Hinkal Hack 2026 — $820K Exploit Analysis

Attacker skipped Hinkal's zk verification with a 'Proofless Deposit' bug that bypassed ZK verification, draining ~$820K in USDC on Ethereum.

Details

Full Description

On July 1, 2026, an attacker skipped Hinkal's zk verification with a 'Proofless Deposit' bug that bypassed ZK verification, draining approximately $820K in USDC on Ethereum. The attacker laundered 410 ETH via Tornado Cash plus 44.7 ETH bridged to Bitcoin over THORChain.

Laundering Analysis

Laundered 410 ETH via Tornado Cash plus 44.7 ETH bridged to Bitcoin over THORChain. No recovery reported at time of writing.

Sources

Transaction Hashes

Back to Browse