Is humanity being exploited or stealing from itself?

CN
链上雷达
Follow
2 hours ago

On June 9, 2026, Humanity Protocol publicly announced that it had encountered a "security attack." According to the official narrative, this was a typical hacker incident: the attackers were accused of issuing approximately 100 million H tokens through contract manipulation and quickly selling them in the secondary market. However, on-chain traces soon painted a more complex picture—public data statistics revealed that in addition to the 100 million suspected "hacker-issued" tokens, over 200 million H tokens flowed out from nearly 300 wallets that were unlocked in advance and were sold almost simultaneously. Meanwhile, a newly created wallet received 62.68 million H tokens during the attack via a BitGo address, estimated at about 7.65 million dollars at that time, and this unusually large transfer attracted attention from multiple analysts. It was these seemingly independent yet highly synchronized on-chain actions that quickly transformed the once simple story of "being hacked" into a public debate over "internal theft" and "self-directed performance": on-chain analyst Yu Jin publicly questioned whether the project insiders were using unlocked tokens to sell off stock, based on the behavior patterns of the unlocked wallets; subsequently, on-chain detective ZachXBT offered a different perspective, suggesting it resembled an organized exit by market makers or internal holders rather than a traditional external hacker intrusion. In the following content, we will connect these key addresses, funding paths, and various statements along a timeline, attempting to restore the true outline of the incident on-chain rather than hastily presenting a simple "truth conclusion."

The Hacking Narrative Questioned On-Chain

From the external narrative, Humanity Protocol categorizes the anomalies on June 9 as a "hacker attack": the H tokens suffered malicious issuance, and the newly issued tokens were quickly dumped into the secondary market, leading to a price crash. However, behind this entire narrative, the project did not provide information on how the contract was breached, at which point the permissions failed, or whether there was a private key leak, among other crucial technical details. The publicly available information only includes a vague description of "hackers issued approximately 100 million H and sold them," leaving a significant space for speculation.

What truly shifted the public opinion was the on-chain data that did not completely align with the official statement. Analysts like Yu Jin discovered that besides the approximately 100 million H identified as "hacker-issued," over 200 million H came from nearly 300 wallets that had unlocked their tokens in advance and sold them en masse. These wallets had withdrawn small amounts of assets for gas fees from Gate and Bybit approximately three weeks prior to this incident. During the peak sell pressure, the newly issued tokens and these over 200 million early unlocked tokens were dumped into the market almost simultaneously, leading Yu Jin to publicly question whether this incident resembled "internal theft" rather than a mere external hacker intrusion. A few days later, ZachXBT also mentioned on social media that this incident seemed more like a "self-directed performance" exit planned by market makers or internal holders because the concentrated supply of H being dumped on the DEX was more consistent with the logic of internal competition. It is essential to emphasize that these judgments are personal opinions given by on-chain analysts based on existing data and not final conclusions backed by authoritative investigations, while the qualitative nature of the incident is still subject to fierce debate.

New BitGo Wallet Receives 62.68 Million H

On-chain data shows that during the security incident on June 9, a newly created wallet with minimal interaction history suddenly "awakened": multiple large transfers totaling 62.68 million H flowed in from an address marked as BitGo, estimated at about 7.65 million dollars at that time in reports. The timing of these transfers closely overlapped with the project’s claim of experiencing “hacker issuance of approximately 100 million H,” and this new wallet had no traceable funding tracks prior to that, making it particularly conspicuous among all the anomalous addresses.

Accompanying this substantial inflow, multiple media outlets began inquiring about the true owner of this new wallet, with some reports suggesting it was "suspected to be related to Framework Ventures," but clarified that no on-chain verifiable evidence or official confirmation from the project or related institutions was available. As of the time of public reporting, both BitGo and the identified institution had not provided detailed explanations regarding the ownership of the wallet. Under the "hacker attack" narrative, on one side, nearly 300 wallets had collectively sold more than 200 million H tokens on the same day, and on the other, an almost blank new address received 62.68 million H through BitGo during the same time window. This overlap in timing and scale naturally shifted the market's questions from "Was there a hacker?" to "Who is quietly taking over, and who is in a position to control the exit afterwards?"—and such doubts will only continue to fester in the absence of transparent explanations.

Early Wallets' Premature Unlocking and Dumping

Tracing back along the paths of those large sell-offs, Yu Jin first identified a group of wallets that, although not particularly prominent in size, exhibited an exceptionally coordinated operation: nearly 300 addresses withdrew small amounts of assets from Gate and Bybit around three weeks prior, enough just to cover on-chain gas fees. Subsequently, these newly "charged" addresses gradually received their share of H tokens that Humanity had unlocked in advance, which Yu Jin uniformly labeled as "early unlocked wallets." In chronological order, they first completed small withdrawals on centralized platforms, then fulfilled their claims on-chain—this sequence of actions was simple yet highly homogeneous, making it difficult to interpret as a natural outcome of scattered retail participants taking part in an airdrop.

What is truly alarming is the synchronous transition of this group of addresses on June 9, 2026. According to publicly organized on-chain data, on that day, these nearly 300 wallets collectively sold over 200 million H, with sell-off timing heavily overlapping with the process of “hacker” issuance and dumping of approximately 100 million H, creating an extraordinary peak of selling pressure within a single day. If this was a panic sell-off triggered by a singular hacking event, a more common scenario would involve scattered holders gradually cutting losses as news broke—not a coordinated effort to prepare gas weeks before the announcement, collectively claiming the unlocked amounts, and then dumping en masse on the day of the security incident. This sequence of actions, resembling a well-prepared exit strategy under the cover of the hacker narrative, seems more like an organized planned sell-off.

ZachXBT and Other Detectives Publicly Query

After Yu Jin raised the question of "internal theft," ZachXBT quickly followed up, directing attention to the token structure itself. In his public commentary, the H token of Humanity Protocol is depicted as a highly concentrated pool, almost entirely controlled by a few addresses, with exit strategies almost exclusively involving decentralized exchanges. He concluded that this path of first concentrating holdings and then massively dumping in a singular arena was more indicative of organized exits by market makers or internal holders rather than the chaotic liquidation of an unordered sell-off in the typical sense of a hacker breaching contracts.

As these on-chain screenshots and path analyses spread across social platforms, the public's focus gradually shifted from "the project was hacked" to "who is liquidating." Details regarding the early unlock of H tokens and the synchronized sale of over 200 million H by nearly 300 wallets were repeatedly compared against ZachXBT's views, with terms like "internal theft" and "rug pull" rapidly gaining traction in the community. More discussions were no longer satisfied with a simple “experienced a hacker attack,” but instead questioned: how were the tokens originally allocated, who made the market-making arrangements, and to whom do the key addresses ultimately belong? However, even now, all parties are still waiting for the project to provide a more detailed on-chain explanation, and no independent third-party authoritative investigation conclusions have been widely accepted, leaving the market to grapple between the limited on-chain visible facts and conflicting interpretations, with the true nature of the incident still unresolved.

Observations After the Crack in Project Trust

Returning to the on-chain anomalies themselves: on one side, there are the 100 million H tokens being referred to as "hacker"-issued; on the other side, nearly 300 early unlocked wallets sold over 200 million H tokens collectively on the same day, compounded by the 62.68 million H flowing to a newly created wallet through a BitGo address during the attack. These funding tracks, which should be independent, show a high degree of overlap in timing and direction, essentially putting the project’s token issuance logic, unlocking mechanisms, and management of large addresses under scrutiny. Research materials have mentioned that the community had expressed dissatisfaction with the transparency of token distribution and airdrop rules even before the incident, but this still requires further public evidence for confirmation; what truly withstands verification remains the on-chain specified unlock arrangements and holding structures. For future investors and users, the focus should no longer be limited to a single announcement's wording but rather on whether the project openly, detailedly, and continuously updates the disclosure on token unlocks and holding structures, whether it labels critical addresses, such as those of market makers, teams, and investment institutions, with clear traceable markers, and whether it introduces sufficiently independent third-party security audits and custodial mechanisms. In the absence of authoritative conclusions regarding the technical details of the attack, private key management methods, and the ultimate ownership of large addresses, all judgments about whether it was “external hackers” or “internal self-directed activities” can only remain at the hypothetical level for now; the only thing that can slowly mend this crack are the verifiable on-chain facts themselves.

Join our community, let’s discuss and become stronger together!
AiCoin exclusive Hyperliquid benefits: https://app.hyperliquid.xyz/join/AICOIN88
AiCoin exclusive Aster benefits: https://www.asterdex.com/zh-CN/referral/9C50e2
On-chain Telegram community: https://t.me/AiCoinWhaleData
On-chain community: https://www.aicoin.com/link/chat?cid=N6OVMor5g
AiCoin on-chain Twitter: https://x.com/aicoinwhaledata

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To

Related Articles

avatar
avatar链捕手
1 minute ago
加密 CEX 扎堆卖美股,传统券商迎来“不速之客”
avatar
avatarAiCoin运营
13 minutes ago
Interest sharing! Coinbase publicly announces the address; HYPE can still work!
avatar
avatarWeb3 农民 Frank
41 minutes ago
Avenir Group bets on WasabiCard: Why is the decline of U cards making stablecoin payments more appealing?
avatar
avatar蚂蚁AT俱乐部
1 hour ago
Breathing in Extreme Fear: The Middle East Easing Faces Dual Pressure from ETFs and the Federal Reserve
avatar
avatarcrypto钟良
1 hour ago
Crypto Zhongliang: 6.9 BTC/ETH market opinion!
APP

X

Telegram

Facebook

Reddit

CopyLink