Darius Baruo
Jun 01, 2026 02:25
A white-hat developer recovered $2M in ETH caught since 2016 in a failed ICO good contract, highlighting early Ethereum vulnerabilities.
Practically a decade after its preliminary promise as a decentralized enterprise capital fund, HongCoin buyers are lastly seeing their cash once more. On Could 31, 2026, a pseudonymous white-hat hacker referred to as “0xFlorent” efficiently recovered $2 million price of Ether (ETH) trapped within the mission’s defective good contract since its 2016 ICO.
HongCoin, launched throughout the ICO growth of 2016, aimed to be a community-driven fund ruled by a decentralized autonomous group (DAO). Nonetheless, the mission failed to succeed in its funding objective, leaving 1,003 ETH from 48 buyers locked in its good contract. A bug within the refund mechanism rendered buyers unable to reclaim their funds, successfully shelving the mission and its token for years.
In accordance with 0xFlorent, the breakthrough got here from exploiting an ignored admin operate within the good contract. “The way in which out was an admin operate with an integer overflow vulnerability,” they defined. By resetting token balances and triggering the refund mechanism, the funds had been lastly unlocked. Ethereum block explorer knowledge reveals that at the least two buyers have already obtained refunds, together with one who recovered 96 ETH (roughly $192,500 at present valuations).
This restoration marks one of many uncommon situations the place a white-hat exploit has been used to return funds from a failed 2016 ICO. Early Ethereum initiatives like HongCoin usually suffered from immature good contract designs, leaving vulnerabilities that might lock up or lose investor funds completely. The incident underscores the experimental and, at instances, precarious nature of the early crypto fundraising interval.
HongCoin’s ICO ran from August 29 to October 28, 2016, promising buyers 250 million HONG tokens in alternate for ETH contributions. Nonetheless, when the funding objective wasn’t met, the good contract’s built-in refund function failed, leaving buyers in limbo. With no lively marketplace for the token and no decision for years, most wrote off their investments.
For 0xFlorent, this isn’t the primary time they’ve recovered misplaced crypto. Simply days earlier, on Could 24, they retrieved 19.33 ETH (about $40,600) from one other failed ICO mission and a consumer’s caught cross-chain switch. Their actions spotlight the significance of auditing older good contracts, as vulnerabilities proceed to floor years after deployment.
Whereas HongCoin itself holds no buying and selling worth in the present day, the restoration of investor funds brings closure to a virtually decade-long saga. It additionally serves as a reminder of the lasting penalties of flawed good contract design throughout the ICO period. For newer initiatives, it’s a cautionary story: correct auditing and strong refund mechanisms are important to incomes investor belief and guaranteeing long-term viability.
Picture supply: Shutterstock
