Ethical Hacker Retrieves $2M in Ethereum Trapped in Flawed 2016 ICO Contract
An ethical hacker assisted Hong Coin's development team by demonstrating how to recover funds from a defective smart contract administrative function, enabling investor reimbursements nearly ten years later.
An anonymous ethical hacker operating under a pseudonym has successfully assisted in retrieving approximately $2 million in Ether that remained trapped within a defective initial coin offering (ICO) smart contract for nearly ten years.
According to a Sunday post on X, the ethical hacker, operating under the handle "0xflorent," reported helping to retrieve approximately 1,003 Ether (ETH) belonging to 48 different investors who had taken part in the Hong Coin (HONG) ICO, which was designed as a decentralized venture capital platform that ultimately never got off the ground after falling short of its funding target.
"The contract held all the investors' ETH and was supposed to auto-refund them," 0xflorent said. However, "a bug in the refund function quietly broke that, and the funds got stuck."
Information retrieved from Etherscan, the Ethereum blockchain explorer, reveals that at least one HONG participant has already received a refund of 96 ETH, currently valued at approximately $192,500, while another investor received 0.5 ETH back.
The Hong Coin project was originally introduced in 2016, with a promotional YouTube video from that period describing the cryptocurrency as a community-governed venture capital platform where participants in the project's decentralized autonomous organization would collectively determine which initiatives would receive financial support.
The token sale commenced on Aug. 29, 2016, and concluded approximately two months afterward on Oct. 28.
Those who contributed ETH to the HONG smart contract were expected to obtain 250 million HONG tokens allocated over five separate phases, however the project failed to meet its funding objective, and participants were meant to receive their money back.
According to 0xflorent, they worked alongside the HONG development team, demonstrating the method to retrieve the trapped assets by exploiting a vulnerable administrative function that would reset the token balances of holders and activate the refund process.
"The way out was an admin function with an integer overflow vulnerability," they explained. "Calling it with a specific input resets a holder's balance and unblocks the refund check."
Additionally, on May 24, 0xflorent reported successfully recovering a total of 19.33 ETH valued at roughly $40,600 from two separate sources: a failed ICO initiative from January 2018 and funds belonging to a Liquality Wallet customer whose assets had become stuck within a cross-chain transfer protocol.