A whitehat developer known as 0xflorent has recovered $2 million for 48 original investors in the HongCoin token sale contract from 2016. The recovery came after finding an integer-overflow flaw in the contract code. It's the second such recovery the developer has publicized in just eight days.
How the flaw was found
Integer-overflow bugs occur when a calculation exceeds the maximum value a variable can hold, often leading to unexpected behavior. In the HongCoin contract, that flaw left $2 million of investor funds stuck for years. 0xflorent, who works as an independent security researcher, identified the vulnerability and used it to unlock the money. The developer hasn't said whether the original token sale team knew about the bug or why it wasn't fixed.
Second recovery in a week
This isn't an isolated case. Eight days before the HongCoin recovery, 0xflorent announced a similar rescue from another old smart contract. The back-to-back recoveries suggest many early token sales from the 2015–2017 boom may harbor similar flaws. Investors from that era often lost access to funds when projects shut down or contracts broke. Now, whitehats are circling back.
What happens to the recovered funds
0xflorent is working to distribute the $2 million back to the original 48 investors. The process involves verifying who held tokens in 2016 and getting them to claim their share. The developer hasn't disclosed a timeline or whether a fee is being taken. For the investors, after eight years of waiting, the money is suddenly within reach.
The question hanging over this story: how many more old contracts are sitting on similar ticking bugs, waiting for someone to find them?
