Whitehat developer unlocks $2 million stuck in a 2016 Ethereum ICO contract for nine years
May 31, 2026
Whitehat developer unlocks $2 million stuck in a 2016 Ethereum ICO contract for nine years
Share this article
0xflorent, a security researcher, found an integer-overflow flaw in the HongCoin token sale contract that lets the team unlock funds for 48 original investors. It is the second such recovery he has publicized in eight days.
Jun 1, 2026, 6:52 a.m. 2 min read
- A security researcher known as 0xflorent helped the team behind a failed 2016 HongCoin ICO unlock about 1,003.62 ETH, or roughly $2 million, that had been trapped in its smart contract for nine years.
- By coordinating with HongCoin’s multisig wallet holders, he used an unpatched integer-overflow flaw in an admin function to reset token balances and bypass a broken refund cap that had blocked larger withdrawals.
- The recovery, which makes 48 original investors eligible to reclaim funds and follows another recent rescue by 0xflorent, comes amid a wave of major DeFi exploits that have drained hundreds of millions of dollars from crypto protocols.
A security researcher who goes by 0xflorent worked with the team behind a 2016 Ethereum (ETH) ICO contract to unlock about $2 million in ether that had sat trapped for nine years, in a coordinated whitehat recovery that exploited an integer-overflow flaw the original developers had never patched.
The contract belongs to HongCoin, a 2016 token sale that fell short of its funding goal and was supposed to auto-refund investors’ ether but failed to do so because of a bug in the refund function.
0xflorent’s path unfroze 1,003.62 ETH, with 48 original investors now eligible to claim. Two have done so, retrieving a combined 96.5 ETH worth roughly $193,000, he said in an X thread Sunday.
The contract’s refund logic rejected any holder whose token balance exceeded a global counter that years of partial refunds had dragged down to 356, capping further refunds at 3.56 ETH.
0xflorent found that an admin function on the contract, restricted to HongCoin’s multisig wallet, lacked the integer-overflow protections later built into the Solidity programming language. Calling it with a specific input value reset a holder’s balance to one, allowing the refund check to pass and releasing the funds.
The recovery was not a unilateral exploit, however. Because the admin function required HongCoin’s multisig to execute, 0xflorent emailed the team, validated the unlock sequence on a test fork of Ethereum’s mainnet, and the team itself signed the unlock transactions.
It signed 41 transactions, one per blocked holder, freeing the roughly 1,000 ETH that was truly stuck. Another seven holders held small enough balances to refund directly without the workaround.
It is the second such recovery 0xflorent has publicized in eight days.
On May 24, he said he had returned 19.329 ETH, worth about $40,590, to its original owners, including 5.141 ETH from a failed January 2018 ICO and 14.190 ETH from seven expired atomic swaps in a Liquality Wallet user account that had become inaccessible after the wallet shut down in 2024.
The recovery lands during a heavy stretch of DeFi exploits, with April alone seeing hundreds of millions of dollars drained across protocols, headlined by a roughly $293 million hit on Kelp DAO.
More For You
By Shaurya Malwa|Edited by Sam Reynolds
1 hour ago
The Sui Foundation’s post-mortem published Sunday traces all three outages to interactions between a new address-balance feature shipped in the v1.72 release and the network’s existing gas and consensus logic.
What to know:
- Sui’s mainnet halted three times on May 28 and 29 after a new v1.72 feature exposed an edge case in the blockchain’s gas-charging logic, according to a post-mortem from the Sui Foundation.
- The first two outages stemmed from related bugs in how mixed gas payments were handled when transactions lacked…
Search
RECENT PRESS RELEASES
Related Post
