Key Takeaways
- Safety researcher 0xflorent freed 1,003.62 ETH from a 2016 Hongcoin ICO contract locked by a bug for practically 9 years.
- The whitehat exploit used an integer overflow in a multisig admin operate, requiring 41 signed transactions to unblock 48 buyers.
- Two buyers have already claimed 96.5 ETH, with roughly 882 ETH nonetheless out there as of June 1, 2026.
A 2016 ICO That By no means Paid Again
The funds originated from Hongcoin, additionally known as “The HONG,” a 2016 Ethereum-based venture pitched as a community-run decentralized funding fund. The ICO did not hit its funding goal, which ought to have triggered an automated refund to contributors.
It didn’t work that method.
A bug within the refund logic blocked most buyers from claiming their ETH. The contract in contrast every investor’s token stability in opposition to a worldwide counter. Partial refunds over time had diminished that counter to 356, capping any additional refunds at simply 3.56 ETH per holder. A lot of the 48 remaining buyers held excess of that. Their funds stayed locked.
The contract tackle, 0x9fa8fa61a10ff892e4ebceb7f4e0fc684c2ce0a9, stays verifiable on Etherscan.
The Exploit That Fastened It
0xflorent recognized an integer-overflow vulnerability in an admin-only operate tied to the Hongcoin staff’s multisig pockets. The operate was initially designed to mint bounty tokens however lacked overflow protections, a standard weak spot in pre-SafeMath Solidity code from 2016.
By passing a particular enter worth, the operate might reset an investor’s token stability to 1, bypassing the refund examine and permitting the contract to launch the corresponding ETH.
Florent described it because the “first white-hat exploit on Ethereum,” noting that no outdoors attacker had any incentive to make use of it. The funds might solely move again to the unique contributors. There was no possession takeover and no theft vector.
How the Restoration Unfolded
Florent reached out privately to the dormant Hongcoin staff by e-mail. He validated the complete unlock sequence on an area Foundry fork of Ethereum mainnet earlier than touching something on-chain. The staff’s multisig then signed 41 transactions, one for every blocked holder requiring a stability reset. Seven holders with smaller balances might declare refunds straight with out the workaround.
The complete course of took about one week.
As of June 1, 2026, all 1,003.62 ETH had been unfrozen. Two buyers have already claimed a mixed 96.5 ETH, price roughly $193,000. They despatched Florent a voluntary bounty. He took no charges, no lower, and no fee.
Roughly 882 ETH stays out there for the opposite buyers to assert.
A Sample of Whitehat Work
This was Florent’s second publicized restoration in eight days. On Might 24, he returned 19.329 ETH, about $40,590, from a 2018 ICO contract and expired atomic swaps tied to a now-defunct pockets.
Florent makes use of customized scanning instruments, together with a self-hosted node, to find contracts holding greater than 100 ETH. He famous that many elderly contracts are forks of each other, that means vulnerabilities typically cluster. He additionally talked about utilizing Claude Code to speed up evaluation, however cautioned that the instrument might be overly pessimistic about contracts it flags as uncrackable.
What This Means for Early Ethereum Holders
Lots of of Ethereum sensible contracts from the 2016 and 2017 ICO growth period nonetheless maintain locked funds. Most contributors wrote these balances off years in the past.
Florent’s work is a reminder that a few of these contracts nonetheless have a door, and somebody with the best instruments may discover the important thing.
