In an Ethereum ICO called HongCoin held in 2016, approximately $2 million worth of ether, which was locked in a smart contract for years, was recovered nine years later under the leadership of a security researcher. A security researcher with the pseudonym 0xflorent helped gain access to the funds by exploiting an integer-overflow vulnerability in the original developers’ unupdated smart contract.
Problems in HongCoin and the recovery process
When HongCoin failed to reach the targeted amount with the token sale in 2016, investors were contractually required to automatically return their ETH. However, due to an error in the refund function, this transaction did not go through and investors’ money was stuck in the contract. A total of 1,003.62 ETH was locked in this contract for nine years and was shown as belonging to 48 former investors.
Partial payments made over the years meant that some investors could only receive refunds of up to 3.56 ETH at a time, and no more was accessible due to a meter kept in the contract. 0xflorent noticed that an admin function in the contract that was only available to the multi-signature wallet lacked security measures that were later added to the Solidity language. Using this vulnerability, he was able to bypass the refund check by withdrawing the token balance to one unit with a suitable entry value.
Mini dictionary: Integer-overflow is the error that occurs when a variable is tried to be increased to a larger number than its maximum value and starts over from scratch. It can lead to serious security vulnerabilities in smart contracts.
A total of 41 transactions signed by HongCoin paved the way for former investors to be entitled to approximately 1,000 ETH stuck in the contract. The remaining 7 investors were able to get their funds back directly, regardless of this process, since they had smaller balances.
White hat intervention and collaboration
The rescue effort did not take place with a unilateral intervention. HongCoin’s multi-signature wallet was required to trigger the admin function in the contract. 0xflorent then contacted the team, verified the unlocking steps on a test copy of the Ethereum mainnet, and then the HongCoin team signed and processed the transactions.
So, after nine years of waiting, two former investors received back 96.5 ETH worth a total of about 193 thousand dollars. The remaining investors can also request their own funds.
Other recovery operations and the current table in DeFi
0xflorent has carried out a similar rescue operation for the second time in the last eight days. On May 24, it announced that it had returned a total of 19,329 ETH to its former owners from a failed ICO in 2018 and stuck in the closed Liquality Wallet.
All these developments coincide with a period when the issue of security is brought to the agenda again in the decentralized finance (DeFi) world. The industry has suffered hundreds of millions of dollars in losses, including a nearly $293 million attack on the Kelp DAO protocol alone in April.
