On Friday, Humidifi’s highly anticipated public sale collapsed within seconds. After a large-scale bot sniper attack, the entire quota was depleted almost instantly. The team confirmed that automated wallets overwhelmed sales at launch, so there was no real opportunity for regular users to participate. According to Humidifi, the attackers used thousands of wallets, each preloaded with 1,000 USDC.
These wallets triggered batch transactions to the DTF contract. It allows for bulk purchases in a single block window. Each bundle reportedly made purchases worth 24,000 USDC, which equates to approximately 350,000 WET per batch. As a result, a single, organized bot farm captured the entire supply in seconds. Community members who were waiting for the release were completely locked out.
Team scraps sniped tokens and plans a complete reset
Rather than leave the exploit alone, Humidifi chose to disable the sale entirely. The team confirmed that the original sniped token will not be honored. These wallet addresses will now have zero quota. A new token contract is currently being deployed. The team also confirmed that all wetlist users and JUP stakers who qualified for the original sale will receive prorated airdrops under the new agreement.
Wu Shuo learned that Dark Pool Humidify tweeted that today’s general sale was stolen by a large-scale bot. All tokens were “sniped” within seconds, making it impossible for regular users to participate. The team says the attackers completed the snap purchases by deploying thousands of wallets and triggering DTF contract transactions in batches. Humidifi will issue new tokens and airdrop them proportionally to wetlist users and JUP stakers. The original sniper address is excluded. The new contract will be signed by…
— Wu Shuo Blockchain (@wublockchain12) December 5, 2025
This move allows real users to still have access even after a failed launch. Humidifi also confirmed that the Temporal team has rewritten the DTF contract and that OtterSec has completed a full audit of the updated code. The goal is to prevent autobundle attacks from repeating during the next sale. They are currently planning a new public sale on Monday. They plan to share the latest details before the launch.
How the attack worked on the chain
This exploit relied on speed, batching, and scale. Each wallet held a fixed USDC balance. Instead of submitting individual purchase orders, the attackers created instructions that functioned like preloaded “buy buttons.” Once the sale began, multiple transactions triggered six instructions per transaction. This allows an attacker to perform large amounts of processing at once.
Multiple bundles were sent in succession, causing the entire supply to disappear before the human user could react. This method highlights a growing problem throughout Solana’s launch. Batch execution and wallet farming continue to dominate poorly protected public sales. Without strong contract-level protections, even a fair launch leaves you exposed to automated capital.
Community trust takes a hit, but response allays fears
Humidifi’s response was direct and swift. Instead of defending the failure of the launch, the team acknowledged the failure and immediately moved to protect actual users. The decision to restart with audited code and exclude the sniper address helped defuse the initial backlash. Timing is also critical. Humidifi recently faced criticism over its pricing structure and profitability, days before the public sale collapsed. This context made Friday’s failure even more explosive across Solana DeFi circles.
Still, the project’s rapid reset shows the team understands the damage a bot-controlled launch can cause. Confidence may be restored if Monday’s sale goes well. If you fail again, trust can crumble much faster. At this point, one thing is clear. The bot won the first round. Humidify is betting everything on his second win.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
