TL;DRAI

Researcher 0xflorent recovered 1,003 ETH (~$2M) trapped in a 2016 ICO contract by exploiting an unpatched integer-overflow in an admin function, with HongCoin's multisig co-signing 41 unlock transactions. Pre-2018 Solidity contracts lack built-in overflow protection — dormant admin functions on legacy deployments are live exploit surface worth auditing.

A security researcher who goes by 0xflorent worked with the team behind a 2016 Ethereum (ETH) ICO contract to unlock about $2 million in ether that had sat trapped for nine years, in a coordinated whitehat recovery that exploited an integer-overflow flaw the original developers had never patched.

The contract belongs to HongCoin, a 2016 token sale that fell short of its funding goal and was supposed to auto-refund investors' ether but failed to do so because of a bug in the refund function.

0xflorent's path unfroze 1,003.62 ETH, with 48 original investors now eligible to claim. Two have done so, retrieving a combined 96.5 ETH worth roughly $193,000, he said in an X thread Sunday.

First white-hat exploit on Ethereum: I unlocked 1,003.62

Ξ ($2,000,000) trapped in a 2016 ICO smart contract

coindesk.com

Whitehat developer unlocks $2 million stuck in a 2016 Ethereum ICO contract for nine years

0xflorent, a security researcher, found an integer-overflow flaw in the HongCoin token sale contract that lets the team unlock funds for 48 original investors. It is the second such recovery he has publicized in eight days.

lunedì 1 giugno 2026 New tab

TL;DRAI

511 words~2 min read

The contract belongs to HongCoin, a 2016 token sale that fell short of its funding goal and was supposed to auto-refund investors' ether but failed to do so because of a bug in the refund function.

0xflorent's path unfroze 1,003.62 ETH, with 48 original investors now eligible to claim. Two have done so, retrieving a combined 96.5 ETH worth roughly $193,000, he said in an X thread Sunday.

First white-hat exploit on Ethereum: I unlocked 1,003.62

Ξ ($2,000,000) trapped in a 2016 ICO smart contract

Whitehat developer unlocks $2 million stuck in a 2016 Ethereum ICO contract for nine years

Whitehat developer unlocks $2 million stuck in a 2016 Ethereum ICO contract for nine years

Other newsrooms on this story

Related reading

HongCoin investors recover $2M in locked ETH after nine years

White Hat Helps Recover $2 Million from 2016 ICO Project

Dev helps rescue $2 million locked in 2016 ICO contract for nine years with…

Whitehat Helps Recover $2M in ETH Stuck Since 2016 ICO - Decrypt

Researcher Cracks 9-Year-Old Bug, Frees $2M in Ethereum Locked Since 2016 ICO

Recupero whitehat Ethereum ICO 2016: sbloccati 2 milioni in ETH

Related reading

HongCoin investors recover $2M in locked ETH after nine years

White Hat Helps Recover $2 Million from 2016 ICO Project

Dev helps rescue $2 million locked in 2016 ICO contract for nine years with…

Whitehat Helps Recover $2M in ETH Stuck Since 2016 ICO - Decrypt

Researcher Cracks 9-Year-Old Bug, Frees $2M in Ethereum Locked Since 2016 ICO

Recupero whitehat Ethereum ICO 2016: sbloccati 2 milioni in ETH

Other newsrooms on this story