Compliance & Security

To mitigate smart contract risks, Hinkal has integrated three pillars of security:

1) Audits: zkSecurity, Zokyo, Quantstamp, Secure3, and Hexens

2) Real-Time Protection and wallet screening: Hexagate

3) Bug Bounties: Immunefi

Verification

Only users with >$1k in assets must verify their compliance through the following flow:

1. Hinkal checks if the user has a Binance Account Bound Token (BABt), Galxe Passport, or soulbound tokens from zkMe in the connected wallet. (If one of the above tokens is detected, the user is automatically verified)

2. If the user does not have one of the above tokens, they must verify the ownership of a CEX account without revealing any data to Hinkal. This is enabled by Reclaim protocol via zero-knowledge proofs. Users prove ownership by logging in to the CEX account and generating zk-proof, and then Hinkal accepts this proof as evidence that the user is not part of any sanction lists. Accepted attestations from exchanges are Binance, Coinbase, OKX, Gate, Kucoin, HTX, and MEXC.

3. Alternatively, Hinkal supports reusable attestations from Authento. Users can also obtain attestations through partner protocols (zkMe, Galxe, and AiPrise) and get verified. The verification process takes under one minute.

Once the user's PII has been verified, they mint a non-transferable token with their first deposit (the ‘Access Token’) that confirms user's attestation.