Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Inside the Trump Family’s $1.2B Crypto Windfall Who Paid the Price
    Inside the Trump Family’s $1.2B Crypto Windfall: Who Paid the Price?
    MiCA Deadline Hits Top Safe Crypto Platforms for EU Users in July 2026
    MiCA Deadline Hits: Top Safe Crypto Platforms for EU Users in July 2026
    MSTR, STRC, and Michael Saylor’s Pragmatic Turn Strengthening Credit in a Volatile Bitcoin Era
    MSTR, STRC, and Michael Saylor’s Pragmatic Turn: Strengthening Credit in a Volatile Bitcoin Era
    MiCA's July 1 Deadline What It Means for Your Crypto in Europe
    MiCA’s July 1 Deadline: What It Means for Your Crypto in Europe
  • Opinion
    OpinionShow More
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
    Is Crypto Dying, or Is Pump.fun Turning It Into an Attention Casino
    Is Crypto Dying, or Is Pump.fun Turning It Into an Attention Casino?
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
DeFi News

Hinkal Protocol Exploited: $820K Laundered via Tornado Cash & THORChain

The attacker drained Hinkal through at least 14 identical 25,000 USDC withdrawals in under a minute, indicating an automated exploit.

Written By Dishita Malvania Dishita Malvania
Edited by Divya Mistry Divya Mistry
Published 2 hours ago·Updated 1 hour ago
Make The Crypto Times preferred on GoogleGoogle
Share
Hinkal Protocol Exploited 450+ ETH Laundered via Tornado Cash & THORChain

Privacy infrastructure protocol Hinkal, the zero-knowledge settlement layer recently integrated into the Polygon wallet for shielded stablecoin transfers, has suffered a security breach estimated at around $820,000, with the attacker laundering the proceeds through Tornado Cash and THORChain at a pace that left almost no window for intervention.

The alarm was first raised by pseudonymous on-chain investigator Specter, who flagged the exploit and traced attacker-linked funds moving into laundering channels within the hour. 

Blockchain security firm CertiK followed through on its alert system, publishing multiple warnings tracing suspicious outflows from the protocol’s contracts. At the same time, PeckShield and GoPlus Security issued their own alerts corroborating the fund movements. This rare four-firm pile-on underscores how quickly the laundering unfolded. Hinkal acknowledged the incident shortly after, confirming the team is aware of the activity.

Show AI Summary
The Hinkal security breach has significant human consequences, with around $820,000 stolen, impacting users and institutional partners
The swift laundering of funds through Tornado Cash and THORChain has raised concerns about the effectiveness of current tracing tools and recovery prospects
This incident highlights the growing threat to DeFi security, with cumulative losses exceeding $1.1 billion in the first half of 2026, and the need for enhanced protection measures

A drain in identical 25,000 USDC tranches

On-chain records show the mechanics of the extraction. The attacker’s wallet, beginning 0xbB3f01a1 and ending 06c32fc20, first interacted with Hinkal’s pool contract (0x25e5e82f…bAdFca826) through a transaction labeled “Proofless Deposit” at block 25448306 on Ethereum.

What followed was a machine-like sequence. Across blocks 25448345 to 25448347, the Hinkal contract pushed out a rapid string of outbound USDC transfers to the attacker’s address, each for exactly 25,000 USDC, with at least 14 such transfers within the span of three blocks, or under a minute of chain time.

#PeckShieldAlert Specter has reported that @hinkal_protocol was exploited for ~$820K.

The exploiter deposited 410 $ETH (~$700K) into #TornadoCash and bridged 44.7 $ETH from Ethereum to Bitcoin bc1qr2sf…zn3w via #Thorchain pic.twitter.com/XHt6lQuPlU

— PeckShieldAlert (@PeckShieldAlert) July 3, 2026

The uniform sizing and compressed timing point to a scripted exploit loop rather than manual withdrawals, a pattern that suggests the attacker found a way to withdraw repeatedly against a single deposit whose validity the contract failed to properly verify.

It should be stressed that none of the security firms has published a technical breakdown of the root cause yet. Until Hinkal or an independent auditor releases a full post-mortem, the possibilities range from a protocol-level proof verification flaw to compromised keys or malicious approvals, and the incident is best characterized as a reported exploit backed by a consistent on-chain trail.

The laundering playbook: Tornado first, THORChain second

After converting the stolen stablecoins into Ether, the attacker wasted no time. Etherscan data shows the wallet was seeded with two small incoming transfers of roughly 0.049 ETH and 0.040 ETH for gas, a classic pre-funding step, before the laundering began.

Between blocks 25448486 and 25448510, a window of roughly four minutes, the exploiter fired off at least 14 deposits into Tornado Cash: eleven deposits of 10 ETH and three deposits of 100 ETH, totaling a minimum of 410 ETH, worth approximately $700,000 per Specter’s tracking. Each deposit costs under $5 in fees, with transaction fees ranging between 0.0028 and 0.0029 ETH.

1/ The profit has been swapped for ETH, and 410 ETH has been deposited into Tornado Cash, while 44.67 ETH is being swapped to BTC via Thorchain. pic.twitter.com/E2q9nDt6vN

— CertiK Alert (@CertiKAlert) July 3, 2026

Then came the cross-chain leg. Roughly 35 minutes after the last Tornado deposit, at block 25448683, the wallet sent 44.6747 ETH to the THORChain router in a single “Deposit With” transaction. 

The trail did not stop at the router: the ETH was swapped into native Bitcoin via THORChain, exiting the Ethereum ecosystem entirely. That final hop matters because it moves a slice of the proceeds beyond the reach of Ethereum-native freezing tools and any USDC blacklisting by Circle, leaving investigators to pursue the funds across two separate chains.

Combined, that is more than 454 ETH moved beyond easy traceability, bringing the total reported loss to approximately $820,000.

The split-denomination Tornado deposits, followed by a THORChain exit, mirror the laundering structure seen in this year’s largest incidents. THORChain was the primary off-ramp for the North Korea-linked KelpDAO bridge exploit, which drained $292 million in April, while structured 10 and 100 ETH Tornado batches have become the default first move for exploiters, as The Crypto Times documented in the KyberSwap attacker’s recent laundering run.

An uncomfortable irony for a privacy protocol

The breach carries a particular sting for Hinkal, a protocol whose entire pitch is compliant privacy. The project, backed by Draper Associates and others, runs Chainalysis KYT screening at the deposit layer specifically to block tainted wallets from entering its shielded pools, and in May it powered the launch of private USDC and USDT transfers inside the Polygon wallet, a flagship integration aimed at institutional payment flows.

That an attacker apparently bypassed the proof verification guarding those same pools, then turned to Tornado Cash, the unscreened mixer Hinkal positions itself as the compliant alternative to, is a scenario the protocol’s institutional partners will be watching closely. 

Hinkal has not yet published a full post-mortem, and it remains unclear whether affected balances belong to the protocol, integrators, or end users, or whether any reimbursement is planned.

Another Entry in a Brutal H1 for DeFi

The exploit lands in the middle of the worst stretch for DeFi security on record. The first half of 2026 has already logged cumulative losses exceeding $1.1 billion, and this is the second exploit this week alone to end in Tornado Cash, following the $403,000 Edel Finance oracle manipulation attack on July 1.

With the funds already fragmented across a mixer and a cross-chain swap protocol, recovery prospects are slim. Security researchers consistently describe mixer entry as a near-terminal point for traceability, and THORChain has shown no willingness to freeze flagged flows even in nine-figure cases. 

For now, the attacker’s remaining balance and any further movements from the 0xbB3f01a1 wallet remain the primary threads for investigators to pull.

Also Read: Velocity Defends Drift Rebrand After $295M Crypto Exploit

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News
Google News Banner

TAGGED:Crypto HackEthereum (ETH)Tornado Cash
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link
Dishita Malvania
By Dishita Malvania
Follow:
Dishita Malvania is a Senior Crypto Journalist at The Crypto Times, based in Ahmedabad, India. She manages extensive daily news operations, tracking global digital asset trends, major international summits, market momentum, and localized exchange environments. Her investigative reporting covers India's evolving regulatory updates and enforcement actions, ensuring comprehensive documentation of regional market upheavals. Dishita holds a B.Tech degree in Computer Engineering, with an additional certification in Digital Media. Before joining The Crypto Times, she built a massive catalog of tech and media coverage. Her core reporting beats include crypto regulation and policy, blockchain security and cybercrime, AI in finance, Web3 infrastructure, and crypto fraud investigations and enforcement actions. Her three years of high-volume digital journalism have shaped her rapid fact-checking capabilities, source communication, and clear reporting style, making her work widely cited across premier global news outlets including Entrepreneur.com, The Independent, The Verge, and Metro.co.uk.
Divya Mistry
By Divya Mistry
Follow:
Divya Mistry is the Senior Editor at The Crypto Times. She leads the central editorial desk, overseeing the review and publication of policy analyses, investigative reports, exchange coverage, and protocol exploit stories. Her editorial remit spans digital asset markets, global exchange operations, cross-border digital asset settlements, regulatory developments, and other key developments shaping the cryptocurrency industry. Divya brings more than a decade of experience in editorial strategy, content development, public relations, marketing communications, and research. Before joining The Crypto Times, she worked across multiple sectors, including finance, technology, education, healthcare, real estate, entertainment, lifestyle, and vertical transport, contributing to both digital and print publications. Her research and content work has been featured on platforms including DNA India, Zee, Forbes, and Elevator World India. She holds a Master's degree in English Literature from the University of Mumbai. Drawing on her background in long-form publishing, research, and editorial leadership, she reviews and refines complex stories to ensure accuracy, clarity, and strong editorial standards before publication.

Latest News

Ireland Seizes Another 500 BTC From Drug Dealer's Lost Wallets, Total Worth $90M
Ireland Seizes Another 500 BTC From Drug Dealer’s Lost Wallets, Total Worth $90M
Bitcoin Climbs 6% While MSTR Surged Over 23% — Is Michael Saylor’s Plan Finally Paying Off?
Bitcoin Climbs 6% While MSTR Surged Over 23% — Is Michael Saylor’s Plan Finally Paying Off?
Ripple Founder-Gillibrand Deal Intensifies CLARITY Act Ethics Fight
Ripple Founder-Gillibrand Deal Intensifies CLARITY Act Ethics Fight
Samsung, Dunamu Other Korean Partners Deny Open USD Ties, Testing 140-Firm Claim
Samsung, Dunamu & Other Korean Partners Deny Open USD Ties, Testing 140-Firm Claim
Donald Trump Claims He 'Didn't Know' About Family's $1.2B Crypto Haul
Donald Trump Claims He ‘Didn’t Know’ About Family’s $1.2B Crypto Haul

Find Us on Socials

You may also like

Velocity Defends Drift Rebrand After $295M Crypto Exploit

Velocity Defends Drift Rebrand After $295M Crypto Exploit

Crypto Markets Ignite Pump Bitcoin Price Surges Past $61K, ETH Surges 5%

Crypto Markets Ignite Pump: Bitcoin Price Surges Past $61K, ETH Surges 5%

Polygon Shuts Down Its Once-Flagship $250M zkEVM on July 1

Polygon Shuts Down Its Once-Flagship $250M zkEVM on July 1

Edel Finance Hacked $403K Stolen as Attacker Moves Funds to Tornado Cash

Edel Finance Hacked: $403K Stolen as Attacker Moves Funds to Tornado Cash

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information