Whitehat developer unlocks $2 million stuck in a 2016 Ethereum ICO contract for nine years
A security researcher using the handle 0xflorent helped recover about 1,003.62 ETH, worth roughly $2 million, that had been trapped for nine years in HongCoin’s 2016 ICO contract. The contract was meant to refund investors after the token sale missed its goal, but a refund bug and an integer-overflow issue in an admin function prevented payouts. The flaw let a multisig-controlled call reset a holder’s balance to one, making the refund check pass. The recovery was coordinated, not a unilateral hack: the researcher verified the method on a test fork, then HongCoin’s multisig signed the unlock transactions. Forty-one transactions freed the blocked funds for 48 eligible investors; two have already claimed 96.5 ETH. Seven smaller holders could refund normally. This was the second public recovery announced in about a week, after another return of 19.329 ETH from old ICO and atomic swap funds.
