مخترق أخلاقي يستخدم ثغرة فيض صحيح من 2016 لتحرير 2 مليون دولار إيثيريوم كانت محتجزة لمدة 9 سنوات

The Key: An Admin Function With No Overflow Protection

In late May 2026, pseudonymous security researcher 0xflorent began poking at the abandoned contract. What he found was a vulnerability that, in any modern smart contract, would be considered a glaring security hole: an admin-only function susceptible to an integer overflow .

In the early days of Solidity, arithmetic operations on unsigned integers (uint) didn't automatically revert if a calculation exceeded the maximum value. Instead, the number would wrap around to zero — a behavior that could be catastrophic if left unchecked. The widespread adoption of the SafeMath library directly addressed this, making overflow protection a standardized part of Ethereum development . But the HongCoin contract was deployed before that became common practice.

The vulnerable admin function was originally designed to let the team mint reward tokens for specific activities. 0xflorent realized that by calling this function with a deliberately enormous input value, he could force an investor's token balance to overflow past 2^256 - 1, causing it to wrap to a tiny number — essentially resetting it to a value below the global counter that blocked the refund .

A Coordinated White-Hat Operation

Because access to the admin function was still protected by the HongCoin team's multisignature wallet, 0xflorent couldn't act alone. He contacted the original team, shared his proof-of-concept tested in a private environment, and proposed a coordinated rescue mission .

The team agreed. From May 26 to May 30, 2026, they executed 41 on-chain transactions . With each call, they deliberately triggered the integer overflow to reset the token balance for a different investor. It was a surgical exploitation of a flaw, performed not to steal funds, but to unblock them.

The result was the unlocking of all 1,003.62 ETH. 0xflorent described the operation as the "first white-hat exploit on Ethereum," and notably, did not take any fee from the recovered assets — though two investors who claimed early voluntarily paid a bounty .

907 ETH Still Waiting for Its Owners

Today, the original HongCoin contract is fully functional. There's no need for a new front-end, a migration portal, or a third-party tool. Investors simply need to call the same old refund function on-chain, using the same wallet they contributed with in 2016 .

As of June 1, 2026, the situation is straightforward but incomplete:

• Total unlocked: The full 1,003.62 ETH was freed from the contract's grip .
• Already claimed: Only 2 of the 48 original investors have withdrawn their ETH, reclaiming a combined 96.5 ETH (approximately $193,000) .
• Still claimable: Roughly 907 ETH remains in the contract, available for the remaining 46 investors .

The story of the HongCoin ICO is a time capsule from Ethereum's adolescence, demonstrating how the absence of standards like SafeMath could lock millions of dollars into a digital dead-end. It also proves that in a permissionless system, even a bug that's nearly a decade old can be reframed as the key to a solution — if you have the skill to see it, and the integrity to use it for good.