White-Hat Hacker Unlocks $2 Million in Ethereum, Freeing Funds Trapped for 9 Years

A digital treasure, valued at approximately $2 million in Ethereum (ETH), has finally resurfaced after being frozen for an astonishing nine years due to a critical smart contract vulnerability. An anonymous white-hat hacker and security researcher, known only as Florent, ingeniously exploited a “backdoor” within the legacy code of the “HongCoin” project, successfully liberating 1,003 ETH.

The assets originated from “HongCoin” (also known as The HONG), an early cryptocurrency project launched in 2016. Conceived as a community-governed investment fund, HongCoin initiated a crowdfunding campaign. However, when the project failed to meet its fundraising targets, the smart contract, designed to automatically refund investors, encountered a fatal logical error. This flaw marooned a substantial amount of capital on the Ethereum blockchain, inaccessible to its rightful owners.

Florent explained that the contract’s refund mechanism suffered from a paradoxical design: it would automatically reject any refund request if an investor’s token balance exceeded the system’s “Global counter.” This critical barrier effectively locked out most investors from their funds.

First white-hat exploit on Ethereum: I unlocked 1,003.62
Ξ ($2,000,000) trapped in a 2016 ICO smart contract
for 9 years.

The 48 original investors can now claim their funds. pic.twitter.com/lyh5iyaDu7

— 0xflorent.eth (@0xFlorent_) May 31, 2026

Over the years, as a few retail investors managed to withdraw smaller portions, the “Global counter” gradually decreased to a mere 356. This meant the maximum single refund amount was capped at an insignificant 3.56 ETH, far below the holdings of the vast majority of trapped investors, who remained unable to access their substantial investments.

The Ingenious Exploit: Turning a Flaw into a Solution

The key to resolving this long-standing dilemma lay hidden within a specific vulnerability of an older version of Ethereum’s programming language, Solidity. Florent discovered that the contract’s lack of protection against “overflow errors”—a phenomenon where a numerical value exceeding its system limit automatically resets to zero or one—could be leveraged as an unlikely solution.

“The breakthrough involved utilizing the team’s administrator privileges,” Florent elaborated. These privileges were originally established for minting reward tokens for specific activities. By carefully inputting a highly specific numerical value, Florent could forcibly trigger an overflow, compelling the system to “reset” an investor’s token balance to “1.” With a balance now below the 356 threshold, the refund mechanism’s checks could finally be circumvented, allowing the long-locked ETH to be successfully released.

Florent emphasized that this was a meticulously planned, authorized rescue operation, not an unauthorized attack. Given that the administrator privileges were secured by the HongCoin team’s multi-signature wallet, Florent proactively reached out to the development team. He then conducted extensive verification tests in a Foundry mainnet fork environment to ensure the safety and efficacy of his proposed solution.

Once the feasibility was confirmed, HongCoin officials personally signed and executed the necessary transactions. The entire process, from initial contact to successful execution, was completed in approximately one week, demonstrating remarkable efficiency and collaborative effort.

Impact and Florent’s Ethical Stance

According to Florent’s analysis, 48 original investors are now eligible to reclaim their funds. Of these, 41 required the balance reset procedure to lift the restrictions, while the remaining seven, holding smaller amounts, could withdraw their funds directly.

Ultimately, the team signed 41 unlock transactions, successfully releasing approximately 1,000 ETH back to its rightful owners.

To date, two investors have already completed withdrawals, collectively retrieving 96.5 ETH, valued at around $193,000. These beneficiaries voluntarily offered Florent a “white-hat bounty,” though he stressed that his involvement was purely driven by curiosity:

I didn’t charge any fees, cuts, or commissions. I was just curious about these early contracts and wanted to understand how they worked.

Florent believes that the primary reason HongCoin’s trapped funds remained untouched for so many years was the absence of economic incentive for malicious actors. He stated:

Aside from the project team, almost no one had the motivation to delve deep into this contract. Because there was no ownership vulnerability that could steal funds, it was unprofitable for hackers. The only possible outcome was to return the ETH to investors.

A Beacon of Hope Amidst DeFi Security Challenges

This successful rescue operation emerges at a critical time for the decentralized finance (DeFi) industry, which has been plagued by a surge in security incidents. In April alone, various attacks led to hundreds of millions of dollars in losses, with the liquidity restaking protocol Kelp DAO suffering a staggering nearly $293 million hack. The co-founder of security firm OpenZeppelin starkly declared, “All DeFi projects are insecure,” underscoring the pervasive risks.

Florent’s actions stand as a powerful counter-narrative. He remarked, “Hackers have recently started massively attacking various protocols, making DeFi increasingly difficult to invest in. I hope that in the future, there will be more people protecting systems rather than exploiting vulnerabilities for profit. From an ethical perspective, this is more valuable and can also yield generous rewards.” His work highlights the crucial role of ethical hackers in securing the future of blockchain and digital assets, offering a glimmer of hope in a challenging landscape.