White-hat, multisig recover 1,003 ETH from 2016 HongCoin ICO

Researcher 0xFlorent and HongCoin’s original multisig used a legacy admin function to recover 1,003.62 ETH that had been trapped in the failed 2016 HongCoin ICO contract for nine years. At a June 1 ETH price of about $1,983, the recovered amount was worth roughly $1.99 million.

The HongCoin contract included a refund function, refundMyIcoInvestment(), intended to return contributors’ ETH when the token sale failed. That function compared a caller’s token balance to a global tokensCreated counter and rejected the refund if the caller’s balance was greater than tokensCreated. Earlier refunds reduced tokensCreated over time, which left some larger holders unable to meet the function’s check and blocked from claiming refunds.

The contract also contained a management-only function, mgmtIssueBountyToken(), restricted to the original multisig, that could change a recipient’s token balance and the related bountyTokensCreated counter. The contract was written before Solidity 0.8.0, when arithmetic wrapped on overflow instead of reverting. Using that older arithmetic behavior, the multisig adjusted targeted balances so they met the refund check and became eligible to call refundMyIcoInvestment().

Only the original multisig could call the admin function, so the recovery required coordinated signature activity from the contract’s managers. The effort included 41 signed transactions to reset balances for blocked holders; seven smaller holders were able to claim refunds without the workaround. On-chain records show a May 29 transaction that called refundMyIcoInvestment() and produced an internal transfer of 96 ETH from the HongCoin contract to an investor address.

The token sale ran from Aug. 29, 2016, to Oct. 28, 2016, and did not meet its funding goal. Partial refunds over time changed the contract’s global accounting and created the condition that prevented some larger claimants from receiving refunds.

The recovery reopened refund eligibility for 48 investors and produced visible on-chain refunds for some addresses. Because the admin function remained restricted to the multisig, the practical recovery depended on cooperation between the researcher and the contract’s original managers.

Solidity changed after version 0.8.0 so that arithmetic now reverts on overflow by default. In 2016 a network hard fork moved roughly 12 million ETH following a DAO-related incident. In 2017 a multisig library self-destruct incident blocked about 513,774.16 ETH across 587 wallets.