{"id":30304,"date":"2026-06-01T05:57:13","date_gmt":"2026-06-01T05:57:13","guid":{"rendered":"https:\/\/bitunikey.com\/news\/failed-hong-coin-ico-returns-2m-in-ether-after-10-years\/"},"modified":"2026-06-01T05:57:20","modified_gmt":"2026-06-01T05:57:20","slug":"failed-hong-coin-ico-returns-2m-in-ether-after-10-years","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/failed-hong-coin-ico-returns-2m-in-ether-after-10-years\/","title":{"rendered":"Failed Hong Coin ICO returns $2M in Ether after 10 years"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">More than 1,003 Ether, worth roughly $2 million, have been recovered from a failed 2016 ICO dubbed Hong Coin after a white hat hacker found a way to unlock funds that had remained trapped in a faulty smart contract for nearly 10 years.<\/p>\n<div id=\"cn-block-summary-block_4dfbaba8029f7a846aa47d90b768c958\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>A white hat hacker helped recover 1,003 ETH worth about $2 million from a failed 2016 Hong Coin ICO contract.<\/li>\n<li>The funds remained locked for nearly a decade after a bug prevented investors from receiving automatic refunds.<\/li>\n<li>Recovery became possible after the hacker identified an integer overflow flaw and worked with the project\u2019s creators to unlock the refund mechanism.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>According to a Sunday post on X by pseudonymous white hat hacker 0xflorent, the recovered ETH belonged to 48 investors who participated in the Hong Coin (HONG) token sale, a decentralized venture capital project that never launched after failing to meet its fundraising target.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-x wp-block-embed-x\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">First white-hat exploit on Ethereum: I unlocked 1,003.62 <br \/>\u039e ($2,000,000) trapped in a 2016 ICO smart contract <br \/>for 9 years. <\/p>\n<p>The 48 original investors can now claim their funds. <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/t.co\/lyh5iyaDu7\">pic.twitter.com\/lyh5iyaDu7<\/a><\/p>\n<p>\u2014 0xflorent.eth (@0xFlorent_) <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/0xFlorent_\/status\/2061070356564091258?ref_src=twsrc%5Etfw\">May 31, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>As explained by 0xflorent, the ICO contract was designed to automatically return investors\u2019 ETH if the funding goal was not reached. A flaw in the refund function prevented that process from working, leaving the funds permanently locked despite the sale ending without success.<\/p>\n<p>Blockchain records from Etherscan show refunds have already started. One investor received 96 ETH, currently valued at about $192,500, while another wallet recovered 0.5 ETH.<\/p>\n<p>Hong Coin was introduced in 2016 as a decentralized autonomous organization focused on venture capital investing. A promotional video published at the time described a structure where token holders would vote on projects that could receive funding from the community-managed pool.<\/p>\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\">\n<div class=\"wp-block-embed__wrapper\">\n<div class=\"rll-youtube-player\" data-src=\"https:\/\/www.youtube.com\/embed\/dr1dwKkSu7k\" data-id=\"dr1dwKkSu7k\" data-query=\"feature=oembed\" data-alt=\"What is Hong Coin?\"><\/div>\n<p><noscript><iframe loading=\"lazy\" title=\"What is Hong Coin?\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/dr1dwKkSu7k?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/noscript>\n<\/div>\n<\/figure>\n<p>The ICO opened on Aug. 29, 2016, and concluded on Oct. 28, 2016. Participants who contributed ETH were expected to receive a share of 250 million HONG tokens distributed across multiple funding stages. Because the project did not achieve its fundraising target, investors became eligible for refunds under the smart contract\u2019s rules.<\/p>\n<h2 class=\"wp-block-heading\">Integer overflow bug provided path to recovery<\/h2>\n<p>Detailing the recovery process, 0xflorent said the solution emerged from an overlooked administrative function that contained an integer overflow vulnerability.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>According to the white hat, invoking the function with a specific input reset a token holder\u2019s balance and allowed the contract\u2019s refund conditions to execute correctly. Working alongside the original HONG creators, 0xflorent demonstrated how the flaw could be used to release the trapped ETH without moving funds outside the contract.<\/p>\n<p>\u201cThe way out was an admin function with an integer overflow vulnerability,\u201d 0xflorent wrote on X. \u201cCalling it with a specific input resets a holder\u2019s balance and unblocks the refund check.\u201d<\/p>\n<p>The recovery adds to a growing list of cases where white hat hackers have intervened to secure or return cryptocurrency funds after identifying vulnerabilities in smart contracts and protocol infrastructure.<\/p>\n<p>Earlier in May, blockchain security firm Blockaid reported that a white hat attacker exploited a vulnerability in Renegade.fi\u2019s Arbitrum-based dark pool, temporarily draining about $209,000 before returning more than 90% of the assets.\u00a0<\/p>\n<p>According to Blockaid, the issue stemmed from deployment and migration errors that allowed unauthorized modification of a smart contract connected to the protocol\u2019s V1 dark pool.<\/p>\n<p>In messages published on-chain following that incident, the Renegade exploiter argued that exposing the weakness was the safest way to protect user funds and pointed to the simplicity of the vulnerability as evidence that more malicious attackers could have caused far greater losses.<\/p>\n<p>Separately, 0xflorent <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/0xFlorent_\/status\/2058526763370594329\" target=\"_blank\" rel=\"nofollow\">disclosed<\/a> on May 24 that they had also recovered a combined 19.33 ETH, worth roughly $40,600 at the time, from a failed January 2018 ICO project and from a Liquality Wallet user whose funds became trapped in a cross-chain transfer protocol.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<\/p><\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>More than 1,003 Ether, worth roughly $2 million, have been recovered from a failed 2016 ICO dubbed Hong Coin after a white hat hacker found a way to unlock funds&hellip;<\/p>\n","protected":false},"author":1,"featured_media":30305,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-30304","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/30304","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=30304"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/30304\/revisions"}],"predecessor-version":[{"id":30306,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/30304\/revisions\/30306"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/30305"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=30304"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=30304"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=30304"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}