Key Highlights
- Security expert “0xflorent” successfully freed approximately 1,003 ETH (valued at roughly $2 million) from a 2016 HongCoin ICO smart contract where it had been trapped for nine years
- The funds remained inaccessible due to a critical flaw in the contract’s refund mechanism following the ICO’s failure to meet its fundraising target
- By collaborating with HongCoin’s team, Florent leveraged an integer overflow weakness within an administrative function to release the locked assets
- A total of 48 initial backers are now eligible to retrieve their ETH; two participants have already withdrawn 96.5 ETH (approximately $193,000)
- Florent accepted no compensation for the recovery work — accepting only voluntary donations from grateful investors
An ethical security expert has successfully released approximately 1,003 Ether valued at around $2 million that remained trapped within a 2016 ICO smart contract for close to nine years.
The locked cryptocurrency belonged to participants in HongCoin, an Ethereum-based token offering that positioned itself as a decentralized investment collective. The fundraising campaign operated between August 29 and October 28, 2016, but ultimately fell short of its financial target.
Following the unsuccessful sale, the smart contract’s design intended to trigger automatic refunds for all contributors. However, a critical programming defect in the withdrawal mechanism silently prevented this process from executing.
The security professional, identified publicly as “0xflorent” or simply Florent, detailed the technical problem in a social media post on X. The refund mechanism was programmed to deny withdrawals to any token holder whose balance exceeded a master counter variable. Through years of sporadic partial withdrawals, this counter had decreased to 356, effectively limiting total possible refunds to merely 3.56 ETH — substantially less than what the majority of contributors were entitled to receive.
The contract was developed using an early version of Solidity, the programming language that powers Ethereum smart contracts. It was missing safeguards against integer overflow vulnerabilities — a coding weakness where numerical values increase beyond their maximum limit and circle back to zero or one. The blockchain development community subsequently addressed this security gap industry-wide through the implementation of SafeMath libraries.
The Technical Solution
Florent identified a workable solution by utilizing an administrative function built into the HongCoin contract itself. By executing this function with precisely calculated input parameters, he could reset an individual holder’s token balance to one, thereby satisfying the refund validation check and releasing the corresponding ETH.
This recovery effort required full cooperation from the project team. The administrative function was protected by HongCoin’s multisignature wallet security, requiring team authorization for each individual transaction. Florent initiated contact with the team via email, validated his approach on a test network environment, and the team subsequently approved 41 separate transactions — one for each affected investor. The entire operation spanned approximately one week.
Among the 48 qualified investors, 41 required the balance adjustment intervention. The remaining seven held sufficiently small positions that enabled direct refunds through the existing mechanism.
Two investors have successfully withdrawn a total of 96.5 ETH, currently worth approximately $193,000. Both chose to send Florent voluntary whitehat bounties, though no payment was expected or requested. “There were no fees, no cut, no commission,” Florent confirmed to The Block.
Ongoing Recovery Initiatives
This represents just one of Florent’s multiple fund recovery projects. On May 24, he documented the release of 19.33 Ethereum from two distinct legacy contracts — one from a defunct 2018 ICO and another from a Liquality Wallet user whose assets were locked within expired atomic swap transactions.
Florent explained that he recently deployed his own Ethereum node infrastructure and developed automated scanning software to identify contracts containing more than 100 ETH. He then systematically analyzes promising candidates for exploitable security weaknesses.
He also incorporated Claude Code into his workflow to assist with contract sorting and categorization, though he acknowledged the AI platform has constraints when performing direct vulnerability analysis on smart contracts.
Florent expressed hope that more security researchers would focus their talents on asset protection rather than theft. “It’s more rewarding morally, and it can also pay well,” he stated.
