Hinkal Says Attacker Stole 797,000 USDC, Pledges Full 1:1 Reimbursement

AI Market Summary
Privacy protocol Hinkal confirmed ~797k USDC was drained from an Ethereum contract and swapped into ~454 ETH, with most routed through Tornado Cash and part bridged via THORChain. The exploit and temporary pause of all contracts increase near-term security and counterparty risk for Ethereum DeFi liquidity pools, despite the team's pledge of full 1:1 user reimbursement and ongoing forensic tracking.
Impact level
● Medium
Affected assets
ETH/USDT+1.56%
AI Insight · ETH/USDTAI Insight
▼ Bearish
Trade now
⚠️ AI-generated insights are based on news content and are provided for informational purposes only. They do not constitute investment advice or represent the views of BingX. Investing involves risk. Please trade responsibly.
Decentralized privacy protocol Hinkal said an attacker drained about 797,000 USDC from its Ethereum contract and swapped the proceeds for roughly 454 ETH. The team said about 410 ETH was later sent to Tornado Cash, while the remaining 44.67 ETH was moved cross-chain to the Bitcoin network via THORChain. Hinkal said it is working with external security firms to trace the funds. The incident was limited to the affected Ethereum-based liquidity pools and did not impact contracts on other chains, though the protocol has temporarily paused all contracts while remediation and security checks are completed. Hinkal said impacted users will be made whole with full 1:1 compensation. Further details and a timeline for reimbursements will be provided in future updates.