Hinkal Privacy Protocol Drain
An attacker drained about $820,000 in USDC from privacy protocol Hinkal — nearly its entire cross-chain TVL — then laundered it via Tornado Cash and THORChain; the root cause is unconfirmed.
Loss
820.0K
USD
An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.
An attacker drained about $820,000 in USDC from privacy protocol Hinkal — nearly its entire cross-chain TVL — then laundered it via Tornado Cash and THORChain; the root cause is unconfirmed.
A confused-deputy access-control flaw in New Market Trading's third-party SquidRouterModule let an attacker drain roughly $3.8 million from 88 Gnosis Safe wallets across Ethereum, Base, and Arbitrum.
1B bridged DOT minted on Hyperbridge after a missing bounds check in VerifyProof let an attacker forge MMR proofs; realised loss ~$2.5M.