Share this article
Whitehat developer unlocks $2 million stuck in a 2016 Ethereum ICO contract for nine years
0xflorent, a security researcher, found an integer-overflow flaw in the HongCoin token sale contract that lets the team unlock funds for 48 original investors. It is the second such recovery he has publicized in eight days.
Jun 1, 2026, 6:52 a.m. 2 min read
What to know:
- A security researcher known as 0xflorent helped the team behind a failed 2016 HongCoin ICO unlock about 1,003.62 ETH, or roughly $2 million, that had been trapped in its smart contract for nine years.
- By coordinating with HongCoin’s multisig wallet holders, he used an unpatched integer-overflow flaw in an admin function to reset token balances and bypass a broken refund cap that had blocked larger withdrawals.
- The recovery, which makes 48 original investors eligible to reclaim funds and follows another recent rescue by 0xflorent, comes amid a wave of major DeFi exploits that have drained hundreds of millions of dollars from crypto protocols.
0xflorent’s path unfroze 1,003.62 ETH, with 48 original investors now eligible to claim. Two have done so, retrieving a combined 96.5 ETH worth roughly $193,000, he said in an X thread Sunday.
First white-hat exploit on Ethereum: I unlocked 1,003.62
Ξ ($2,000,000) trapped in a 2016 ICO smart contract
for 9 years.The 48 original investors can now claim their funds. pic.twitter.com/lyh5iyaDu7
— 0xflorent.eth (@0xFlorent_) May 31, 2026
The contract’s refund logic rejected any holder whose token balance exceeded a global counter that years of partial refunds had dragged down to 356, capping further refunds at 3.56 ETH.
