> For the complete documentation index, see [llms.txt](https://hinkal-team.gitbook.io/hinkal/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://hinkal-team.gitbook.io/hinkal/hinkal-wallet/important-protecting-tokens.md).

# IMPORTANT - Protecting Tokens

## **Never use these addresses to receive tokens**

This is Hinkal’s **smart contract address:** `0x25e5e82f5702a27c3466fe68f14abdbbadfca826`

This is Hinkal’s **relayer address:** `0xc2212d2033F3bf0FDb9F11fA13fe6a260aA76D5d`

* It’s a contract that holds ***everyone’s*** private funds.
* If tokens are sent there with a regular on-chain transfer, the relayer (which handles all transactions going in and out of the smart contract) will **not be able to identify the recipient, resulting in lost funds.**
* Hinkal cannot reverse these transactions and is **not liable for lost funds**.
* Anything you copy from a Blockchain scanner, a 3rd party dApp console, or elsewhere places you at risk of losing tokens.

### Only use addresses from inside Hinkal

Always receive funds using:

1. **Private Account** → Receive\
   QR Code / Copy Address / Private Payment Link

<figure><img src="/files/0Z2vJ5wDGfXxuGKNzMrR" alt=""><figcaption></figcaption></figure>

2. **Public Account → Receive**\
   Copy Address

<figure><img src="/files/6mmjcYiv9C166OZKydlf" alt="" width="348"><figcaption></figcaption></figure>

You can switch between accounts in the Receive screen:

<figure><img src="/files/XOloR84IPNkWBdBOD0Cd" alt="" width="349"><figcaption></figcaption></figure>

### Scenario 1: On-ramp **with wallet connection**

<table><thead><tr><th width="354">WRONG</th><th width="347">CORRECT</th></tr></thead><tbody><tr><td>The on-ramp sees the Private account, so it pays the <strong>contract itself</strong>. Funds have no owner and will never appear in your Private balance.</td><td><strong>Connect your Public account instead.</strong> The Public account can accept regular on-chain transfers, just like any Ethereum address. Copy the address from the 'Receive' screen.</td></tr></tbody></table>

<figure><img src="/files/vIjDYmRaI4MTt8mYgL5f" alt=""><figcaption></figcaption></figure>

### Scenario 2: On-ramp **that asks for an address**

*(no wallet connection step, paste address)*

<table><thead><tr><th width="266">WRONG INPUT</th><th width="200">RESULT</th><th width="233">CORRECT INPUT</th></tr></thead><tbody><tr><td>You paste a smart contract address / private address.</td><td>Tokens stranded inside the contract, lost.</td><td><strong>Public address</strong> from <em>Receive → Copy Public address</em></td></tr></tbody></table>

<figure><img src="/files/cP4lzwWGd7zojR4Q5fM4" alt=""><figcaption></figcaption></figure>

### Scenario 3: Someone sends to the contract address

If you share the contract’s 0x… string with a friend, their standard ERC-20 transfer will drop tokens into the contract with no recipient. **Funds lost.**

**Share to sender:**

1. **Private Account:**\
   **Private Payment Link, QR Code, or Private Address from 'RECEIVE' screen.**
2. **Public Account:**\
   **Public Address from 'RECEIVE' screen**

### Scenario 4: KYC or identity checks on dApps

Completing KYC with the **Private account** links your real-world info to the privacy contract.\
**Always switch to a Public account before submitting personal details.**

**Steps to stay safe**

1. Open extension → switch on top left bar → **Public**.
2. Confirm the top-right badge shows **Connected** next to Public.
3. Proceed with the dApp’s KYC flow.

## Quick Checklist before receiving or on-ramping

* **Receiving?** Copy the address from **Receive** inside Hinkal - never from a block explorer.
* **On-ramp?** Use the **Public address** or connect with the **Public account.**
* **KYC?** Public account only.
* **Friend paying you?** Send them your Private Payment Link, QR code, or Private Address or Public address.
* **Never** paste or share addresses from a blockchain scanner or dApp
