What Happened
Hinkal is a zero-knowledge (ZK) proof based privacy protocol that lets users deposit, transfer, swap, and spend stablecoins across Ethereum, Base, Arbitrum, and several other chains without exposing wallet addresses, transaction amounts, or counterparties on the public ledger. On July 3, 2026, an attacker executed what blockchain security firm CertiK identified as a 'proofless deposit': a deposit call into one of Hinkal's smart contracts that never supplied the zero-knowledge proof the protocol requires to validate a transaction. The attacker, operating from an externally owned account (EOA), followed the deposit with multiple 'Transact' withdrawal calls that the contract should have rejected without a valid proof on file, and instead approved.
On-chain investigators put the loss at approximately $820,000 to $830,000 in USDC. The number matters more as a share than a total: Hinkal held about $829,000 in total value locked across 5 chains at the time, according to DefiLlama, meaning the attacker walked away with nearly the entire protocol. Within roughly 35 minutes of the last deposit, the attacker converted the stolen USDC to ETH, moved roughly 410 ETH (about $700,000) into Tornado Cash, and bridged another 44.67 ETH through Thorchain to a native Bitcoin address beginning with bc1qr2sf.
The Proof Was the Access Control
A zero-knowledge proof lets a smart contract confirm a claim, such as this deposit is legitimate and this withdrawal is authorized, without revealing the underlying details. In a privacy protocol like Hinkal, that proof isn't a feature layered on top of security. It is the security. There's no separate custodian checking identities and no separate ledger of who owns what in plain text; the proof check is the only gate between a deposit and a withdrawal. When a code path exists that skips the proof requirement, the gate simply isn't there for that path. It's the same structural failure OPNorange flagged in the Taiko forged-proof incident in June: a system that collapses its entire access control into a single cryptographic check has no second line of defense once that check can be bypassed.
Non-Custodial Isn't the Same as No Single Point of Failure
Hinkal's pitch, like most privacy-focused decentralized finance (DeFi) protocols, is that it's non-custodial: no company holds your funds, so there's no counterparty that can fail. That framing is technically accurate and still misses the risk that mattered here. Whether the code enforcing withdrawal rules sits in a company's back-end database or a public smart contract, pooling deposits behind one verification mechanism creates a single point of failure that every depositor shares. Hinkal's near-total drain in one attack is the same concentration risk that sinks custodial exchanges, just running through different code. To be fair to the underlying cryptography, this looks like an implementation bug specific to Hinkal's deposit path, not a flaw in zero-knowledge proofs as a technique; larger, more heavily audited ZK systems have not shown this exact bypass. But sound math is cold comfort to users of the one contract where the code wasn't.
Bitcoin Was the Exit, Not the Hideout
The Thorchain leg matters for a specific reason. Circle, the issuer of USDC, can freeze or blacklist the stablecoin at any address it flags, the kind of freeze authority Tether exercised within hours of a recent sanctions action from the US Treasury's Office of Foreign Assets Control (OFAC) against wallets linked to ISIS-K, the Islamic State's Afghanistan-based affiliate: Tether froze all 131 tied TRON addresses instantly, while 3 Monero addresses named in the same action stayed beyond reach because Monero has no issuer capable of freezing anything. Once the Hinkal attacker swapped stolen USDC into ETH and bridged a slice of it into native Bitcoin, that kind of issuer-level freeze no longer applied; Bitcoin has no issuer and no blacklist function. That doesn't make the funds invisible. Bitcoin's base layer is fully public and permanently auditable, the opposite of what Tornado Cash offers, so analytics firms can watch that address indefinitely, and the moment it touches a know-your-customer (KYC) exchange, it can be flagged there. Unseizable and untraceable are two different properties. This attacker only bought the first one.
What This Means for You
The lesson isn't to avoid privacy-preserving tools. It's to keep two different guarantees straight. Protocol-level privacy depends on someone else's smart contract correctly enforcing a proof check every time, with no exceptions in the deposit path. Personal custody depends only on your own private keys and how carefully you manage them. Those aren't substitutes for each other.
If you're holding meaningful value, keep the majority of it in self-custody rather than inside any pooled protocol, privacy-branded or not. A hardware wallet with a properly backed-up seed phrase, and multisig for anything you'd consider a real loss, gives you a security guarantee that doesn't evaporate because one contract call somewhere skipped a verification step. Treat DeFi protocols, including privacy layers, as places your funds pass through for a specific transaction, not places you park savings.
What to Watch
Watch whether Hinkal publishes a post-mortem and any reimbursement plan, and whether CertiK or other trackers report further movement out of the bc1qr2sf address. More broadly, watch whether other zero-knowledge privacy protocols use a similar all-or-nothing proof check on deposits and get audited for the same bypass before, rather than after, someone finds it.