Humanity Protocol has begun distributing replacement H tokens to eligible users following the $36 million exploit that hit the project earlier this month. In an update posted on X, the company said holders on Binance Alpha, Bybit, Bitget, KuCoin, MEXC, and Gate will receive new tokens through a 1:1 airdrop based on balances recorded before the breach. The distribution is part of Humanity’s plan to replace the affected H tokens with a newly audited ERC-20 token and move forward with its recovery efforts.
The rollout applies to users who held H tokens at the time of the pre-exploit snapshots. Humanity stated, “If you were holding $H on Binance Alpha, Bybit, Bitget, KuCoin, MEXC, or Gate during the snapshot, here’s how the new H airdrop will work on each exchange.” The announcement provides the clearest timeline yet for affected users as exchanges begin carrying out the token distribution process.
Exchanges roll out token swap plans
Major exchanges have begun implementing Humanity Protocol’s token migration plan following the exploit. Binance Alpha, Bybit, Bitget, KuCoin, MEXC, and Gate all said they will convert eligible H token balances to the new ERC-20 token at a 1:1 ratio.
Binance Alpha temporarily suspended H token trading to complete the contract swap from BEP20 to ERC20. The exchange said it will credit users with the new tokens before reopening trading. Bybit also backed the migration and told users that account balances would remain unchanged throughout the process.
Other exchanges, including Bitget, KuCoin, MEXC, and Gate, announced similar conversion plans. However, the platforms said only balances recorded before their respective suspension deadlines would qualify for the swap. They also confirmed that tokens linked to hacker-controlled wallets would not be included in the distribution.
Across the networks, standard wallets — externally owned accounts — will receive the new tokens directly, while H held in liquidity pools or other smart contracts will be moved into a dedicated vault pending a decision on how to process it.
How the Breach Happened
The token migration follows a $36 million exploit that ranks among the most serious security incidents faced by Humanity Protocol. According to reporting on the incident, the breach was traced to malware on a developer’s computer where backup files for several private keys had been stored. Those keys reportedly included admin hot-wallet and multisig access across Ethereum and BNB Chain, giving the attackers control over privileged functions and allowing them to drain funds—an operational-security failure rather than a flaw in the token’s code.
Reporting has also pointed to possible links between the attackers and North Korea-affiliated hacking groups. Partly for that reason, Humanity said claimants seeking compensation for edge cases will be required to complete know-your-customer (KYC) and anti-money-laundering (AML) checks. The team said, “We know the wait has been hard, and your patience through this has meant everything to us.” The project also said it recorded user balances through snapshots taken shortly before the exploit, which now serve as the basis for the token distribution.
Recovery Plan and Compensastion
As part of the recovery effort, Humanity has deployed a newly audited ERC-20 token contract on Ethereum. The new contract is designed to support users across Ethereum, BNB Chain, and Humanity Mainnet. Security firm Quantstamp assisted the project in identifying wallets linked to the attackers, and those addresses have been excluded from the redistribution process.
Beyond the automatic airdrop, Humanity established a compensation fund and claims portal to handle cases the snapshot cannot resolve cleanly—including holdings tied to third-party DeFi integrations and liquidity providers, as well as legitimate users who bought H after the snapshot and still hold it. That group includes traders who bought the post-exploit dip on June 9 and 10, some of whom have criticized the snapshot cutoff as unfair. Humanity also plans to relaunch its mainnet in the coming weeks, with the new H token serving as the network’s native gas token.
The stolen funds have not been recovered. However, Humanity is proceeding with the token migration as it works to resume normal network operations. The project has also urged users to rely only on official communication channels while the transition remains underway.
