hinkal will fully compensate user funds, confirming approximately 797,000 USDC was extracted by an attacker and swapped for 454 ETH
Odaily reports that decentralized privacy protocol hinkal has released an update on a security incident, confirming that an attacker extracted approximately 797,000 USDC from its Ethereum contract through a series of transactions and exchanged it for about 454 ETH. Of this, roughly 410 ETH was subsequently transferred to Tornado Cash, while the remaining approximately 44.67 ETH was bridged to the Bitcoin network via THORChain. hinkal is currently collaborating with an external security team to trace the flow of funds.
hinkal stated that the impact of this security incident is limited to the relevant fund pools on the Ethereum chain, and contracts on other chains remain unaffected. However, all contracts have been temporarily suspended for fixes and security verification. All affected users will be fully compensated at a 1:1 ratio, with specific compensation procedures and timelines to be announced in a subsequent update.
