Humanity Protocol Hackers Move Stolen Funds to KuCoin Wallets

Just a couple of weeks after the $36 million exploit on Humanity Protocol, the attackers have reportedly already begun swapping stolen tokens, according to blockchain analytics firm Lookonchain.

In an X post shared on Saturday, the firm reported that the attacker had converted part of the stolen funds into $USDC and deposited it into KuCoin. 

The funds were split and transferred across multiple wallets, including repeated ETH transfers between 10 to 50 ETH, while one large transfer of about 500 ETH was also tracked under wallets linked to “Humanity Protocol Expl.” The attacker then swapped about $36,000 into USDT, followed by two additional swaps worth about $50,000 and $86,000. 

The #Humanity Protocol exploiter swapped part of the stolen funds for $USDC and deposited it to #KuCoin.https://t.co/ZcsrKWUQiP pic.twitter.com/iSMcluWjxk

— Lookonchain (@lookonchain) June 20, 2026

The attacker kept splitting and sending funds to different addresses in order to make it harder for the funds to be tracked and to hide where the money really came from. At the same time, some funds moved through decentralized exchanges like Uniswap and PancakeSwap, while other parts were swapped into USDC before reaching KuCoin.

How the exploit happened

The exploit occurred on June 8, 2026, and started with a phishing email sent to a project director. The email was made to look like it came from Bithumb, a well-known South Korean crypto exchange.

But inside was a harmful file. Once it was opened, malware was installed on the director’s computer. This gave the attacker full remote control of the device without being noticed by security tools.

From there, things got worse. The attacker was able to take private keys and wallet data stored on the device. These keys gave access to important admin accounts in the project. With this access, the attacker could act like an official controller of the system.

The attacker upgraded smart contracts on Ethereum and moved around 141.18 million $H tokens. At the same time, they gained control of a ProxyAdmin contract on BNB Smart Chain and minted new $H tokens without permission. This increased the total supply and caused confusion and damage to the token system.

The stolen tokens were then quickly sold on decentralized exchanges like Uniswap and PancakeSwap. That alone pushed pressure on the token price and disturbed liquidity pools. Trading activity became unstable as the market tried to absorb the sudden flood of tokens.

H token down 13% in 24 hours

At the time of writing, the H token is down 13.68% over the past 24 hours, trading at $0.20 after falling from a daily high of $0.24. Trading volume has also declined 31.56% over the same period, as market activity slows heading into the weekend.

After the attack, Humanity Protocol secured its Ethereum system using a multisignature wallet that was not touched during the breach. The team also froze the Ethereum contract to stop further damage. 

However, the BNB Smart Chain deployment remains under the attacker’s control. As a result, the project plans to abandon that chain and focus on recovery efforts for users and the broader ecosystem.

Also Read: Humanity Protocol Unveils H Token Recovery and Airdrop Plan Post $36M Hack