Written by Brayden Lindrea , Staff Writer.Reviewed by Jesse Coghlan , Staff Editor.Written by Brayden Lindrea , Staff Writer.Reviewed by Jesse Coghlan , Staff Editor.White hat hacker recovers $2M from faulty 2016 ICO smart contract
Latest NewsPublishedJun 1, 2026A white-hat hacker has helped the creators of Hong Coin by showing them how to exploit a flawed admin function on a smart contract and ultimately refund investors after a decade.
A pseudonymous white hat hacker has helped recover $2 million worth of Ether locked in a faulty initial coin offering (ICO) smart contract for almost a decade.
In a post to X on Sunday, the white hat, known as “0xflorent,” said they helped recover about 1,003 Ether (ETH) from 48 investors who participated in the Hong Coin (HONG) ICO, a decentralized venture capital fund that never launched due to it failing to reach its funding goal.
“The contract held all the investors' ETH and was supposed to auto-refund them,” 0xflorent said. However, “a bug in the refund function quietly broke that, and the funds got stuck.”
Data from Ethereum block explorer Etherscan shows that one HONG investor has already been refunded 96 ETH, now worth about $192,500, while 0.5 ETH was returned to another.
Hong Coin was first pitched in 2016, and a YouTube video at the time depicted the token as a community-run venture capital fund where members of the project’s decentralized autonomous organization would help decide which projects receive backing.
The ICO started on Aug. 29, 2016, and ended about two months later on Oct. 28.
Investors who sent ETH to the HONG smart contract were supposed to receive 250 million HONG tokens distributed across five stages, but it didn’t reach its funding goal, and investors were supposed to be refunded.
0xflorent said they cooperated with the HONG creators, showing them how to extract the locked funds by taking advantage of a flawed admin function that reset token holders’ balances and triggered the refund mechanism.
Related: Ethereum bull David Hoffman explains why he sold his ETH
“The way out was an admin function with an integer overflow vulnerability,” they explained. “Calling it with a specific input resets a holder's balance and unblocks the refund check.”
On May 24, 0xflorent said they retrieved a combined 19.33 ETH worth about $40,600 from a failed ICO project in January 2018 and a Liquality Wallet user who had some funds trapped in a cross-chain transfer protocol.
Magazine: Big Questions: Do we really only need 2–5 cryptocurrencies?
Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.More on the subject
HYPE open interest soars by 30%: Are Hyperliquid bulls prepping for new price highs?May 30, 2026Marcel Pechman
Why is Stellar's XLM up by over 50% this week?May 29, 2026Yashu Gola
Solana open interest drops 30% as altcoins slump: Is $68 SOL next?May 28, 2026Biraajmaan TamulyHYPE open interest soars by 30%: Are Hyperliquid bulls prepping for new price highs?May 30, 2026Marcel PechmanWhy is Stellar's XLM up by over 50% this week?May 29, 2026Yashu GolaSolana open interest drops 30% as altcoins slump: Is $68 SOL next?May 28, 2026Biraajmaan Tamuly