Key Takeaways:
Vitalik Buterin tested Hinkal’s “Invisible Wallet,” a new tool that hides wallet activity to protect users from hacks. Crypto hacks surged to $163 million in August, rising for the third month a row. Analysts say privacy wallets can reduce exposure for high-net-worth holders, but warn they’re not a silver bullet against determined tracking. While zero-knowledge proofs allow for privacy-preserving compliance, experts say legal alignment remains uncertain.Ethereum cofounder Vitalik Buterin has been testing Hinkal’s new ‘Invisible Wallet,’ a privacy tool that could mark a breakthrough at a time when wealthy wallets are increasingly targeted by hackers.
It comes as losses from crypto hacks soared to $163 million in August, rising for the third month in a row, according to PeckShield. In the last five years alone, crypto investors have lost over $4 billion in targeted attacks.
Web3 firm Hinkal says its wallet allows users to hide their on-chain activity. It claims that users, especially those with big balances, can use the wallet to deter attacks without compromising regulatory compliance.
Hinkal CEO Giorgi Koreli described crypto’s in-built transparency as a “bug”. He says it is not “normal” that over $4 trillion in crypto assets on public blockchains “can be monitored and potentially weaponized by others.”
“Privacy-preserving wallets are the future, because free surveillance and tracking can’t be,” Koreli argues.
In his test transfer in late August, Buterin sent 0.01 ETH ($44) from his wallet to an address owned by Hinkal using its invisible wallet, according to Etherscan data. Buterin’s wallet address is publicly labeled vitalik.eth.
As seen in the image below, Hinkal kept track of the Ethereum founder’s activity but did not share any more of his internal transactions for privacy reasons. Even his well-known address is obfuscated in the transaction record.
“If your assets can be watched, your transaction can be mapped and traced at every interaction,” Koreli wrote in an article posted on X. “It’s not freedom. It’s additional exposure.”
Hinkal’s Invisible Wallet ‘Is Not a Silver Bullet’
The blockchain is, by design, a public ledger that broadcasts wallet activity. As Koreli puts it, every transaction, position, and trading strategy is visible to competitors, as well as cybercriminals.
He says crypto’s “radical transparency” has been a major obstacle, discouraging privacy-focused institutions in traditional finance from investing in the “$50 billion” decentralized finance (DeFi) market.
Slava Demchuk, CEO of blockchain analytics firm AMLBot, said tools like Hinkal’s invisible wallet can raise the bar for personal security by shielding wallet balances and transaction histories from opportunistic attackers.
“For high-net-worth holders, that additional layer of privacy reduces the risk of targeted hacks, phishing attempts, or even physical threats,” Demchuk told Cryptonews, adding:
“Of course, as with any system, ultimate protection depends on adoption, decentralization, robustness of the cryptography behind it, and, most importantly, on users’ own caution.”
Invisible wallets, like Hinkal’s, act as cloaking devices. Transactions can still be validated on-chain, but sensitive details, such as wallet addresses, amounts, or counterparties, remain hidden from public scrutiny, experts say.
Yury Serov, head of investigations at analytics firm Global Ledger, lauded the privacy wallet for removing the most obvious exposure points, namely the appearance of a public address in swaps, lending and routine DeFi use.
But this “invisible” must not be conflated with “invulnerable.” For example, he says, if someone moves unusually large amounts when the liquidity pool is thin, bad actors may easily correlate deposits and withdrawals.
“Timing patterns, transaction sizes, and even metadata from relayers can give away more than users expect,” Serov tells Cryptonews, adding:
“In practice, this means Hinkal makes it much harder for casual observers or opportunistic attackers to track big wallets, but it won’t make a whale completely disappear from a determined investigation.”
According to Serov, Hinkal’s Invisible Wallet “is best viewed as a layer of risk reduction, not a silver bullet.”
Can Privacy and Compliance Coexist?
Hinkal insists that its wallet can be both private and compliant at the same time. Experts aren’t so sure. According to AMLBot CEO Demchuk, it is technically feasible for the wallet to comply with the rules while private.
“Yes, users do pass KYC requirements, and zero-knowledge (ZK) proofs allow them to demonstrate eligibility without exposing personal data,” he noted. “However, from a legal standpoint, it’s not entirely compliant yet.”
Under the European Union’s General Data Protection Regulation, or GDPR, service providers may still be required to act as data controllers, creating “a gap between technical compliance and regulatory obligations,” he said.
The blockchain analyst brought up PureFi as an alternative framework that verifies compliance checks on-chain while ensuring that service providers retain the role of data controller.
“So, while Hinkal’s approach is innovative, there are still open questions about full regulatory alignment,” said Demchuk.
Global Ledger’s Serov concurred with Demchuk, saying that with ZK proofs, users can prove they have already passed (know your customer) KYC verification with a regulated exchange or that they are not on the sanctions list, to participate.
He explains:
“Historically, regulators and policymakers have sometimes seen privacy as being in direct opposition to financial crime compliance. But today, technological advances are moving so quickly that it may no longer be necessary to sacrifice one goal to achieve the other.”
But not everyone is entirely convinced. Didier Lavallée, CEO of Canadian crypto firm Tetra Trust, says Hinkal’s compliance model is “unclear”.
“You would need some kind of token or verification system to confirm it is compliant,” Lavallée told Cryptonews. Still, the service might be useful for institutions that continue to use permissioned blockchains, he said.
Vitalik Wants Privacy Wired Into the Blockchain
Vitalik Buterin has occasionally revisited the question of privacy in his blogs. He usually breaks down the “moon math” that is required to code privacy protocols such as zero-knowledge proofs into Ethereum.
His simple solution is to wire privacy into the blockchain itself rather than add it on top of the blockchain in the form of a wallet, for example.
“Up until now, making private transfers on Ethereum has required users to explicitly download and use a ‘privacy wallet’, such as Railway (or Umbra for stealth addresses),” Buterin explains in one blog entry.
“This adds great inconvenience and reduces the number of people who are willing to make private transfers. The solution is that private transfers need to be integrated directly into wallets.”
One of his proposed implementations would have wallets store a portion of a user’s assets as a “private balance” in a privacy pool.
“When a user makes a transfer, it would automatically withdraw from the privacy pool first,” says Buterin. “If a user needs to receive funds, the wallet could automatically generate a stealth address.”
Invisible Wallet: Transparency vs. Privacy
Hinkal’s privacy tool challenges crypto’s core ethos of transparency. After all, blockchain was built to let “everyone see everything.” However, some crypto analysts argue the wallet reframes crypto transparency rather than ends it.
“Instead of putting every detail of a user’s balance and trades on-chain, it uses zero-knowledge proofs to make only the necessary facts verifiable,” said Serov, the Global Ledger head of investigations, adding:
“In other words, it tries to preserve the trustless auditability of crypto while reducing the personal exposure that comes with full transparency. Hinkal reflects a shift from ‘everyone sees everything’ to ‘everyone can verify what matters.’”
AMLBot’s Demchuk spoke about balancing transparency with privacy. “Transparency has always been core to blockchain, but privacy is equally fundamental, especially when financial security is at stake,” he detailed.
“Public ledgers can remain auditable, while individual users gain choice over what information they reveal.”
Meanwhile, Hinkal could face much bigger problems. Privacy tools have historically drawn sharp reactions from regulators.
In 2022, for example, the U.S. Treasury Department sanctioned Ethereum-based mixing service Tornado Cash on allegations of facilitating billions in laundered funds. Its cofounder, Roman Storm, was indicted in the U.S. for money laundering.
“There are some legitimate use cases of the (Hinkal) app, like payroll or protection from dusting attacks,” Serov noted. “But this innovation is likely to attract regulators’ attention in advanced regulatory regimes, like the EU.”
Without a MiCA license, or Markets in Crypto Assets Regulation, Hinkal will not be able to offer its privacy-enhanced crypto custody solution in the European Union, according to Serov.
“Under the new AMLR, crypto asset services providers will not be allowed to facilitate transactions with privacy coins or anonymous accounts from July 2027. Such privacy-enhancing solutions will be effectively outlawed.”
Analysts say Hinkal’s wallet will likely be pushed out into jurisdictions that don’t yet have similar regulations in place.
“Unlike mixers, which anonymize flows without checks, Hinkal integrates privacy-preserving KYC and access tokens,” said Demchuk. “That gives regulators a framework to distinguish it from ‘black box’ laundering tools.”
Data from Global Ledger shows that Tornado Cash received roughly $1.5 billion worth of ETH between Jan. 1 and Sept. 5 this year (see image above).
Serov said around 36% of the funds are “high-risk” and come from hacks, such as the Cork Protocol hack and Bybit hack, as well as sanctioned entities like Garantex and other risky sources. “The mixer poses significant AML risks,” he added.
The post As Crypto Hacks Surge, Ethereum Founder Vitalik Tests New ‘Invisible Wallet’ appeared first on Cryptonews.
