A white hat hacker has helped recover more than $2 million worth of Ether that remained locked in a failed 2016 ICO smart contract for nearly a decade, allowing dozens of investors to finally reclaim their funds.
Key Takeaways
- 1,003 ETH worth roughly $2 million has been recovered from the failed Hong Coin ICO.
- The funds remained trapped for almost 10 years due to a bug in the project’s refund mechanism.
- White hat hacker 0xflorent discovered a way to unlock the contract and worked with the original project creators to enable refunds.
- At least some investors have already received their Ether back, according to blockchain data.
What Happened?
A pseudonymous white hat hacker known as 0xflorent has successfully recovered approximately 1,003 ETH from the failed Hong Coin (HONG) initial coin offering, a decentralized venture capital project that never launched after falling short of its fundraising target in 2016.
The Ether had remained locked in the project’s smart contract for nearly a decade because a flaw in the refund function prevented investors from automatically receiving their money back after the token sale failed.
First white-hat exploit on Ethereum: I unlocked 1,003.62
— 0xflorent.eth (@0xFlorent_) May 31, 2026
Ξ ($2,000,000) trapped in a 2016 ICO smart contract
for 9 years.
The 48 original investors can now claim their funds. pic.twitter.com/lyh5iyaDu7
Decade Old ICO Funds Finally Unlocked
Hong Coin was introduced in 2016 as a community-driven venture capital initiative built around a decentralized autonomous organization. The project promised that token holders would vote on investment opportunities, creating a decentralized approach to venture capital funding.
The ICO opened on August 29, 2016, and concluded on October 28, 2016. Investors who contributed Ether were expected to receive a share of 250 million HONG tokens, which were scheduled to be distributed across five funding stages.
However, the project failed to reach its fundraising target. Under the smart contract’s rules, contributors were supposed to receive automatic refunds. Instead, a bug in the refund mechanism prevented the process from functioning correctly, leaving investor funds permanently inaccessible.
According to 0xflorent:
As a result, 48 investors were unable to access their Ether for almost ten years.
Integer Overflow Vulnerability Opened a Recovery Path
The breakthrough came after 0xflorent identified an overlooked administrative function within the smart contract.
According to the hacker, the function contained an integer overflow vulnerability that could be used to reset a token holder’s balance and trigger the contract’s refund conditions.
Working alongside the original Hong Coin creators, 0xflorent demonstrated a method that allowed refunds to be processed without transferring funds outside the contract.
Explaining the discovery, 0xflorent said:
The solution ultimately enabled the release of Ethereum that many investors likely assumed was lost forever.
Refunds Already Underway
Blockchain records on Etherscan indicate that refunds have already started reaching affected investors.
One investor reportedly recovered 96 ETH, currently valued at around $192,500, while another wallet successfully received a refund of 0.5 ETH.
Additional refunds are expected as eligible investors reclaim their share of the recovered funds.
White Hat Recoveries Continue Across Crypto
The Hong Coin recovery adds to a growing number of cases where white hat hackers have helped safeguard or return digital assets by identifying vulnerabilities in smart contracts and blockchain protocols.
Earlier this month, blockchain security firm Blockaid reported that a white hat actor exploited a vulnerability tied to Renegade’s Arbitrum based dark pool, temporarily removing funds before returning the majority of assets to protect users from potential malicious exploitation.
Separately, on May 24, 0xflorent disclosed the recovery of a combined 19.33 ETH from another failed ICO dating back to January 2018, as well as funds belonging to a Liquality Wallet user whose assets became trapped in a cross-chain transfer process.
These incidents highlight how security researchers continue to play an important role in helping users recover funds and exposing weaknesses that might otherwise remain hidden.
CoinLaw’s Takeaway
In my experience, stories like this show why smart contract security remains one of the most important challenges in crypto. It is remarkable that funds locked away for nearly a decade could still be recovered through careful research and cooperation rather than being written off as permanently lost.
I found the most significant aspect of this case is that the recovery did not involve moving funds through questionable means. Instead, it relied on understanding the contract’s own logic and working with the original project team. For investors who have spent years assuming their Ether was gone, this recovery is a rare reminder that some blockchain mistakes can still be fixed long after they happen.
