Ethereum 1,003 that had been locked for a long time in the smart contract for the 2016 Hongcoin (HONG) initial coin offering (ICO) has been recovered, and the investor refund process has resumed. Funds that had been inaccessible for years after the project failed can now be returned to investors through technical recovery.

On June 1 local time, blockchain outlet Cointelegraph reported that an anonymous whitehat hacker known as "0xflorent" said he recovered funds worth about 1,003 ether in cooperation with the Hongcoin developers. It is worth about $2 million at current prices.

The recovered funds are investments from 48 people who took part in the 2016 Hongcoin ICO. Hongcoin at the time recruited investors while presenting itself as a community-based venture-capital-style decentralised project. But it failed to launch an actual service after it did not meet its fundraising target, and a previously promised refund process was set to proceed.

The problem lay in the smart contract. The original contract was designed to automatically return ether to investors if the fundraising goal was not met. But a bug in the refund function prevented the process from working properly, and the investment funds were left locked in the contract.

0xflorent explained on his X account, formerly Twitter, that "the contract was made to hold investors' ether and automatically refund it, but a bug in the refund function broke the feature and the funds became locked".

The key to the recovery was a weakness found in an administrator-privilege function. He guided the Hongcoin developers on how to retrieve the funds, and solved the problem by using a specific admin function to reset token holder balances and then reactivating the refund mechanism.

0xflorent said "the way out was an admin function that included an Integer Overflow vulnerability" and added that "if you run that function with a specific input value, token holdings are reset and the refund check then passes normally".

On-chain records also showed signs that actual refunds have started. According to Ethereum block explorer Etherscan, one investor has already received 96 ether back, and another investor was shown to have received 0.5 ether. It was not confirmed at the time of writing whether the refund process for all 48 people had been completed.

The Hongcoin ICO ran from Aug. 29, 2016 to Oct. 28 that year. Investors were set to receive a total of 250 million HONG tokens in stages, but the project became subject to refunds after it did not meet its minimum funding goal.

But because of the smart contract error, the investment funds remained unrecovered for nearly 10 years. In the industry, the case is being assessed as another example of the risks of smart contracts made in the early ICO era. Even if a project ends, admin-privilege structures, refund conditions and token handling methods remain in the code, meaning that design errors can leave funds frozen for a long time.

0xflorent, who led the recovery, has recently carried out similar work. He disclosed that he recovered a total of 19.33 ether in May from a Requaliti wallet case in which funds had been locked due to an error in a failed 2018 ICO project and a cross-chain transfer protocol.

But the Hongcoin case is much larger in scale. Assessments say it has brought renewed attention to the issue of "forgotten smart-contract assets" remaining in the early Ethereum ecosystem, given that more than about 1,000 ether had been locked for a long period.

Experts point out that while assets recorded on the blockchain are in principle preserved permanently, access itself can become impossible if code flaws exist. They say the importance of smart contract security checks and verification procedures remains valid.