HongCoin, an early Ethereum-based decentralized venture capital project, failed to reach its fundraising target and was supposed to refund contributors. However, a flaw in the contract’s refund mechanism prevented investors from withdrawing their funds, leaving the Ether locked for nearly nine years.
Pseudonymous researcher 0xFlorent_ later identified an integer overflow vulnerability in the contract’s administrative function. The discovery provided a way to restore access to the trapped funds without compromising user assets.
Happy to see something positive amidst the string of malicious attacks over the past week.
Kudos to the whitehats and builders that are still contributing to the industry 💪 https://t.co/lxTASZqNPL
— CJ (@CheongCJ1) June 1, 2026
Crypto investor and commentator Cheong drew attention to the recovery on X, describing it as a welcome development following a wave of exploits and security breaches that have recently hit the digital asset sector.
“Happy to see something positive amidst the string of malicious attacks over the past week. Kudos to the whitehats and builders that are still contributing to the industry,”
CJ wrote.
The recovery involved approximately 1,003.62 ETH, worth around $2 million, that had remained inaccessible since the 2016 HongCoin initial coin offering (ICO).
Recovery effort returns funds to investors
After validating the method in a testing environment, the researcher privately disclosed the findings to the HongCoin team. A coordinated recovery process was then carried out between May 26 and May 30.
The team executed 41 on-chain transactions to reactivate the refund mechanism and release the locked ETH. The process reportedly did not expose any user funds to risk and did not require deploying a new smart contract. Investors have already started reclaiming their Ether. Blockchain data shows some participants successfully recovering funds that had been considered lost for years.
The HongCoin recovery was not the first successful fund rescue by pseudonymous researcher 0xFlorent_. On May 24, he revealed that he had previously recovered 19.329 ETH, worth about $40,590, from two separate cases involving dormant smart contracts.
One recovery involved 5.141 ETH locked in a failed January 2018 ICO due to an unclaimed public refund function. The second involved 14.190 ETH tied to seven expired atomic swaps belonging to a Liquality Wallet user. Florent said he refunded the funds after the wallet provider shut down its application in 2024.
Recovery shows growing need for white-hat efforts in DeFi
The latest recovery comes at a time when decentralized finance continues to face mounting security challenges. April alone saw hundreds of millions of dollars lost to exploits, including a roughly $293 million attack on Kelp DAO. Concerns over protocol security have intensified, with a co-founder of OpenZeppelin recently stating that he considers much of the DeFi ecosystem unsafe.
While some incidents result in permanent losses, others have ended with white-hat interventions or voluntary returns of stolen funds. One notable example was the near-complete recovery of assets following the 2023 Euler Finance exploit.
Enjoyed this? Bookmark DeFi Planet, explore related topics, and follow us on Twitter, LinkedIn, Facebook, Instagram, Threads and CoinMarketCap Community for seamless access to high-quality industry insights
Take control of your crypto portfolio with DEFI PLANET PRO, DeFi Planet’s suite of analytics tools.
