IMPORTANT - Protecting Tokens

Making sure you don't lose tokens in different instances

Never use these addresses to receive tokens

This is Hinkal’s smart contract address: 0x25e5e82f5702a27c3466fe68f14abdbbadfca826

This is Hinkal’s relayer address: 0xc2212d2033F3bf0FDb9F11fA13fe6a260aA76D5d

  • It’s a contract that holds everyone’s private funds.

  • If tokens are sent there with a regular on-chain transfer, the relayer (which handles all transactions going in and out of the smart contract) will not be able to identify the recipient, resulting in lost funds.

  • Hinkal cannot reverse these transactions and is not liable for lost funds.

  • Anything you copy from a Blockchain scanner, a 3rd party dApp console, or elsewhere places you at risk of losing tokens.

  • ONLY receive assets through Receive → Payment link or Public address inside the wallet.

Scenario 1 — On-ramp with wallet connection

(e.g. Uniswap’s “Buy” → Connect Wallet → choose Private account)

What goes wrong
How to avoid it

The on-ramp sees the Private account (which is the contract), so it pays the contract itself. Funds have no owner and will never appear in your Private balance.

Connect your Public account instead. The Public account can accept regular onchain transfers simillar to any Ethereum address. Copy the address from the "Receive" screen.

Scenario 2 — On-ramp that asks for an address

(no wallet connection step, paste address)

Wrong input
Result
Correct input

Hinkal contract address (copied from Etherscan or a dApp)

Tokens stranded inside the contract, lost.

Public address from Receive → Copy Public address

Scenario 3 — Someone sends to the contract address

If you share the contract’s 0x… string with a friend, their standard ERC-20 transfer will drop tokens into the contract with no recipient. Funds lost.

Tell senders to use:

  1. Payment link for public transfers to your Private account

  2. Public address for public transfers to your Public account

  3. Private address for shielded transfers between Hinkal users. (coming soon)

Scenario 4 — KYC or identity checks on dApps

Completing KYC with the Private account links your real-world info to the privacy contract. Always switch to a Public account before submitting personal details.

Steps to stay safe

  1. Open extension → click account switcher → choose Public.

  2. Confirm the top-right badge shows Connected next to Public.

  3. Proceed with the dApp’s KYC flow.

Quick Checklist before receiving or on-ramping

  • Receiving? Copy the address from Receive inside Hinkal—never from a block explorer.

  • On-ramp? Use the Public address or connect with the Public account.

  • KYC? Public account only.

  • Friend paying you? Send them your Payment link, or Public address.

  • Never paste or share addresses from a blockchain scanner or dApp

Last updated