Humanity Protocol has announced a full token migration and 1:1 airdrop of new H tokens as the project’s first concrete steps to compensate owners after a $36 million exploit on June 8th.
The team posted a recovery plan to X on Monday. The previous H token on Ethereum was $BNB The Chain, and Humanity mainnet has been decommissioned and replaced with a newly audited ERC-20 contract deployed on Ethereum.
New tokens will be airdropped 1:1 to holders based on snapshots taken on Ethereum. $BNB Chain and Humanity mainnet, June 8th, just before the exploit. According to CoinGecko, the H token fell about 27% to about $0.22 on Monday, down about 73% from its all-time high of $0.84 on June 2.
“We know it’s been a long wait, but your patience meant everything to us,” Humanity Protocol said.
Who automatically gets airdrops
Standard externally owned accounts holding H on any of the three chains at the time of the snapshot will receive new tokens directly with no action required. Wallets linked to the attackers and addresses identified by security firm Quantstamp during post-exploitation investigations have been excluded.
H held within a liquidity pool, vault, or smart contract at the time of a snapshot cannot be automatically attributed to individual holders. These balances will be transferred to a vault and the project will coordinate with affected parties regarding distribution, it said.
Insurance claims fund for complex cases
Humanity Protocol has established a separate H Compensation Fund to address situations not covered by automated airdrops. The three categories are holders with H in third-party protocol integrations, decentralized liquidity pool exposure, and users who purchased H after the June 8th snapshot and still hold their tokens.
Post-snapshot buyers seeking compensation must complete identity verification before funds can be processed. The project cited its affiliation with North Korea, which was flagged by Quantstamp, as the reason for the compliance requirement.
“As the exploit is associated with North Korea-related threat actors, we are working closely with relevant authorities regarding AML compliance,” Humanity Protocol said.
Quantstamp’s investigation summary, published via Humanity Protocol’s own website on June 11, traced the attack to a phishing email spoofing South Korean exchange Bithumb, which installed malware on the director’s Windows machine and gave the attackers remote access to private keys. The breach resulted in approximately 141.18 million H tokens being leaked from Ethereum Bridge and enabled the minting of approximately 100 million additional tokens on BSC. The attackers used Hancom digital certificates to sign the malware, a method Quantstamp described as “a hallmark of DPRK intrusions.”
Mainnet restart scheduled
Humanity Protocol said it plans to reboot Humanity Mainnet in the coming weeks with the new H token acting as its native gas token. The project is coordinating with centralized exchanges, bridge providers and liquidity partners on the migration schedule. Exchange users should follow their own platform announcements for token migration instructions.
The project warned holders to avoid false airdrops and link claims, and said official communications will only occur through verified Humanity Protocol channels.
What remains unresolved
The stolen funds have not yet been recovered. Quantstamp’s research notes that as of June 11, there was more than $21 million in ETH in wallets controlled by the attackers. $BNBRevenues for the side are still being tallied.
The Compensation Fund does not specify how post-snapshot purchasers will be individually evaluated other than identity verification. Humanity Protocol also did not disclose the total balance of H tokens in the smart contract that will be transferred to the vault.
Defiant’s original coverage on June 9th documented the first breach. The project’s Quantstamp forensics and Monday’s compensation announcement mark two concrete public actions taken since then.
