ChainCatcher report: White-hat hacker f4lc0n disclosed on X that he found a “critical” vulnerability in the Injective protocol allowing any user to directly withdraw over $500 million in on-chain assets without special permissions. However, the project offered only a $50,000 bounty—far below the $500,000 maximum reward specified for critical-level issues in their program. f4lc0n stated that the flaw permitted any user to empty any on-chain account. After submitting the report via Immunefi, the Injective team initiated a mainnet upgrade vote the next day to fix the issue, but then went silent for the following three months. f4lc0n has now contested the bounty amount, noting that the $50,000 has not yet been paid. He announced he will donate 10% of all future vulnerability reward earnings to publicly raise awareness of this issue until Injective pays the standard reward.
White Hat Hacker Discovers $500M Vulnerability in Injective, Receives $50K Bounty Dispute
ChaincatcherShare
Summary
White hat hacker f4lc0n disclosed a critical vulnerability in Injective’s protocol that could expose over $500 million in on-chain assets. He reported the flaw through Immunefi and received a $50,000 bounty—far below the $500,000 maximum for such a high-risk issue. Although Injective has upgraded its mainnet, it has not yet paid the full reward, prompting f4lc0n to advocate for a fairer payout. He plans to allocate 10% of future bounties to keep the issue in the spotlight on-chain until it is fully resolved.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.