# IMPORTANT - Protecting Tokens ## **Never use these addresses to receive tokens** This is Hinkal’s **smart contract address:** `0x25e5e82f5702a27c3466fe68f14abdbbadfca826` This is Hinkal’s **relayer address:** `0xc2212d2033F3bf0FDb9F11fA13fe6a260aA76D5d` * It’s a contract that holds ***everyone’s*** private funds. * If tokens are sent there with a regular on-chain transfer, the relayer (which handles all transactions going in and out of the smart contract) will **not be able to identify the recipient, resulting in lost funds.** * Hinkal cannot reverse these transactions and is **not liable for lost funds**. * Anything you copy from a Blockchain scanner, a 3rd party dApp console, or elsewhere places you at risk of losing tokens. ### Only use addresses from inside Hinkal Always receive funds using: 1. **Private Account** → Receive\ QR Code / Copy Address / Private Payment Link

2. **Public Account → Receive**\ Copy Address

You can switch between accounts in the Receive screen:

### Scenario 1: On-ramp **with wallet connection**

WRONG	CORRECT
The on-ramp sees the Private account, so it pays the contract itself. Funds have no owner and will never appear in your Private balance.	Connect your Public account instead. The Public account can accept regular on-chain transfers, just like any Ethereum address. Copy the address from the 'Receive' screen.

### Scenario 2: On-ramp **that asks for an address** *(no wallet connection step, paste address)*

WRONG INPUT	RESULT	CORRECT INPUT
You paste a smart contract address / private address.	Tokens stranded inside the contract, lost.	Public address from Receive → Copy Public address

### Scenario 3: Someone sends to the contract address If you share the contract’s 0x… string with a friend, their standard ERC-20 transfer will drop tokens into the contract with no recipient. **Funds lost.** **Share to sender:** 1. **Private Account:**\ **Private Payment Link, QR Code, or Private Address from 'RECEIVE' screen.** 2. **Public Account:**\ **Public Address from 'RECEIVE' screen** ### Scenario 4: KYC or identity checks on dApps Completing KYC with the **Private account** links your real-world info to the privacy contract.\ **Always switch to a Public account before submitting personal details.** **Steps to stay safe** 1. Open extension → switch on top left bar → **Public**. 2. Confirm the top-right badge shows **Connected** next to Public. 3. Proceed with the dApp’s KYC flow. ## Quick Checklist before receiving or on-ramping * **Receiving?** Copy the address from **Receive** inside Hinkal - never from a block explorer. * **On-ramp?** Use the **Public address** or connect with the **Public account.** * **KYC?** Public account only. * **Friend paying you?** Send them your Private Payment Link, QR code, or Private Address or Public address. * **Never** paste or share addresses from a blockchain scanner or dApp --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://hinkal-team.gitbook.io/hinkal/hinkal-wallet/important-protecting-tokens.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.