Humidifi Sale Exploited by Bots, New Launch Set for Monday

Humidifi’s highly anticipated public sale collapsed within seconds on Friday. After a large-scale bot sniping attack drained the entire allocation almost instantly. The team confirmed that regular users had no real chance to participate as automated wallets overwhelmed the sale at launch. According to Humidifi, the attacker used thousands of wallets, each preloaded with 1,000 USDC.

These wallets triggered batch transactions into the DTF contract. They are allowing massive purchases in a single block window. Each bundle reportedly executed 24,000 USDC worth of buys, equal to roughly 350,000 WET per batch. As a result, a single organized bot farm captured the entire supply in seconds. Community members who waited for the launch were completely locked out.

Team Scraps Sniped Tokens and Plans Full Reset

Instead of letting the exploit stand, Humidifi chose to void the entire sale. The team confirmed that the original sniped tokens will not be honored. Those wallet addresses will receive zero allocation going forward. A brand-new token contract is now being deployed. The team also confirmed that all Wetlist users and JUP stakers who qualified for the original sale will receive a pro-rata airdrop under the new contract.

This move ensures that real users still get access, even after the failed launch. Humidifi also confirmed that the Temporal team rewrote the DTF contract and OtterSec completed a full audit on the updated code. The goal is to prevent any repeat of automated bundle attacks during the next sale. They have now scheduled the new public sale for Monday. They will share fresh details before launch.

How the Attack Worked on Chain

The exploit relied on speed, batching and scale. Each wallet held a fixed USDC balance. Instead of sending individual buy orders, the attacker created instructions that acted like preloaded “buy buttons.” When the sale went live, multiple transactions fired six instructions per transaction. This allows the attacker to execute a massive volume in one burst.

With multiple bundles submitted back-to-back, the entire supply vanished before human users could react. This method highlights a growing issue across Solana launches. Batch execution and wallet farming continue to dominate poorly protected public sales. Without strong contract-level protections, even fair launches remain exposed to automated capital.

Community Trust Takes a Hit, But Response Calms Fears

Humidifi’s reaction was blunt and fast. Instead of defending the failed launch, the team admitted the failure and instantly moved to protect real users. The decision to relaunch with audited code and exclude the sniper addresses helped calm initial backlash. The timing is also sensitive. Humidifi recently faced criticism over its fee structure and profitability, just days before this public sale collapsed. That context made Friday’s failure even more explosive across Solana DeFi circles.

Still, the project’s rapid reset shows the team understands the damage a bot-controlled launch can cause. If Monday’s sale runs clean, it may help repair confidence. If it fails again, trust could unwind much faster. Currently, one thing is clear. Bots won the first round. Humidifi is betting everything on winning the second.