Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    Senators to Brief Trump on CLARITY Act Path - Here's What to Expect
    Senators to Brief Trump on CLARITY Act Path – Here’s What to Expect
    CLARITY Act 5 Fights Still Unresolved Before the Merged Draft Drops
    CLARITY Act: 5 Fights Still Unresolved Before the Merged Draft Drops
    Strategy's Cash Reserve Shift Reveals Weaknesses in Leveraged Bitcoin Balance Sheet_
    Strategy’s Cash Reserve Shift Reveals Weaknesses in Leveraged Bitcoin Balance Sheet
    After Securing MiCA License, OKX Says Banking License Is Not a Priority
    After Securing MiCA License, OKX Says Banking License Is Not a Priority
    The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
    The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
  • Opinion
    OpinionShow More
    The Execution Gap: Why the Next Breakthrough in Financial AI is Human Behavior
    The Execution Gap: Why the Next Breakthrough in Financial AI is Human Behavior
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
DeFi News

Whitehat Hacker Unlocks $2M Stuck in 2016 Ethereum ICO Contract

Coordinated whitehat recovery leverages a legacy integer overflow flaw to rescue 1,003 ETH for 48 Hong Coin investors after nine years.

Written By Kenrodgers Fabian
Fact Checked by Divya Mistry
Published 2026-06-01
Make The Crypto Times preferred on GoogleGoogle
Share
Whitehat Hacker Unlocks $2M Stuck in 2016 Ethereum ICO Contract
Show AI Summary
A coding error in a 2016 ICO smart contract trapped $2 million in ETH for nearly nine years due to a broken refund mechanism.
The contract’s admin function contained an integer overflow vulnerability, which a researcher exploited to unlock the frozen funds.
The recovery process involved the researcher collaborating with the HongCoin team to safely execute the refund, avoiding unilateral action.

A white hat hacker has recovered 1,003.62 ETH—valued at approximately $2 million—that had sat entirely inaccessible within a broken 2016 Initial Coin Offering (ICO) smart contract for nearly nine years. The recovery enables 48 original participants of the Hong Coin (HONG) token sale to finally claim their historical capital allocations. 

The hacker, known as “0xflorent,” said the funds remained frozen due to a bug in the contract’s refund mechanism. The unlock took place on Ethereum after the vulnerability was identified and executed safely. He wrote, “First white-hat exploit on Ethereum: I unlocked 1,003.62 Ξ ($2,000,000) trapped in a 2016 ICO smart contract for 9 years.” The case highlights how early smart contract failures continue to affect investors long after projects fail.

First white-hat exploit on Ethereum: I unlocked 1,003.62
Ξ ($2,000,000) trapped in a 2016 ICO smart contract
for 9 years.

The 48 original investors can now claim their funds. pic.twitter.com/lyh5iyaDu7

— 0xflorent.eth (@0xFlorent_) May 31, 2026

Smart contract bug traps ICO funds

Hong Coin (HONG) ran its ICO from August 29, 2016 to October 28, 2016, pitched as a decentralized venture capital fund where DAO members would help decide which projects received backing. The contract was structured to distribute 250 million HONG tokens across five funding stages — but the sale failed to reach its target. Per design, the contract was supposed to auto-refund all 48 participating investors when the goal wasn’t met. A coding error in the refund function quietly broke that auto-refund process, leaving the funds permanently locked on-chain.

According to 0xflorent, the contract also contained an admin function with an integer overflow vulnerability. He said a specific input could reset user balances and trigger the refund process. He wrote, “The way out was an admin function with an integer overflow vulnerability ; calling it with a specific input resets a holder’s balance and unblocks the refund check.”

How the cooperative recovery worked

The recovery process was structured to avoid any unilateral action by the researcher. 0xflorent emailed the HongCoin team, validated the unlock sequence on a test fork of Ethereum mainnet, and then the HongCoin multisig signers themselves executed the unlock transactions. The admin function the recovery used could only be called by the project’s multisig, which is why team cooperation was essential.

The unlock involved two paths for the 48 investors:

  • 41 transactions used the integer-overflow workaround for larger holders whose balances were blocked by the refund-cap bug — one transaction per blocked holder.
  • 7 holders held small enough balances to be refunded directly without needing the workaround.

Together, that accounts for all 48 original participants. As a result, investors regained access to their Ether after years of inactivity on the contract.

On-chain evidence already shows the unlock is working. Per Etherscan data cited by Cointelegraph, one HONG investor has already been refunded approximately 96 ETH (worth around $192,500), while another received 0.5 ETH.

Rising role of ethical hackers

White hat interventions are playing a larger role in crypto security as more trapped funds surface in older contracts. Renegade.fi recently recovered about $190,000 after an exploit on Arbitrum. In that case, most of the funds returned within hours following discussions with the attacker. 

In another case, 0xflorent recovered about 19.33 ETH from failed ICO contracts and cross-chain swaps. The funds had remained locked due to inactive refund functions and expired timelocks.

I unlocked 19.329 Ξ (40,590$) on Ethereum and returned them to their original owners.

The funds had been stuck in two old contracts for years, recoverable through public functions that nobody had ever called. pic.twitter.com/6DbyLSSLqj

— 0xflorent.eth (@0xFlorent_) May 24, 2026

Security researchers say many of these issues come from overlooked or hidden contract features that can trap user funds. They also note that attackers and white hat hackers often target the same types of vulnerabilities. As a result, smart contract design continues to present ongoing risks across decentralized finance systems.

Also Read: May Crypto Exploits Drop 90% to $68.3M Despite Severe Bridge Hacks

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

TAGGED:Crypto HackEthereum (ETH)
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

Trump Pushed the CLARITY Act, Polymarket Cut Its Odds to 35%
Trump Pushed the CLARITY Act, Polymarket Cut Odds to 35%
Robinhood Files to Launch Internal Employee Investment Fund
Robinhood Files to Launch Internal Employee Investment Fund
Apple Bans Crypto Ads From Maps as Google Keeps Path Open
Apple Bans Crypto From Maps as Google Keeps Path Open
Solana Protocol DeFiTuna Hit by $580K Exploit, USDC Pool Left Short
Solana Protocol DeFiTuna Hit by $580K Exploit, USDC Pool Left Short
Crypto Daily Brief Crypto.com Funding, Bybit Expansion, ETF Inflows Drive Market
Crypto Daily Brief: Crypto.com Funding, Bybit Expansion, ETF Inflows Drive Market

Find Us on Socials

You may also like

Polychain-Backed Cascade Hacked for $1.34M in Locked User Funds

Polychain-Backed Cascade Hacked for $1.34M in Locked User Funds

Aave Rolls Out V4 on Avalanche as First Deployment Beyond Ethereum

Aave Rolls Out V4 on Avalanche as First Deployment Beyond Ethereum

US Government Moves Another $9M FTX-Seized ETH to Coinbase

US Government Moves Another $9M FTX-Seized ETH to Coinbase

Ostium Pauses Trading After Alleged $18M Arbitrum Vault Exploit

Ostium Pauses Trading After Alleged $18M Arbitrum Vault Exploit

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information