he was 'not buying the team's story,' alleging it was 'a convenient way for the active MM to have exited.' His theory centered on observed price manipulation preceding the exploit — a alleged 'crime pump' with no clear fundamental catalyst — and the suggestion that an active market maker may have coordinated with the team to use the hack as a cover exit.\n\nHowever, after further analysis of fund flows, ZachXBT revised his position and concluded that 'the sketchy MM / OTC and private key compromise are independent of one another and not related,' effectively ruling out the staged hack hypothesis. He determined that evidence pointed to a genuine private key compromise rather than insider orchestration.\n\nSeparate on-chain analysis noted that attacker wallets were pre-funded from an exchange and a mixer in late April and May 2026 — weeks before the exploit — a pattern more consistent with an external sophisticated threat actor than a team-orchestrated exit.","heading":"ZachXBT Investigation: Inside Job Claims and Subsequent Retraction","severity":"high","sources":[{"credibility":2,"name":"ZachXBT Calls $32M Humanity Protocol Hack Possibly Staged, $H Crashes 86%","type":"news_article","url":"https://www.cryptotimes.io/2026/06/09/zachxbt-calls-32m-humanity-protocol-hack-possibly-staged-h-crashes-86/"},{"credibility":2,"name":"Humanity Protocol Loses $32M in Private Key Hack as ZachXBT Calls Incident Possibly Staged","type":"news_article","url":"https://news.bitcoin.com/humanity-protocol-exploit-zachxbt-staged/"},{"credibility":2,"name":"ZachXBT rules out insider theft in Humanity Protocol's $31M exploit","type":"news_article","url":"https://crypto.news/zachxbt-rules-out-insider-theft-in-humanity-protocols-31m-exploit/"},{"credibility":2,"name":"Is Humanity Protocol's $32M Hack an Exit Scam? What ZachXBT's Investigation Reveals","type":"news_article","url":"https://memeburn.com/is-humanity-protocols-32m-hack-an-exit-scam-what-zachxbts-investigation-reveals/"}]},{"content":"Humanity Protocol announced a formal recovery program and token migration on or around June 16, 2026. The team deployed a newly audited ERC-20 smart contract on Ethereum (contract address 0xE76c5b78f93909d34404E9eb4C1f19e7582a5dE1) to replace the compromised H tokens across Ethereum, BNB Smart Chain, and Humanity Mainnet.\n\nEligible holders receive replacement H tokens at a 1:1 ratio based on pre-exploit wallet balances. The snapshot was taken immediately before the exploit using the following block heights: Ethereum block 25,274,179; BNB Chain block 103,071,069; and Humanity Mainnet block 24,247,803 (all corresponding to approximately June 8, 2026, 17:25:35 UTC).\n\nHolders of externally owned accounts (EOAs) on the three supported chains at the snapshot time receive their replacement tokens via automatic airdrop. A manual claims portal at claim.humanity.org processes cases requiring individual review, including H held in liquidity pools, smart contract vaults, or third-party protocol integrations, as well as users who purchased H after the snapshot date but retained their holdings.\n\nThe team additionally established an H Compensation Fund for more complex edge cases, and announced a $1 million USDT bounty for information leading to recovery of stolen funds, with recovered assets committed to H token buybacks. Due to the DPRK attribution, claimants seeking compensation from the fund are required to complete identity verification before distribution.\n\nThe protocol also warned users to avoid phishing sites impersonating the claims portal, stating that official announcements would only originate from verified channels.","heading":"Recovery Program and Token Migration","severity":"medium","sources":[{"credibility":1,"name":"H Token Recovery Program — Humanity Protocol","type":"official","url":"https://claim.humanity.org/"},{"credibility":2,"name":"Humanity Protocol sets new H airdrop after $36M exploit","type":"news_article","url":"https://crypto.news/humanity-protocol-sets-new-h-airdrop-after-36m-exploit/"},{"credibility":2,"name":"Humanity Protocol Unveils H Token Recovery and Airdrop Plan Post $36M Hack","type":"news_article","url":"https://www.cryptotimes.io/2026/06/16/humanity-protocol-unveils-h-token-recovery-and-airdrop-plan-post-36m-hack/"},{"credibility":2,"name":"Humanity Protocol Plans New H Token After $36 Million Key Compromise","type":"news_article","url":"https://www.newsbtc.com/news/humanity-protocol-plans-new-h-token-after-36-million-key-compromise/"},{"credibility":2,"name":"Humanity Protocol Launches New H Token Airdrop After $36M Exploit","type":"news_article","url":"https://thedefiant.io/news/tokens/humanity-protocol-h-token-airdrop-recovery-36m-exploit"}]},{"content":"Security analysts uniformly characterized the Humanity Protocol exploit as an operational security failure rather than a smart contract vulnerability. The core design assumption of a multisig wallet — that multiple independent signers on geographically or physically separate devices must coordinate to authorize transactions — was negated by the storage of multiple signing keys on a single device.\n\nHalborn and other security commentators noted that the incident reflects a 2026 industry pattern in which private key compromise accounts for the majority of major losses rather than code-level vulnerabilities. The attack is structurally similar to the Bybit hack earlier in 2026 (attributed to the Lazarus Group), which also exploited Safe multisig configurations through social engineering and key theft rather than smart contract exploits.\n\nThe Humanity Protocol case is particularly notable for the operational context: the protocol's core value proposition centers on identity verification and trust infrastructure using zero-knowledge proofs, yet its own treasury and bridge security relied on keys stored on a single employee's laptop without hardware security module (HSM) protection or physical key separation. This gap between the protocol's stated security posture and its internal key management practices has been noted by multiple security researchers.\n\nThe suspected DPRK attribution, if confirmed, would place this attack in a broader pattern in which North Korean state-sponsored actors were estimated to account for approximately 76% of crypto losses recorded in early 2026.","heading":"Operational Security Failures and Broader Context","severity":"high","sources":[{"credibility":2,"name":"Explained: The Humanity Protocol Hack (June 2026)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-humanity-protocol-hack-june-2026"},{"credibility":2,"name":"Humanity Protocol H Token Compromise: One Email, $36M Lost, 89% Crash","type":"news_article","url":"https://en.cryptonomist.ch/2026/06/13/humanity-protocol-h-token-compromise/"},{"credibility":2,"name":"The Lazarus Group and DPRK Crypto Theft in 2026","type":"research","url":"https://www.sanctions.io/blog/the-lazarus-group-and-dprk-crypto-theft-in-2026"},{"credibility":2,"name":"Humanity Protocol says compromised admin keys led to $36M exploit","type":"news_article","url":"https://crypto.news/humanity-protocol-says-compromised-admin-keys-led-to-36m-exploit/"}]}],"sources_used":[{"credibility":1,"name":"Humanity Protocol token crashes more than 80% after a $32 million private-key hack","type":"news_article","url":"https://www.coindesk.com/tech/2026/06/09/humanity-protocol-token-crashes-more-than-80-after-a-usd32-million-private-key-hack"},{"credibility":1,"name":"Humanity's $36 million exploit happened because a multisig lived on one laptop","type":"news_article","url":"https://www.coindesk.com/tech/2026/06/09/humanity-s-usd36-million-exploit-happened-because-a-multisig-wallet-lived-on-one-laptop"},{"credibility":1,"name":"Wallets linked to Humanity Protocol drained for over $32 million, token plunges 89%","type":"news_article","url":"https://www.theblock.co/post/404053/humanity-protocol-exploit"},{"credibility":2,"name":"Humanity Protocol Loses $36M After Private Keys Compromised, Token Crashes 73%","type":"news_article","url":"https://decrypt.co/370485/humanity-protocol-loses-36m-after-private-keys-compromised-token-crashes-73"},{"credibility":2,"name":"One Laptop, $36 Million, and a Token Collapse: Inside the Humanity Protocol Exploit","type":"news_article","url":"https://www.cryptotimes.io/2026/06/10/one-laptop-36-million-and-a-token-collapse-inside-the-humanity-protocol-exploit/"},{"credibility":2,"name":"Humanity Protocol Reveals Employee Laptop Breach Behind $36M Exploit","type":"news_article","url":"https://www.cryptotimes.io/2026/06/09/humanity-protocol-reveals-employee-laptop-breach-behind-36m-exploit/"},{"credibility":2,"name":"Explained: The Humanity Protocol Hack (June 2026)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-humanity-protocol-hack-june-2026"},{"credibility":2,"name":"Humanity Protocol H token hack drains $30M in keys breach","type":"news_article","url":"https://en.cryptonomist.ch/2026/06/09/humanity-protocol-h-token-hack/"},{"credibility":2,"name":"Humanity Protocol H Token Compromise: One Email, $36M Lost, 89% Crash","type":"news_article","url":"https://en.cryptonomist.ch/2026/06/13/humanity-protocol-h-token-compromise/"},{"credibility":2,"name":"Humanity Protocol Hit by $36M+ Private Key Hack, H Token Crashes 85%","type":"news_article","url":"https://www.ccn.com/education/crypto/humanity-protocol-private-key-hack-36m-h-token-crash/"},{"credibility":2,"name":"Humanity Protocol Loses $32M in Private Key Hack as ZachXBT Calls Incident Possibly Staged","type":"news_article","url":"https://news.bitcoin.com/humanity-protocol-exploit-zachxbt-staged/"},{"credibility":2,"name":"ZachXBT Calls $32M Humanity Protocol Hack Possibly Staged, $H Crashes 86%","type":"news_article","url":"https://www.cryptotimes.io/2026/06/09/zachxbt-calls-32m-humanity-protocol-hack-possibly-staged-h-crashes-86/"},{"credibility":2,"name":"ZachXBT rules out insider theft in Humanity Protocol's $31M exploit","type":"news_article","url":"https://crypto.news/zachxbt-rules-out-insider-theft-in-humanity-protocols-31m-exploit/"},{"credibility":2,"name":"Humanity Protocol's $36M hack linked to suspected North Korean hackers, Quantstamp reports","type":"research","url":"https://cryptobriefing.com/humanity-protocol-36m-hack-north-korean-hackers/"},{"credibility":2,"name":"Humanity Protocol Hack Tooling Linked to North Korean Hackers: Quantstamp","type":"news_article","url":"https://cointelegraph.com/news/humanity-protocol-hack-linked-north-korean-actors-quantstamp"},{"credibility":2,"name":"Quantstamp Investigation Links Humanity Protocol Hack To DPRK Actors, 141M H Moved","type":"news_article","url":"https://blockchainreporter.net/quantstamp-investigation-links-humanity-protocol-hack-to-dprk-actors-141m-h-moved/"},{"credibility":1,"name":"H Token Recovery Program — Humanity Protocol","type":"official","url":"https://claim.humanity.org/"},{"credibility":2,"name":"Humanity Protocol sets new H airdrop after $36M exploit","type":"news_article","url":"https://crypto.news/humanity-protocol-sets-new-h-airdrop-after-36m-exploit/"},{"credibility":2,"name":"Humanity Protocol Unveils H Token Recovery and Airdrop Plan Post $36M Hack","type":"news_article","url":"https://www.cryptotimes.io/2026/06/16/humanity-protocol-unveils-h-token-recovery-and-airdrop-plan-post-36m-exploit/"},{"credibility":2,"name":"Humanity Protocol Plans New H Token After $36 Million Key Compromise","type":"news_article","url":"https://www.newsbtc.com/news/humanity-protocol-plans-new-h-token-after-36-million-key-compromise/"},{"credibility":2,"name":"Humanity Protocol Launches New H Token Airdrop After $36M Exploit","type":"news_article","url":"https://thedefiant.io/news/tokens/humanity-protocol-h-token-airdrop-recovery-36m-exploit"},{"credibility":2,"name":"Humanity Protocol Token Jumps 44% in Post-Exploit Relief Rally","type":"news_article","url":"https://beincrypto.com/humanity-protocol-h-token-relief-rally/"},{"credibility":2,"name":"Humanity Protocol Hack: $36M Phishing-Led Token Theft","type":"research","url":"https://cryptomortem.com/event/humanity-protocol-hack-2026"},{"credibility":2,"name":"Humanity Protocol says compromised admin keys led to $36M exploit","type":"news_article","url":"https://crypto.news/humanity-protocol-says-compromised-admin-keys-led-to-36m-exploit/"},{"credibility":2,"name":"The Lazarus Group and DPRK Crypto Theft in 2026","type":"research","url":"https://www.sanctions.io/blog/the-lazarus-group-and-dprk-crypto-theft-in-2026"}],"summary":"On June 8-9, 2026, Humanity Protocol suffered a $36 million exploit when attackers compromised private keys stored on a malware-infected employee laptop, enabling them to drain approximately 141 million H tokens from an Ethereum bridge and mint an additional 300+ million tokens on BNB Smart Chain. The protocol's H token crashed 80-89% within hours of the attack becoming public. Blockchain security firm Quantstamp later attributed the attack tooling to DPRK-affiliated threat actors, and the team has since launched a token migration and recovery program with a $1 million USDT bounty for information.","timeline":[{"date":"2026-05-30","event":"H token surged 31% with 134% volume increase, with no clear fundamental catalyst — flagged retroactively by on-chain analysts as possible pre-exploit price manipulation.","source":"CryptoTimes","source_url":"https://www.cryptotimes.io/2026/06/10/one-laptop-36-million-and-a-token-collapse-inside-the-humanity-protocol-exploit/"},{"date":"2026-06-01","event":"H token rose approximately 60%, reaching an all-time high of around $0.67.","source":"CryptoTimes","source_url":"https://www.cryptotimes.io/2026/06/10/one-laptop-36-million-and-a-token-collapse-inside-the-humanity-protocol-exploit/"},{"date":"2026-06-05","event":"Alleged date of initial phishing email sent to Humanity Protocol director, impersonating Bithumb exchange and initiating the attack chain.","source":"Cryptomortem / CryptoBriefing","source_url":"https://cryptomortem.com/event/humanity-protocol-hack-2026"},{"date":"2026-06-08","event":"Cross-chain exploit executed. Attackers used compromised Gnosis Safe keys to drain approximately 141.2 million H tokens from the Ethereum Hyperlane bridge and mint approximately 100-300 million H tokens on BNB Smart Chain. Snapshot block heights captured for recovery: Ethereum block 25,274,179 at approximately 17:25:35 UTC.","source":"Decrypt / CryptoTimes","source_url":"https://decrypt.co/370485/humanity-protocol-loses-36m-after-private-keys-compromised-token-crashes-73"},{"date":"2026-06-09","event":"Exploit becomes public. H token collapses from approximately $0.67-0.73 to below $0.08, a decline of 82-89%. Founder Terence Kwok confirms private key compromise and urges users to avoid the bridge and liquidity pools. ZachXBT publicly questions the incident as 'possibly staged.'","source":"CoinDesk / Decrypt / CryptoTimes","source_url":"https://www.coindesk.com/tech/2026/06/09/humanity-protocol-token-crashes-more-than-80-after-a-usd32-million-private-key-hack"},{"date":"2026-06-10","event":"Detailed post-mortem reporting published. Humanity Protocol discloses that seven private keys were stored on one malware-infected employee laptop, confirming the single-point-of-failure nature of the breach.","source":"CryptoTimes / The Defiant","source_url":"https://www.cryptotimes.io/2026/06/10/one-laptop-36-million-and-a-token-collapse-inside-the-humanity-protocol-exploit/"},{"date":"2026-06-12","event":"H token stages a 43-44% relief rally. ZachXBT revises his earlier position, concluding that the suspicious market maker activity and the key compromise are independent events, ruling out insider orchestration.","source":"BeInCrypto / crypto.news","source_url":"https://beincrypto.com/humanity-protocol-h-token-relief-rally/"},{"date":"2026-06-13","event":"Humanity Protocol announces a $1 million USDT bounty for information leading to recovery of stolen funds and commits recovered assets to H token buybacks.","source":"Cryptonomist","source_url":"https://en.cryptonomist.ch/2026/06/13/humanity-protocol-h-token-compromise/"},{"date":"2026-06-16","event":"Humanity Protocol announces formal token migration plan and recovery airdrop program. New audited ERC-20 contract deployed at 0xE76c5b78f93909d34404E9eb4C1f19e7582a5dE1. Claims portal launched at claim.humanity.org.","source":"CryptoTimes / crypto.news","source_url":"https://www.cryptotimes.io/2026/06/16/humanity-protocol-unveils-h-token-recovery-and-airdrop-plan-post-36m-hack/"},{"date":"2026-06-16","event":"Quantstamp publishes findings attributing the attack tooling and certificate-signing patterns to DPRK-affiliated threat actors, consistent with North Korean state-sponsored hacking methodology.","source":"CryptoBriefing / CoinTelegraph","source_url":"https://cryptobriefing.com/humanity-protocol-36m-hack-north-korean-hackers/"}]},"v":1}