Hinkal's $820K USDC vanishing act proves privacy protocols still need a bouncer 🔓
Back to feed

Hinkal's $820K USDC vanishing act proves privacy protocols still need a bouncer 🔓

A flaw in a smart contract has been blamed for an approximately $820,000 USDC exploit on the Hinkal stablecoin privacy protocol, according to circulating reports. The attacker is said to have manipulated Hinkal's prooflessDeposit( ) function and then executed a series of transact() calls to extract funds that should not have been accessible. While the precise technical defect remains undisclosed, the method suggests the protocol may have failed to validate deposits or verify the cryptographic proofs underpinning its privacy architecture, allowing repeated transact() calls to drain USDC held by the smart contract.

The incident highlights how implementation bugs continue to drive losses across decentralized finance, even as the broader sector matures. Hinkal did not immediately respond to questions about the specific code path involved or whether remediation efforts are underway. The exploit was reported by on-chain analysts tracking the suspicious withdrawals.

The Hinkal incident joins a string of recent DeFi losses. On June 20, the Jaredfromsubway.eth maximal extractable value bot was exploited for $7.5 million, and a separate flash-loan attack manipulated the wrapped xStocks exchange rate to drain roughly $403,000 from Edel Finance. TRM Labs data cited in industry reporting counted 207 distinct hacks over the past six months, while DeFiLlama figures put total losses at $948.13 million — less than half of the $2.3 billion stolen in the first half of 2025.

Mentioned Coins

$USDC
Share:
Publishercryptonewsroom.xyz
Published—
CategorySecurity

Disclaimer: This content is for information and entertainment purposes only. It does not constitute financial, investment, legal, or tax advice. Always do your own research and consult with qualified professionals before making any financial decisions.

See our Terms of Service, Privacy Policy, and Editorial Policy.