Ethical Hacker Aids Hong Coin Developers
An ethical hacker has played a pivotal role in assisting the developers behind Hong Coin by uncovering a significant vulnerability in their smart contract that allowed for the retrieval of funds blocked for nearly ten years. This pseudonymous hacker, known online as “0xflorent”, successfully orchestrated the recovery of approximately $2 million worth of Ether (ETH) that had been frozen due to issues from an initial coin offering (ICO) that never achieved its financial targets.
Recovery of Funds
In a communication posted on social media platform X, 0xflorent stated that they managed to return around 1,003 ETH to 48 investors involved in the failed Hong Coin ICO—an initiative intended to operate as a decentralized venture capital fund. Launched back in 2016, Hong Coin sought to create a community-driven approach to investment, where decisions would be made by members of its decentralized autonomous organization. The ICO commenced on August 29, 2016, but concluded on October 28 without meeting its funding goal, leaving investors in limbo.
Identifying the Vulnerability
According to 0xflorent, a flaw in the contract’s refund mechanism led to the entrapment of investors’ funds.
“The contract was designed to automatically refund investors, but a bug in the refund function caused the funds to become inaccessible,”
the hacker explained. Detailed analyses from the Ethereum block explorer Etherscan reveal that one investor has been reimbursed 96 ETH, equivalent to roughly $192,500, while another received 0.5 ETH.
Collaboration and Exploitation
Through collaboration with Hong Coin’s original creators, 0xflorent demonstrated a method to exploit a malfunctioning admin function in the smart contract, which inadvertently reset token holders’ balances and activated the refund process.
“The resolution lay in exploiting an integer overflow vulnerability within the admin function,”
they clarified, explaining that using a particular input allowed them to reset the holder’s balance and facilitate fund release.
Previous Recoveries
Earlier this year, on May 24, 0xflorent had also recovered a total of 19.33 ETH, valued at around $40,600, from another ICO that faced similar challenges back in January 2018, along with assistance provided to a user who found themselves unable to access funds in a cross-chain transfer protocol.
Conclusion
As the cryptocurrency landscape continues to evolve, incidents like these highlight the crucial role that ethical hackers play in protecting investors’ interests and uncovering unnoticed faults in digital financial systems.
