Skip to content
Active Currencies: 17,362
Market Cap: $2.277T
Bitcoin Dominance: 55.65%
24h Market Cap Change: $0.88

How Hinkal protocol’s smart contract flaw sparked $820K USDC exploit

In the past six months, there have been 207 distinct hacks, totaling $948.13 million.

Hinkal Protocol is suspected to have been exploited

Another day, yet another exploit.

News has been circulating that the Hinkal stablecoin privacy protocol may have been compromised. It appears that the suspected exploit was caused by a flaw in one of its smart contracts.

Reportedly, the flaw allowed an attacker to take about $820,000 worth of USDC out of the system.

Initial reports suggest the attacker extracted funds that should not have been accessible. The attacker was able to do this by manipulating Hinkal’s prooflessDeposit() function and then making a string of transact() calls.

Hinkal stablecoin privacy protocol exploited
Source: GoPlus Security/X

Technique used to carry out the attack

Although the precise technical defect remains unknown, the attack suggests the protocol may have failed to validate deposits or verify the cryptographic proofs underpinning Hinkal’s privacy architecture.

This may have allowed the attacker to repeatedly call transact() and withdraw USDC held by the smart contract. As a result, a coding error led to a real financial loss.

That said, the suspected Hinkal exploit hints at a smart contract code vulnerability, which is one of the most enduring threats in decentralized finance (DeFi). While the incident does not point to a flaw in DeFi itself, it shows how implementation bugs can lead to significant financial losses.

Rise in exploits in 2026

This comes at a time when there have been other recent exploits. On the 20th of June, the Jaredfromsubway.eth Maximal Extractable Value (MEV) bot was exploited, which resulted in $7.5 million in losses.

In another instance, a hacker used a flash loan to manipulate the wrapped xStocks exchange rate, resulting in an approximately $403,000 exploit for Edel Finance

Taking all these together, it’s evident that scams have increased significantly in 2026. In fact, in the past six months, there have been 207 distinct hacks, according to TRM Labs.

Yet, despite the rise in incidents, DeFiLlama data showed that total losses came to $948.13 million, which is less than half of the $2.3 billion that was stolen in the first half of 2025.

Total hacks in 2026 rise
Source: DeFiLlama

Final Summary

  • The Hinkal stablecoin privacy protocol exploit resulted in the compromise of $820,000 worth of USDC.
  • The attacker misused Hinkal’s prooflessDeposit() function and then made a string of transact() calls to carry out this attack. 
Disclaimer: AMBCrypto's content is meant to be informational in nature and should not be interpreted as investment advice. Trading, buying or selling cryptocurrencies should be considered a high-risk investment and every reader is advised to do their own research before making any decisions.

Ishika Kumari

Journalist

Ishika Kumari is a Crypto Analyst at AMBCrypto, specializing in regulatory developments, market dynamics, and blockchain’s real-world impact. She breaks down complex protocols and legislation into practical, easy-to-understand insights.

AMBCrypto was founded in 2018 with a mission to simplify and bring the latest blockchain and cryptocurrency news to our readers. We have quickly grown into the digital news source for an emerging generation of cryptocurrency enthusiasts, reaching more than a million readers on a monthly basis, across the globe.