Darius Baruo
Jun 01, 2026 02:25
A white-hat developer recovered $2M in ETH caught since 2016 in a failed ICO sensible contract, highlighting early Ethereum vulnerabilities.
Practically a decade after its preliminary promise as a decentralized enterprise capital fund, HongCoin buyers are lastly seeing their cash once more. On Could 31, 2026, a pseudonymous white-hat hacker often known as “0xFlorent” efficiently recovered $2 million value of Ether (ETH) trapped within the undertaking’s defective sensible contract since its 2016 ICO.
HongCoin, launched throughout the ICO growth of 2016, aimed to be a community-driven fund ruled by a decentralized autonomous group (DAO). Nonetheless, the undertaking failed to succeed in its funding purpose, leaving 1,003 ETH from 48 buyers locked in its sensible contract. A bug within the refund mechanism rendered buyers unable to reclaim their funds, successfully shelving the undertaking and its token for years.
Based on 0xFlorent, the breakthrough got here from exploiting an missed admin operate within the sensible contract. “The way in which out was an admin operate with an integer overflow vulnerability,” they defined. By resetting token balances and triggering the refund mechanism, the funds have been lastly unlocked. Ethereum block explorer knowledge reveals that at the very least two buyers have already acquired refunds, together with one who recovered 96 ETH (roughly $192,500 at present valuations).
This restoration marks one of many uncommon situations the place a white-hat exploit has been used to return funds from a failed 2016 ICO. Early Ethereum tasks like HongCoin typically suffered from immature sensible contract designs, leaving vulnerabilities that would lock up or lose investor funds fully. The incident underscores the experimental and, at instances, precarious nature of the early crypto fundraising interval.
HongCoin’s ICO ran from August 29 to October 28, 2016, promising buyers 250 million HONG tokens in alternate for ETH contributions. Nonetheless, when the funding purpose wasn’t met, the sensible contract’s built-in refund characteristic failed, leaving buyers in limbo. With no lively marketplace for the token and no decision for years, most wrote off their investments.
For 0xFlorent, this isn’t the primary time they’ve recovered misplaced crypto. Simply days earlier, on Could 24, they retrieved 19.33 ETH (about $40,600) from one other failed ICO undertaking and a person’s caught cross-chain switch. Their actions spotlight the significance of auditing older sensible contracts, as vulnerabilities proceed to floor years after deployment.
Whereas HongCoin itself holds no buying and selling worth right this moment, the restoration of investor funds brings closure to an almost decade-long saga. It additionally serves as a reminder of the lasting penalties of flawed sensible contract design throughout the ICO period. For newer tasks, it’s a cautionary story: correct auditing and strong refund mechanisms are important to incomes investor belief and making certain long-term viability.
Picture supply: Shutterstock