More than $12 million in cryptocurrency, long thought permanently lost after being sent to the wrong networks, could be recovered, according to recent research by X user codeislight.eth and blockchain engineer Pascal Caversaccio.

"While browsing Etherscan, I noticed many token contract addresses hold significant funds that appear permanently locked," Codeislight said. "Thanks to the multichain feature, these same addresses also contain funds on other chains."

The recovery possibility stems from how the Ethereum Virtual Machine (EVM) creates contract addresses, using a mathematical formula combining the deployer's address and a deployment nonce. Because each blockchain maintains separate nonce counts, funds sent to contract addresses on the wrong networks could be recovered if specific conditions are met.

đź’ˇ
A "nonce" is a unique, single-use number that tracks the transaction count of an account. In Ethereum, each transaction or contract deployment increases the nonce by one, ensuring that each address remains distinct. This sequence helps in generating unique contract addresses and prevents double-spending by making every transaction identifiable and irreversible once confirmed.

For example, suppose a user accidentally sends tokens to a contract address on the Arbitrum network. In that case, these funds might be recoverable if the same address hasn't been used on that network yet. This is possible because Arbitrum, like other EVM-compatible blockchains, creates contract addresses in exactly the same way as Ethereum.

Analysis of affected addresses shows that Binance-related contracts hold the largest portion of potentially recoverable funds at $6.7 million, including over $4 million from a single Binance user's transaction. Tether is next with $842,000 and Avalanche with $740,600. One Ethereum address alone holds over $15.6 million in multichain portfolio value. According to Caversaccio, all of these funds could be recovered.

Recoverable funds per protocol.source: X.com

A notable example includes 82 ETH (over $200,000) sent to the CryptoPunks contract address on Arbitrum, which could be recovered if CryptoPunks' deployer deploys a recovery contract at nonce 46 on that network.

Recovery requires two critical conditions: the original contract deployer must still have their private key, and the deployment nonce must remain unused on the target blockchain. The method cannot recover funds on ZkSync due to its different address derivation system.

"These funds can be recovered if the deployer nonce on another chain is not burnt and the private key is still around," codeislight.eth explained. "Once that nonce is used, those funds become permanently unrecoverable."

To facilitate recovery efforts, Codeislight has created a public registry documenting all recoverable funds and providing technical recovery guides for different types of tokens, including native cryptocurrencies like ETH and BNB and various token standards used in smart contracts. The registry also includes documentation for recovering ERC20, ERC721, and ERC1155 tokens.

"It's honestly mind-blowing that people are out here withdrawing millions to token addresses on the wrong chains. Over the years, countless funds have ended up stuck on the wrong chains, sent directly to token addresses."

Neither researcher has claimed any compensation for their discovery, focusing instead on making their findings and recovery methods publicly available to affected users and projects. Polygon Labs's Chief Information Security Offer Mudit Gupta praised Caversaccio's dedication to the blockchain and Ethereum community on X following the publication of the research.

The finding could lead to significant changes in how cross-chain transactions are handled and monitored in the future. It also sets a new precedent for crypto asset recovery, proving that not all blockchain mistakes are permanent—a significant shift in an industry where "immutable" has long meant "irreversible."

Share this article
The link has been copied!