Humanity Protocol, a decentralised identity project backed by Jump Crypto and valued above $1 billion, suffered a private-key compromise on June 9, 2026, that drained an estimated $32 to $36 million from project wallets across Ethereum and BNB Chain. The H token fell from between $0.67 and $0.74 to as low as $0.05 in a single trading session before settling near $0.13.

In the days that followed, founder Terence Kwok changed his social media profile photo to an image of South Korean travel YouTuber Kwak Jun-bin, known online as Kwak Tube. The change came after investor criticism mounted online. Kwok is a Hong Kong-based serial entrepreneur whose previous company, Tink Labs, was once considered Hong Kong's first unicorn, having raised $170 million before collapsing in August 2019.

Kwak Tube, who has 2.13 million YouTube subscribers and no involvement in cryptocurrency, responded publicly on Instagram.

"I'm a YouTuber from Korea. I've never even touched crypto. He stole my picture," Kwak Tube wrote. In a separate post in Korean, he added: "Never thought I'd live to see the day someone uses me in a coin scam. I don't make coins." The name confusion has a linguistic root: "Kwok," the Cantonese romanisation of Kwok's surname, and "Kwak," a common Korean family name, sound identical in Korean. Kwak Tube acknowledged this with characteristic brevity: "Of all people, it had to be a Kwak."

---

How the Hack Worked

Humanity Protocol's own incident disclosure describes how malware infected a developer's laptop, granted attackers root access, and extracted seven private keys that had been left on the device after the project's mainnet launch in June 2025. Those keys gave the attacker control over a hot wallet, an Ethereum multisig safe, and a BNB Chain multisig. The attacker drained 6 million H tokens from the hot wallet, pulled 141 million H through a malicious upgrade to a bridge contract on Ethereum, and minted an additional 300 million H tokens unauthorised on BNB Chain. In total, approximately 447 million H tokens were involved. The attacker then converted roughly $23.7 million worth of stolen H to ETH via decentralised exchanges including Kyber Network and PancakeSwap (platforms that allow peer-to-peer token swaps without a central intermediary), ending up with 16,321 ETH and 1,764 BNB.

The core security failure is straightforward: storing multiple private keys on a single machine defeats the purpose of multisig architecture. A multisig wallet (one that requires multiple independent approvals before funds move) is designed to prevent any single point of failure. Keeping all the relevant keys on one device eliminates that protection entirely.

---

ZachXBT and the "Staged" Question

Before the hack, H token had surged approximately 875%, partly driven by the narrative collapse of Worldcoin, a competing biometric identity project whose native token had lost 78% of its value in the preceding year. That price run-up drew significant capital flows into H and, according to on-chain analysts, may have created conditions for a profitable exit.

On-chain investigator ZachXBT was unconvinced by the official account. "I am not buying the team's story; it's a convenient way for the active [market maker] to have exited," he posted. He also pointed to unusual token price activity before the exploit, writing: "You choose to crime pump your token for weeks with zero fundamentals and think CT will blindly trust your story?"

Separately, analyst Elton identified attacker wallets that had been pre-funded weeks before June 9, and found evidence that minting authority on the BNB Chain contract had been activated in advance.

Neither Humanity Protocol nor Kwok had publicly addressed these specific allegations as of publication.

Adding to the suspicion: a scheduled unlock of 266 million H tokens, worth roughly $28 million at pre-hack prices, was set for June 25, just 16 days after the exploit. That unlock spans six allocations, including the foundation treasury.

---

Recovery Plan and Regional Fallout

On June 16, Humanity Protocol announced a 1:1 recovery airdrop using a new audited ERC-20 contract (a standard token format on Ethereum). Eligible holders will receive replacement tokens based on balances captured at pre-exploit block snapshots on Ethereum (block 25,274,179), BNB Chain (block 103,071,069), and Humanity's own mainnet (block 24,247,803).

The project cited suspected links to DPRK-affiliated attackers in its recovery documentation, though no independent investigators had confirmed that attribution as of publication. Because of those suspected links, the claims portal requires identity verification from token holders seeking recovery compensation.

The incident carries particular weight in South Korea, where the Kwak Tube episode sits within a broader pattern of crypto fraud exploiting celebrity identities. A South Korean financial adviser and YouTuber was arrested for allegedly running a $232 million crypto fraud affecting more than 15,000 investors, resulting in 215 arrests; a precise date for the arrest was not available at publication.

Legislators are now advancing proposed amendments to both the Capital Markets Act and the Virtual Asset User Protection Act that would require mandatory asset disclosure for crypto influencers.

The Kwak Tube situation illustrates a gap in those proposals: existing influencer-disclosure frameworks address celebrities who promote tokens, not cases where a founder appropriates a celebrity's likeness without consent.

---

What Comes Next

Humanity Protocol raised $50 million from 27 investors, including Jump Crypto, Hex Trust, and Kingsway Capital, and had signed up more than one million users before the hack, positioning itself as a palm-biometric alternative to Worldcoin.

Whether the recovery airdrop restores user confidence, and whether ZachXBT's staged-incident allegation prompts a formal investigation, will determine if the project has any viable path forward. For developers building decentralised identity infrastructure in markets like Nigeria, Kenya, Pakistan, and India, where financial inclusion applications are driving real interest in this technology stack, the Humanity Protocol failure is a concrete reminder that hardware security modules and geographically distributed key custody are not optional extras for production deployments handling material value.