Key Highlights
- Attackers used a phishing email to steal private keys, then took full control of Humanity Protocol’s admin systems and moved about $36M in assets.
- Stolen funds were split across wallets, swapped into USDC, and sent to KuCoin, while also moving through DEXs like Uniswap and PancakeSwap
- The exploit caused the price of the H token to fall about 13% as of today.
Just a couple of weeks after the $36 million exploit on Humanity Protocol, the attackers have reportedly already begun swapping stolen tokens, according to blockchain analytics firm Lookonchain.
In an X post shared on Saturday, the firm reported that the attacker had converted part of the stolen funds into $USDC and deposited it into KuCoin.
The funds were split and transferred across multiple wallets, including repeated ETH transfers between 10 to 50 ETH, while one large transfer of about 500 ETH was also tracked under wallets linked to “Humanity Protocol Expl.” The attacker then swapped about $36,000 into USDT, followed by two additional swaps worth about $50,000 and $86,000.
The attacker kept splitting and sending funds to different addresses in order to make it harder for the funds to be tracked and to hide where the money really came from. At the same time, some funds moved through decentralized exchanges like Uniswap and PancakeSwap, while other parts were swapped into USDC before reaching KuCoin.
How the exploit happened
The exploit occurred on June 8, 2026, and started with a phishing email sent to a project director. The email was made to look like it came from Bithumb, a well-known South Korean crypto exchange.
But inside was a harmful file. Once it was opened, malware was installed on the director’s computer. This gave the attacker full remote control of the device without being noticed by security tools.
From there, things got worse. The attacker was able to take private keys and wallet data stored on the device. These keys gave access to important admin accounts in the project. With this access, the attacker could act like an official controller of the system.
The attacker upgraded smart contracts on Ethereum and moved around 141.18 million $H tokens. At the same time, they gained control of a ProxyAdmin contract on BNB Smart Chain and minted new $H tokens without permission. This increased the total supply and caused confusion and damage to the token system.
The stolen tokens were then quickly sold on decentralized exchanges like Uniswap and PancakeSwap. That alone pushed pressure on the token price and disturbed liquidity pools. Trading activity became unstable as the market tried to absorb the sudden flood of tokens.
H token down 13% in 24 hours
At the time of writing, the H token is down 13.68% over the past 24 hours, trading at $0.20 after falling from a daily high of $0.24. Trading volume has also declined 31.56% over the same period, as market activity slows heading into the weekend.
After the attack, Humanity Protocol secured its Ethereum system using a multisignature wallet that was not touched during the breach. The team also froze the Ethereum contract to stop further damage.
However, the BNB Smart Chain deployment remains under the attacker’s control. As a result, the project plans to abandon that chain and focus on recovery efforts for users and the broader ecosystem.
Also Read: Humanity Protocol Unveils H Token Recovery and Airdrop Plan Post $36M Hack