The Humanity Protocol, a decentralized identity and universal basic income project, has announced a full token replacement following a security breach that resulted in approximately $36 million in losses. All existing H tokens on Ethereum, BNB Chain (BSC), and the project's mainnet will be permanently discarded. A new, audited ERC-20 token will be issued on Ethereum and airdropped to eligible holders at a 1:1 ratio.
The exploit was traced to malware on a developer's machine that exposed private key backups, including admin hot wallet and multisig keys across Ethereum and BSC. Attackers exploited this access to mint 447 million H tokens. The team determined that a complete token migration was the only secure path to eliminate residual risk.
Eligibility will be determined by a snapshot taken on June 8, 2026, at 17:25:35 UTC. The new token contract address is 0xE76c5b78f93909d34404E9eb4C1f19e7582a5dE1. While most holders will receive tokens automatically, the project will operate an H Compensation Fund for edge cases. However, some claimants may face KYC/AML screening after forensic analysis identified patterns linked to North Korea-associated threat actors.
The incident underscores the critical importance of operational security, even for audited smart contracts. For H token holders, the immediate focus will be on the claim process, eligibility rules, and exchange support during the migration. The success of this recovery plan will hinge on clear communication and secure execution to restore community trust.
