Nearly $2 million worth of ether (ETH), which had been locked in a smart contract for nine years following the 2016 HongCoin ICO, has finally been retrieved thanks to the intervention of a se
Nearly $2 million worth of ether (ETH), which had been locked in a smart contract for nine years following the 2016 HongCoin ICO, has finally been retrieved thanks to the intervention of a security researcher known as 0xflorent. By identifying and exploiting an integer overflow vulnerability in the outdated smart contract, 0xflorent enabled access to the trapped funds, bringing long-awaited relief to former investors.
The HongCoin ICO, launched in 2016, failed to reach its fundraising target, which per the contract should have triggered an automatic ETH refund to investors. However, a bug in the refund function kept these funds locked in the contract, leaving a total of 1,003.62 ETH stranded for nine years and affecting 48 early investors.
As years passed, only partial refunds were possible, largely due to a counter in the contract restricting repayments to a maximum of just 3.56 ETH per transaction. This limitation prevented access to larger amounts. 0xflorent noticed that an administrator function accessible via a multi-signature wallet lacked the security measures that had been introduced to the Solidity programming language in later years. Utilizing this oversight, and by inputting the right values, they could reset token balances to just one unit and bypass the refund check entirely.
Mini glossary: Integer overflow refers to an error where a variable exceeds its maximum value and resets from zero, a flaw that can seriously undermine smart contract security.
Through a total of 41 transactions authorized by HongCoin, former investors with claims to nearly 1,000 ETH locked in the contract finally regained access to their funds. Seven others, who held smaller balances, were able to retrieve their money independently.
This recovery effort was not a solo job. The privileged function in the contract required HongCoin’s multi-signature wallet to activate. After contacting the team, 0xflorent demonstrated the unlocking process on a test version of the Ethereum mainnet, after which the HongCoin team approved and signed the necessary transactions.
After waiting nearly a decade, two former investors were able to recover 96.5 ETH, now valued at roughly $193,000, while other eligible participants could also claim their funds as the process moved forward.
0xflorent’s work in the HongCoin case marks his second similar rescue in just eight days. On May 24, he announced the return of 19.329 ETH—stuck since a failed ICO in 2018 and later held in the shuttered Liquality Wallet—to its original owners.
These episodes come at a time when security is once again front and center in decentralized finance (DeFi). The sector has witnessed hundreds of millions of dollars lost to protocol exploits, with a $293 million attack on Kelp DAO in April standing out as one of the most significant incidents in recent months.
The post 2 million dollars in ETH unlocked from 2016 HongCoin ICO appeared first on COINTURK NEWS.
