A white-hat hacker has helped the creators of Hong Coin by showing them how to exploit a flawed admin function on a smart contract and ultimately refund investors after a decade.
A pseudonymous white hat hacker has helped recover $2 million worth of Ether locked in a faulty initial coin offering (ICO) smart contract for almost a decade.
In a post to X on Sunday, the white hat, known as “0xflorent,” said they helped recover about 1,003 Ether (ETH) from 48 investors who participated in the Hong Coin (HONG) ICO, a decentralized venture capital fund that never launched due to it failing to reach its funding goal.
“The contract held all the investors' ETH and was supposed to auto-refund them,” 0xflorent said. However, “a bug in the refund function quietly broke that, and the funds got stuck.”
Data from Ethereum block explorer Etherscan shows that one HONG investor has already been refunded 96 ETH, now worth about $192,500, while 0.5 ETH was returned to another.
Hong Coin was first pitched in 2016, and a YouTube video at the time depicted the token as a community-run venture capital fund where members of the project’s decentralized autonomous organization would help decide which projects receive backing.
The ICO started on Aug. 29, 2016, and ended about two months later on Oct. 28.
Investors who sent ETH to the HONG smart contract were supposed to receive 250 million HONG tokens distributed across five stages, but it didn’t reach its funding goal, and investors were supposed to be refunded.
0xflorent said they cooperated with the HONG creators, showing them how to extract the locked funds by taking advantage of a flawed admin function that reset token holders’ balances and triggered the refund mechanism.
Related: Ethereum bull David Hoffman explains why he sold his ETH
“The way out was an admin function with an integer overflow vulnerability,” they explained. “Calling it with a specific input resets a holder's balance and unblocks the refund check.”
On May 24, 0xflorent said they retrieved a combined 19.33 ETH worth about $40,600 from a failed ICO project in January 2018 and a Liquality Wallet user who had some funds trapped in a cross-chain transfer protocol.
Magazine: Big Questions: Do we really only need 2–5 cryptocurrencies?
Source: https://cointelegraph.com/news/whitehat-helps-recover-2m-from-2016-ico-smart-contract?utm_source=rss_feed&utm_medium=rss&utm_campaign=rss_partner_inbound
Ethereum
White hat hacker recovers $2M from faulty 2016 ICO smart contract
Article Top Ad Zone
Article Middle Ad Zone
Article Bottom Ad Zone
Original Source: cointelegraph.com
Get Ethereum alerts on Telegram
Follow Ethereum in your language and open the full stories on PulseForge.
Share
Comments
Comment system is currently disabled.