Home
News
Details

White Hat Hacker Recovers $2M in ETH Stuck in the 2016 HongCoin ICO Contract

icon MarsBit
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
ETH
$1,556.17-2.33%
AI summary iconSummary

expand icon
A white hat hacker named Florent recently recovered approximately 1,003 ETH (worth $2 million) that had been locked in the 2016 HongCoin ICO smart contract for nine years. Vulnerabilities in the outdated Solidity code prevented automatic refunds after the ICO failed to meet its funding goal. Florent exploited a flaw in the admin function to reset user balances, bypassing the refund check. The team signed 41 transactions to release the funds. Two investors have already claimed 96.5 ETH and voluntarily rewarded Florent. He stated that his goal was to explore how old smart contracts operate.

HuoXing Finance reports, according to The Block, a developer using the pseudonym Florent employed white-hat hacking techniques to rescue approximately 1,003 ETH (valued at around $2 million) that had been locked in the 2016 HongCoin ICO contract for nine years. The ICO was designed to automatically refund funds since it failed to meet its funding goal, but a coding error caused the funds to become trapped. The contract used an older version of Solidity lacking overflow protection mechanisms. Florent discovered that by calling the team’s admin function and inputting a specific value, he could reset holders’ balances to 1, thereby passing the refund check and releasing the ETH. This admin function was restricted by HongCoin’s multisig wallet. Florent contacted the team, verified the process on a testnet, and the team subsequently signed the unlocking transactions themselves. The entire process took about a week, during which the team signed 41 transactions covering approximately 1,000 ETH. So far, two investors have claimed 96.5 ETH and voluntarily paid Florent a white-hat bounty. Florent stated his motivation was curiosity and a desire to understand how old contracts functioned.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.