A security expert, known as a white hat hacker, recently recovered over 1,003 Ether – around $2 million worth – that had been stuck in a flawed smart contract since a 2016 initial coin offering (ICO) called Hong Coin. The funds had been inaccessible for nearly a decade.
Summary
- A white hat hacker helped recover 1,003 ETH worth about $2 million from a failed 2016 Hong Coin ICO contract.
- The funds remained locked for nearly a decade after a bug prevented investors from receiving automatic refunds.
- Recovery became possible after the hacker identified an integer overflow flaw and worked with the project’s creators to unlock the refund mechanism.
A hacker known as 0xflorent reported on X (formerly Twitter) that the recently recovered Ether (ETH) originally belonged to 48 people who invested in the Hong Coin (HONG) project. Hong Coin was a decentralized venture capital effort that didn’t succeed because it failed to raise enough money and never launched.
A security expert successfully recovered approximately $2 million worth of Ethereum (Ξ1,003.62) that had been locked in a smart contract from a 2016 initial coin offering (ICO) for nine years. This marks the first instance of a ‘white-hat’ exploit on the Ethereum network, and the original 48 investors can now access their funds.
— 0xflorent.eth (@0xFlorent_) May 31, 2026
According to 0xflorent, the initial coin offering (ICO) contract was supposed to automatically give investors their money back if the fundraising goal wasn’t met. However, a problem with the refund process stopped this from happening, meaning the funds remained locked even though the sale failed.
I’ve been tracking the refunds, and it looks like things are actually happening! I saw on Etherscan that some people are getting their money back. One investor actually received 96 ETH – that’s around $192,500 at today’s prices! – and even smaller wallets are seeing returns, like one that got 0.5 ETH back. It’s good to finally see some positive movement.
Hong Coin launched in 2016 as a community-driven investment platform. It allowed token holders to vote on which projects would receive funding from a shared pool of money, as explained in a promotional video released at the time.
The initial coin offering (ICO) ran from August 29th to October 28th, 2016. People who contributed Ether (ETH) were promised a portion of 250 million HONG tokens, released in stages as funding goals were met. However, the project didn’t raise enough money, so investors were entitled to get their funds back according to the terms of the smart contract.
Integer overflow bug provided path to recovery
According to 0xflorent, the fix for the issue came from discovering a hidden flaw in an administrative tool – specifically, a vulnerability caused by an integer overflow.
A security expert discovered that calling the function with a particular input could restore a user’s account balance and properly trigger the contract’s refund process. Working with the original creators of HONG, 0xflorent showed that this vulnerability could be used to release the stuck ETH without transferring any funds externally.
According to 0xflorent on X, a flaw in the system’s administrative functions – specifically an integer overflow vulnerability – allowed them to reset a user’s balance and unlock pending refunds. By providing a particular input, they were able to bypass the normal restrictions.
This latest incident is part of a growing trend: ethical hackers are increasingly stepping in to protect or recover cryptocurrency funds when they find weaknesses in the systems that manage them.
In early May, Blockaid, a company specializing in blockchain security, revealed that a benevolent hacker discovered and used a weakness in Renegade.fi’s private trading platform (built on Arbitrum). The hacker briefly took around $209,000 worth of funds but then returned over 90% of them.
Blockaid reports the problem was caused by mistakes during the deployment and transfer of code, which let someone improperly change a smart contract linked to the protocol’s original trading system.
After the incident, the hacker known as ‘Renegade’ publicly claimed they revealed the security flaw to safeguard user funds. They argued the vulnerability was so simple that others with harmful intent could have stolen much more money.
On May 24th, 0xflorent reported recovering a total of 19.33 ETH—approximately $40,600 at the time—from two sources: a failed ICO project from January 2018, and a Liquality Wallet user who lost funds due to an issue with a cross-chain transfer.
Read More
- Gold Rate Forecast
- 10 Most Powerful Versions of Superman, Ranked
- GBP CNY PREDICTION
- 007 First Light: Release Date, Story, Gameplay, Cast, Editions, and Platforms
- Forza Horizon 6 Car List So Far: Confirmed Highlights, Cover Cars, DLC, and Rewards
- DOGE PREDICTION. DOGE cryptocurrency
- Superman’s 7 Best Power-Ups, Ranked
- 10 Greatest Wii U Games of All Time, Ranked
- Kingdom Come Deliverance Update 1.002 Enables Trophies to Be Transferred
- EUR CNY PREDICTION
2026-06-01 09:03