Attacker skipped Hinkal's zk verification with a 'Proofless Deposit' bug that bypassed ZK verification, draining ~$820K in USDC on Ethereum.
On July 1, 2026, an attacker skipped Hinkal's zk verification with a 'Proofless Deposit' bug that bypassed ZK verification, draining approximately $820K in USDC on Ethereum. The attacker laundered 410 ETH via Tornado Cash plus 44.7 ETH bridged to Bitcoin over THORChain.
Laundered 410 ETH via Tornado Cash plus 44.7 ETH bridged to Bitcoin over THORChain. No recovery reported at time of writing.
N/A