答案已發布5 天前Last edited 5 天前22 來源

價值200萬嘅千年蟲：白帽黑客點樣解放自2016年鎖死嘅以太幣

白帽黑客用一個現代Solidity標準庫SafeMath本應防止嘅「整數溢位」漏洞，成功解鎖鎖死喺2016年ICO合約嘅200萬美金以太幣——而家仲有907枚ETH等緊主人現身... 事緣HongCoin嘅ICO智能合約退款功能有個邏輯死結，只要投資者嘅代幣餘額大過一個全域計數器就拒絕退款。因為個個投資者都有代幣，所以喺2016年8月集資失敗後，全部48位投資者嘅錢就咁鎖死晒。

使用 Studio Global AI 搜尋並查核事實瀏覽更多熱門頁面

426K0

Digital illustration representing a white hat hacker recovering $2 million in ETH from a 2016 smart contract bug — What was the story of the 1,003 ETH (worth ~$2M) trapped since Hong Coin's 2016 ICO due to a smart contract bug in the refund function, howThe HongCoin ICO contract, deployed in the early days of Solidity, trapped $2 million until an integer overflow vulnerability became the key to recovery.
AI 提示
Create a landscape editorial hero image for this Studio Global article: What was the story of the 1,003 ETH (worth ~$2M) trapped since Hong Coin's 2016 ICO due to a smart contract bug in the refund function, how. Article summary: Here is the full story, verified against multiple sources reporting as of today (June 1, 2026).. Topic tags: general, general web, user generated, government. Reference image context from search candidates: Reference image 1: visual subject "Crypto’s Historic May 2026 Inside the CLARITY Act, Trump EO & Fed Shift. Coordinated whitehat recovery leverages a legacy integer overflow flaw to rescue 1,003 ETH for 48 Hong Coin" source context "Whitehat Hacker Unlocks $2M Stuck in 2016 Ethereum ICO Contract" Reference image 2: visual subject "May Crypto Exploits Drop 90% to $68.3M Despite Severe Bridge Hacks" source context "Whitehat Hacker Unlocks $2M Stuck in 2016 Ethe
openai.com

2016年嘅以太坊生態圈，就好似西部荒野咁，充滿野心同風險。當時嘅智能合約個個都話要自動化金融，但邊有今日咁多安全保護措施吖。HongCoin（HONG）呢個去中心化創投基金嘅ICO，就係一個拖咗成十年嘅經典反面教材。因為集資失敗，一個程式錯誤就將大約1,003.62枚以太幣——到解鎖嗰陣大約值200萬美金——鎖死喺一個冇鎖匙嘅數碼夾萬入面。點知事隔九年，一個白帽黑客竟然將當年嗰個基礎編碼漏洞，變成釋放呢筆錢嘅救命稻草。

凍結咗一筆財富嘅Bug

HongCoin嘅ICO喺2016年8月29日推出，玩法喺當時嚟講好標準：假如集資唔達標，智能合約就會自動退款畀全部48位參與嘅投資者。結果，真係流標，但退款永遠冇出現。

問題出喺合約退款功能嘅邏輯死結。佢會檢查投資者嘅HONG代幣餘額係咪大過合約入面嘅一個「全域計數器」數值。如果係，退款就會被拒絕。死未？就係因為個個投資者都有代幣，即係個個錢包餘額都過咗個檻。呢個條件變相封死咗所有人嘅退款路徑，將成壇以太幣就咁密封喺合約入面，冇人攞得出。

呢筆錢就咁原封不動擺咗咁多年，班投資者都當佢係加密貨幣亂世中Total Loss咗㗎啦。

關鍵：一個冇防溢位保護嘅管理員功能

直到2026年5月底，一個化名 0xflorent 嘅保安研究員開始摷返呢個被遺忘嘅合約。佢發現嘅漏洞，喺任何現代智能合約眼中，都係一個極之礙眼嘅安全漏洞：一個管理員專用功能，好容易受到整數溢位（Integer Overflow）攻擊。

喺Solidity語言早期版本，對無符號整數（）嘅算術運算，如果計出嚟嘅數大過最大值，係唔會自動彈返轉頭報錯嘅。反而，個數會「歸零」——呢種行為如果冇處理好，可以係災難性嘅。後來廣泛採用嘅標準庫，就係直接解決呢個問題，令到溢位保護成為以太坊開發嘅標配。之但係，HongCoin合約推出嗰陣，呢啲仲未係主流做法。

Studio Global AI

Search, cite, and publish your own answer

Use this topic as a starting point for a fresh source-backed answer, then compare citations before you share it.

使用 Studio Global AI 搜尋並查核事實

人們還問