Loading prices…
🔥BULLISH

Whitehat Hacker Frees 1,003 ETH Locked in 2016 ICO Contract

Florent's rescue returns roughly $2M to original investors who had no path to the funds — a rare happy ending in an era dominated by exploit losses.

A developer using the handle Florent executed a whitehat exploit on Monday to rescue 1,003 ETH (~$2M) that had been locked in a 2016 ICO smart contract for nearly nine years, making the funds accessible to original investors for the first time since the contract was deployed.

The exploit targets a vulnerability in the contract's permission logic that had frozen the balances without a withdrawal path. Florent publicly disclosed the method so affected investors can independently reclaim their share rather than trusting a custodian intermediary — a structural choice that mirrors the post-mortem transparency now standard after major DeFi incidents.

Why it matters

The rescue lands in a market that has watched billions drained by hostile exploits over the same nine-year window, so a whitehat return of investor capital — rather than an opportunistic drain — is a notable counter-signal. ICO-era contracts are a known graveyard of stranded funds, and successful recoveries tend to draw renewed attention from the long-tail of holders who had written those balances off as lost. The fact that Florent chose disclosure over extraction also revives the standing question of whether whitehat exploits carry meaningful legal and reputational cover when no bug bounty program is in place to compensate the rescuer.

Related tokens
$ETH

Frequently asked questions

  1. How much ETH was rescued from the 2016 ICO contract?

    Florent unlocked 1,003 ETH, worth roughly $2 million at the time of the rescue — funds that had been stranded in the contract since it was deployed in 2016.

  2. Why were the funds locked for nine years?

    The vulnerability sat in the contract's permission logic: investor balances remained recorded on-chain but no withdrawal path existed, so the ETH could not be moved by their original owners.

  3. Who is Florent and what did the developer do?

    Florent is a whitehat developer who exploited the contract's permission flaw to reopen a withdrawal path, then publicly disclosed the method so original investors could reclaim their share directly.

  4. Do investors need to trust Florent to get their ETH back?

    No. Because the method was publicly disclosed, holders can execute the recovery themselves rather than routing funds through an intermediary or the rescuer.

  5. Does this kind of recovery happen often in crypto?

    Recoveries of ICO-era stranded funds are rare, and successful whitehat interventions that return capital to original investors are an even smaller subset — most ICO contracts with frozen balances stay frozen indefinitely.

Source attribution
Aggregated from CoinTelegraph · Verified · Last refreshed 45d ago
Open original →