--- title: "White Hat Hacker Recovers $2M ETH From Failed 2016 ICO" date: 2026-06-01 author: "Kelvin Scott" featured_image: "https://coinlaw.io/wp-content/uploads/2026/06/whitehat-hacker-unlocks-hong-coin-failed-eth.jpg" categories: - name: "Cryptocurrency" url: "/crypto.md" tags: - name: "News" url: "/tag/news.md" --- # White Hat Hacker Recovers $2M ETH From Failed 2016 ICO A white hat hacker has helped recover more than $2 million worth of Ether that remained locked in a failed 2016 ICO smart contract for nearly a decade, allowing dozens of investors to finally reclaim their funds. ## Key Takeaways - 1,003 ETH worth roughly $2 million has been recovered from the failed Hong Coin ICO. - The funds remained trapped for almost 10 years due to a bug in the project’s refund mechanism. - White hat hacker 0xflorent discovered a way to unlock the contract and worked with the original project creators to enable refunds. - At least some investors have already received their Ether back, according to blockchain data. ## What Happened? A pseudonymous white hat hacker known as **0xflorent** has successfully recovered approximately **1,003 ETH** from the failed **Hong Coin (HONG)** initial coin offering, a decentralized venture capital project that never launched after falling short of its fundraising target in 2016. The Ether had remained locked in the project’s smart contract for nearly a decade because a flaw in the refund function prevented investors from automatically receiving their money back after the token sale failed. > First white-hat exploit on Ethereum: I unlocked 1,003.62 > Ξ ($2,000,000) trapped in a 2016 ICO smart contract > for 9 years. > > The 48 original investors can now claim their funds. [pic.twitter.com/lyh5iyaDu7](https://t.co/lyh5iyaDu7) > > — 0xflorent.eth (@0xFlorent\_) [May 31, 2026](https://x.com/0xFlorent_/status/2061070356564091258?ref_src=twsrc%5Etfw) ## Decade Old ICO Funds Finally Unlocked Hong Coin was introduced in 2016 as a community-driven venture capital initiative built around a [decentralized autonomous organization](https://coinlaw.io/decentralized-autonomous-organizations-statistics/). The project promised that token holders would vote on investment opportunities, creating a decentralized approach to venture capital funding. The ICO opened on **August 29, 2016**, and concluded on **October 28, 2016**. Investors who contributed Ether were expected to receive a share of **250 million HONG tokens**, which were scheduled to be distributed across five funding stages. However, the project failed to reach its fundraising target. Under the smart contract’s rules, contributors were supposed to receive automatic refunds. Instead, a bug in the refund mechanism prevented the process from functioning correctly, leaving investor funds permanently inaccessible. According to 0xflorent: “ The contract held all the investors’ ETH and was supposed to auto-refund them. However, a bug in the refund function quietly broke that, and the funds got stuck. 0xflorentWhitehat Hacker As a result, 48 investors were unable to access their Ether for almost ten years. ## Integer Overflow Vulnerability Opened a Recovery Path The breakthrough came after 0xflorent identified an overlooked administrative function within the smart contract. According to the hacker, the function contained an **integer overflow vulnerability** that could be used to reset a token holder’s balance and trigger the contract’s refund conditions. Working alongside the original Hong Coin creators, 0xflorent demonstrated a method that allowed refunds to be processed without transferring funds outside the contract. Explaining the discovery, 0xflorent said: “ The way out was an admin function with an integer overflow vulnerability. Calling it with a specific input resets a holder’s balance and unblocks the refund check. 0xflorentWhitehat Hacker The solution ultimately enabled the release of [Ethereum](https://coinlaw.io/ethereum-statistics/) that many investors likely assumed was lost forever. ## Refunds Already Underway Blockchain records on Etherscan indicate that refunds have already started reaching affected investors. One investor reportedly recovered **96 ETH**, currently valued at around **$192,500**, while another wallet successfully received a refund of **0.5 ETH**. Additional refunds are expected as eligible investors reclaim their share of the recovered funds. ## White Hat Recoveries Continue Across Crypto The Hong Coin recovery adds to a growing number of cases where white hat hackers have helped safeguard or return digital assets by identifying [vulnerabilities in smart contracts](https://coinlaw.io/smart-contract-security-risks-and-audits-statistics/) and blockchain protocols. Earlier this month, blockchain security firm **Blockaid** reported that a white hat actor exploited a vulnerability tied to **Renegade’s Arbitrum based dark pool**, temporarily removing funds before returning the majority of assets to protect users from potential malicious exploitation. Separately, on **May 24**, 0xflorent disclosed the recovery of a combined **19.33 ETH** from another failed ICO dating back to January 2018, as well as funds belonging to a **Liquality Wallet** user whose assets became trapped in a cross-chain transfer process. These incidents highlight how security researchers continue to play an important role in helping users recover funds and exposing weaknesses that might otherwise remain hidden. ## CoinLaw’s Takeaway In my experience, stories like this show why smart contract security remains one of the most important challenges in crypto. It is remarkable that funds locked away for nearly a decade could still be recovered through careful research and cooperation rather than being written off as permanently lost. I found the most significant aspect of this case is that the recovery did not involve moving funds through questionable means. Instead, it relied on understanding the contract’s own logic and working with the original project team. For investors who have spent years assuming their Ether was gone, this recovery is a rare reminder that some blockchain mistakes can still be fixed long after they happen. Definition of Blockchain. Link to full glossary entry follows the description.**Blockchain**A distributed digital ledger that records transactions across a network, with each block cryptographically linked to the previous one for security. [Read more](https://coinlaw.io/glossary/blockchain/) Definition of Smart Contract. Link to full glossary entry follows the description.**Smart Contract**A smart contract is a self-executing program stored on a blockchain that automatically enforces agreement terms when predefined conditions are met, without intermediaries. [Read more](https://coinlaw.io/glossary/smart-contract/) Definition of Cross-Chain. Link to full glossary entry follows the description.**Cross-Chain**Cross-chain is the ability to move data or assets between separate blockchains via bridges, messaging protocols, or interoperability networks. [Read more](https://coinlaw.io/glossary/cross-chain/)