
Humanity (H)
SUMMARY
While the core utility of decentralized identity verification and the token's mechanics are permissible, the project's business activity is flagged with caution due to a catastrophic $31M hack, severe centralization in its recovery contract, and allegations of an inside job.
Shariah Component Breakdown
Shariah Analysis
token utility
PassedThe $H token is used for identity verification fees, gas, governance, and staking, with yield derived from network emissions and real verification fees.
revenue purity
Passed100% of identified revenue comes from permissible identity verification and credential access fees, with no identified exposure to non-compliant sources.
business activity
CautionThe protocol provides decentralized identity verification using palm biometrics, which is permissible. However, the project is flagged as high-risk due to a catastrophic $31M hack, severe centralization, and allegations of an inside job.
Legitimacy & Security
social presence
CautionNot comprehensively covered by research, though the project has faced severe public backlash following the hack and allegations from prominent investigators.
whitepaper
PassedThe project has official documentation and tokenomics available.
project audits
FailedThe protocol suffered a devastating $31M private key hack in June 2026, and the migrated token contract retains dangerous admin privileges allowing arbitrary minting or disabling of sales.
Team & Ecosystem
team background
CautionThe founder has a history of a massive $170M bankruptcy with a previous startup, and there are severe allegations from on-chain investigators that the recent $31M hack was an inside job.
Detailed Shariah Report
Overview
Humanity Protocol is a decentralized identity verification network that uses palm biometrics and zero-knowledge proofs to establish Proof of Humanity for Web3 and enterprise applications. Its native token, $H, is used to pay for identity verification fees, network gas, staking rewards, and DAO governance.
Why This Verdict
The $H token is rated Doubtful primarily due to severe operational, security, and leadership risks rather than inherent Shariah non-compliance in its core utility. While the token's utility for paying gas and verification fees passes Shariah screening, and its revenue purity is confirmed with 100% derived from identity verification, the project's business activity is flagged with extreme caution. This is due to a catastrophic $31M private key hack in June 2026, severe centralization risks in the migrated token contract which retains dangerous admin privileges to arbitrarily mint tokens or disable sales, and serious allegations from prominent on-chain investigators that the hack was an inside job.
Permissible Aspects
- The core business model of providing decentralized identity verification using palm biometrics and zero-knowledge proofs is a permissible utility.
- 100% of identified protocol revenue comes from legitimate identity verification and credential access fees charged to developers, dApps, and enterprises.
- The $H token has clear, functional utility for paying network gas fees, verification fees, and participating in DAO governance.
- Staking yield is derived from a permissible mix of inflationary network emissions and real verification fees paid to blockchain validators and ZK proof nodes, with no evidence of interest-bearing lending or gambling mechanics.
Points of Caution
- !The protocol suffered a devastating $31M private key hack in June 2026, which on-chain investigators have alleged may have been an inside job, leading to severe public backlash.
- !The project's founder has a history of a massive $170M bankruptcy with a previous startup, raising significant concerns regarding leadership integrity and trust.
- !The migrated token contract retains dangerous administrative privileges, allowing the team to arbitrarily mint new tokens or disable sales, representing a severe centralization risk for token holders.
- !The project has not publicly disclosed its treasury composition, leaving it unknown whether foundation funds earn interest from conventional banks or DeFi lending, though this does not directly impact the token's compliance.
Purification Note
As 100% of the protocol's identified revenue comes from permissible identity verification fees, no purification is required for simply holding or staking the $H token. If the project's treasury earns interest, those funds do not flow to token holders, meaning there is no impure income for the investor to purify.
BOTTOM LINE
Humanity Protocol offers a fundamentally permissible service in decentralized identity verification, and its token economics are free from interest or gambling mechanics. However, the project is rated Doubtful due to severe red flags regarding its legitimacy and leadership, including a catastrophic $31M hack, allegations of insider foul play, and dangerous centralization in its smart contracts. Scrupulous investors should exercise extreme caution regarding these operational risks, and as always, consult a qualified scholar for final religious guidance.
Fundamental Analysis Report
While Humanity Protocol addresses a legitimate and highly lucrative problem (Sybil resistance and decentralized identity) and boasts impressive institutional backing, the execution has been disastrous. The June 2026 private key compromise that led to a $31M+ loss and a 90% token crash—coupled with allegations of an inside job by ZachXBT and a highly centralized, mutable recovery contract—makes this project extremely dangerous for long-term investors. A protocol designed to be the "trust layer" of the internet cannot survive such a catastrophic breach of trust and security.
1. EXECUTIVE BOARD
2. THE DEEP DIVE
Fundamental Strengths
- Privacy-Preserving Tech: Utilizes zero-knowledge proofs (zkEVM) to ensure biometric data is converted into encrypted mathematical representations rather than stored as raw images.
- Less Invasive Biometrics: Palm and vein scanning is generally perceived as less intrusive and more socially acceptable than the iris-scanning approach used by competitors.
- Enterprise & Web3 Integrations: Claims partnerships with major entities like Mastercard, Animoca Brands, and Polygon, alongside a turnkey "Fairdrops" product to help other crypto projects prevent Sybil attacks.
Critical Vulnerabilities
- Severe Centralization & Security Failures: The June 2026 hack exposed that team private keys controlled massive amounts of funds and token minting functions. The new proxy contract retains dangerous admin privileges, completely undermining the ethos of a decentralized trust layer.
- Hardware/App Friction: Requires users to download a specific app and scan their palms, which still presents a significant onboarding hurdle compared to standard wallet connections.
- Trust Deficit: The founder's past business failure combined with the recent suspicious hack severely damages the protocol's credibility.
Competitor Comparison
Worldcoin (World): The dominant player in the space. Worldcoin uses iris-scanning Orbs and a Universal Basic Income (UBI) model. While Worldcoin has higher external adoption and brand recognition, it faces intense regulatory pushback globally, whereas Humanity Protocol's palm-scan approach aims to bypass these privacy concerns. Pi Network: A massive mobile-based network that recently pivoted to offering KYC-as-a-service. Pi has a much larger user base and node count but lacks the enterprise-grade zero-knowledge biometric hardware focus of Humanity Protocol.
About Humanity
While the core utility of decentralized identity verification and the token's mechanics are permissible, the project's business activity is flagged with caution due to a catastrophic $31M hack, severe centralization in its recovery contract, and allegations of an inside job.