The funds originated from Hongcoin, also referred to as “The HONG,” a 2016 Ethereum-based project pitched as a community-run decentralized investment fund. The ICO failed to hit its funding target, which should have triggered an automatic refund to contributors.

It did not work that way.

A bug in the refund logic blocked most investors from claiming their ETH. The contract compared each investor’s token balance against a global counter. Partial refunds over the years had reduced that counter to 356, capping any further refunds at just 3.56 ETH per holder. Most of the 48 remaining investors held far more than that. Their funds stayed locked.

The contract address, 0x9fa8fa61a10ff892e4ebceb7f4e0fc684c2ce0a9, remains verifiable on Etherscan.

0xflorent identified an integer-overflow vulnerability in an admin-only function tied to the Hongcoin team’s multisig wallet. The function was originally designed to mint bounty tokens but lacked overflow protections, a common weakness in pre-SafeMath Solidity code from 2016.

Image source: X.

By passing a specific input value, the function could reset an investor’s token balance to 1, bypassing the refund check and allowing the contract to release the corresponding ETH.

Florent described it as the “first white-hat exploit on Ethereum,” noting that no outside attacker had any incentive to use it. The funds could only flow back to the original contributors. There was no ownership takeover and no theft vector.

Florent reached out privately to the dormant Hongcoin team by email. He validated the full unlock sequence on a local Foundry fork of Ethereum mainnet before touching anything on-chain. The team’s multisig then signed 41 transactions, one for each blocked holder requiring a balance reset. Seven holders with smaller balances could claim refunds directly without the workaround.

The entire process took about one week.

As of June 1, 2026, all 1,003.62 ETH had been unfrozen. Two investors have already claimed a combined 96.5 ETH, worth roughly $193,000. They sent Florent a voluntary bounty. He took no fees, no cut, and no commission.

Roughly 882 ETH remains available for the other investors to claim.

This was Florent’s second publicized recovery in eight days. On May 24, he returned 19.329 ETH, about $40,590, from a 2018 ICO contract and expired atomic swaps tied to a now-defunct wallet.

Florent uses custom scanning tools, including a self-hosted node, to locate contracts holding more than 100 ETH. He noted that many old contracts are forks of one another, meaning vulnerabilities often cluster. He also mentioned using Claude Code to accelerate analysis, but cautioned that the tool can be overly pessimistic about contracts it flags as uncrackable.

Hundreds of Ethereum smart contracts from the 2016 and 2017 ICO boom era still hold locked funds. Most contributors wrote those balances off years ago.

Florent’s work is a reminder that some of those contracts still have a door, and someone with the right tools might find the key.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。