An Ethereum developer helped recover more than 1,000 ETH, worth about $2 million, from a failed 2016 crypto project, returning funds that had been stuck in an old smart contract for nine years.

In a tweet Sunday, the developer, who goes by 0xFlorent_, said HongCoin’s 2016 ICO contract was supposed to refund investors after the project missed its funding goal, but a bug broke the refund function and left the ETH stuck.

ICOs, or initial coin offerings, were a common way for crypto projects to raise money during Ethereum’s early years. Investors sent ETH to a smart contract, a program running on Ethereum, in exchange for tokens tied to a project that often had not yet launched.

0xFlorent_ said he found a way for HongCoin’s old contract to recognize blocked investors again and release their refunds. The recovery covered 48 investors, and he pointed to Etherscan records for the contract and unlocked wallet as on-chain proof.

For years, the contract had relied on the wrong number to decide who could get ETH back. His workaround corrected that for each blocked holder, after which HongCoin’s team carried out 41 unlock transactions.

A whitehat like 0xFlorent_ is a security researcher or developer who finds bugs and uses them to protect systems or recover funds, instead of stealing them.

The recovery comes as attacks on the decentralized finance sector continue to mount, with more than $840 million lost in the first five months of 2026 and April alone accounting for more than $600 million in stolen funds.

A rare instance

Because smart contracts can keep running long after projects fade, old mistakes can leave money frozen for years. HongCoin’s recovery suggests some of that money could still move, if the original team can be reached and the contract still gives them a way in.

But recoveries like these remain “unique,” and do not necessarily mean large amounts of lost funds could just “routinely be recovered,” Andy Yajin Zhou, associate professor at the Chinese University of Hong Kong and co-founder of on-chain security firm BlockSec, told Decrypt.

“The recovery was possible because the contract happened to contain a vulnerability that allowed a whitehat developer to safely extract and return the funds,” Zhou said. “Unfortunately, we cannot assume that old Ethereum contracts generally have such flaws.”



Locked funds can remain inaccessible because of "lost keys or irreversible contract logic," Zhou noted, while no reliable estimate exists for how much ETH is permanently trapped in old contracts.

Still, the case suggests that some funds written off as "lost" may not be beyond reach, shows that smart contracts aren’t necessarily “dead ends,” Dominick John, analyst at Zeus Research, told Decrypt.

Better security research and blockchain tools could help recover more stranded assets from old on-chain systems, potentially unlocking "dormant value" while exposing “limitations” in earlier smart contract design, he added.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。