Hinkal Exploit: We Traced the $820K Drain On-Chain, From a Proofless Deposit to a Single Bitcoin Address
— By Tony Rabbit in News

The Hinkal privacy protocol was drained of about $820,000 on July 3. We reconstructed the full attack and laundering trail on-chain, down to the single Bitcoin address the funds bridged into.
On July 3, 2026, attackers drained Hinkal, a zero-knowledge privacy protocol for shielded on-chain transactions, of roughly $820,000, almost its entire value locked. Security firms CertiK and PeckShield flagged it within the hour, and the wire reports stopped at the usual truncated details. We pulled the transactions directly from Ethereum and reconstructed the whole thing, from the first suspicious contract call to the exact Bitcoin address the money bridged into. Here is the on-chain trace.
The incident at a glance
- Protocol: Hinkal, a zkSNARK-based privacy layer for shielded stablecoin transfers, multi-chain but drained on Ethereum.
- When: July 3, 2026, across Ethereum blocks 25448306 to 25448683.
- How: characterized by CertiK as a "proofless deposit," a deposit the contract accepted without a valid zero-knowledge proof, followed by a scripted loop of withdrawals.
- Impact: Hinkal held only about $829,000 in total value locked; the attack took nearly all of it.
- Laundering: stolen USDC converted to ether, then split between Tornado Cash and a THORChain bridge to Bitcoin.
The drain: a scripted loop against one contract
Every withdrawal in this attack points at a single Hinkal contract, 0x25e5e82f5702a27c3466fe68f14abdbbadfca826, which most outlets published only in truncated form. From the attacker account 0xbB3f...fc20, we can see the pattern the security alerts described: a burst of calls to that contract, then a rapid series of identical payouts.
Reading the receipts, we counted at least 22 separate transactions that each moved exactly 25,000 USDC out of the contract to the attacker, clustered in Ethereum blocks 25448345 to 25448348 in well under a minute. They are preceded by dozens of earlier calls to the same contract that transferred nothing, consistent with a setup and probing phase before the payout loop began. The uniform 25,000 USDC size and the machine-gun timing are the signature of an automated script draining a position the contract believed was valid. CertiK characterized the entry point as a "proofless deposit," meaning a deposit accepted without the zero-knowledge proof a shielded protocol is supposed to require, though no formal Hinkal post-mortem had been published at the time of writing.
Following the money: Tornado Cash, then a bridge to Bitcoin
This is where the on-chain trail gets specific, and where we can add detail the wire coverage left truncated. After consolidating the stolen USDC into roughly 455 ether, the attacker split the proceeds into two laundering routes, both of which we followed transaction by transaction.
The Bitcoin address is the part worth dwelling on. Reporting truncated it to bc1qr2sf...zn3w because the full string is not printed in the transaction like a normal transfer. It sits inside the THORChain memo, an instruction encoded in the transaction input data. Decoding that memo from the bridge transaction gives the complete swap instruction, =:b:bc1qr2sfkehuqgr0sp87sp25uzw79242523l26zn3w, which routes the ether to native Bitcoin at that exact address. That single decode turns a truncated placeholder into a concrete on-chain endpoint anyone can watch.
The Tornado Cash leg is deliberate structuring: fourteen round-number deposits into the mixer's pools rather than one large transfer, a pattern we also traced in this week's Edel Finance exploit, which likewise funnelled its proceeds through Tornado Cash. Two DeFi drains routing into the same sanctioned mixer within 48 hours is its own signal about where stolen on-chain funds are going in mid-2026.
Why a privacy protocol was the softest target
There is an irony worth naming. Hinkal's entire pitch is privacy: zero-knowledge proofs that let users transact without exposing their activity. When the proof-verification path is the thing that fails, the protocol's core feature becomes its attack surface. A "proofless deposit" is exactly the failure mode a shielded system cannot afford, because the proof is the only thing standing between a deposit and the pool's funds.
The scale made it worse. Hinkal held only about $829,000 in total value locked spread across roughly five chains, so a single working exploit on the Ethereum deployment was enough to take nearly everything. The project had raised about $5.5 million from investors including Draper Associates, Quantstamp and NGC Ventures, a reminder that funding and audits do not remove smart-contract risk. The same discipline applies to any on-chain position: before trusting a contract with funds, verify what it actually does, the same way you would screen a token's contract with the Token Safety Checker or study how manipulation-style attacks unfold in our explainers on oracle manipulation and flash-loan exploits.
Methodology and disclaimer: incident context is drawn from CertiK and PeckShield alerts and reporting by Cryptopolitan, CryptoTimes and others. The transaction-level details, the exploited contract address, the count of 25,000 USDC withdrawals, the 410 ETH Tornado Cash deposits, the THORChain bridge transaction and the full decoded Bitcoin destination address were reconstructed independently from Ethereum mainnet (blocks 25448306 to 25448683). The exact loss is reported between roughly $800,000 and $830,000; we use approximately $820,000. The "proofless deposit" characterization is CertiK's; no official Hinkal post-mortem had been published at the time of writing. This article is for information only and is not financial advice.