CoinDesk
Security researcher 0xflorent has freed roughly 1,003.62 ETH — about $2 million — that had been locked inside HongCoin's 2016 Ethereum ICO smart contract for nine years. The contract was designed to auto-refund investors when the token sale fell short of its funding goal, but a bug in the refund logic prevented it from doing so. By identifying an unpatched integer-overflow flaw in an admin function, 0xflorent was able to reset individual token balances to one, allowing the broken refund cap to be bypassed and funds to flow out.
Critically, this was not a unilateral exploit. Because the vulnerable admin function required HongCoin's own multisig wallet to execute, 0xflorent coordinated directly with the team, validated the approach on a test fork of Ethereum mainnet, and the team itself signed all 41 unlock transactions. Forty-eight original investors are now eligible to claim their ether; two have already retrieved a combined 96.5 ETH worth roughly $193,000.
This is the second whitehat recovery 0xflorent has publicized in eight days, following a May 24 rescue that returned 19.329 ETH from a failed 2018 ICO and expired Liquality Wallet atomic swaps. The recoveries arrive against a backdrop of heavy DeFi losses — April alone saw hundreds of millions drained across protocols, including a roughly $293 million hit on Kelp DAO.
CryptoSlate
Glassnode
Crypto Rank News