White Hat Hacker f4lc0n Claims Injective Underpaid $500K Bug Bounty for Critical Vulnerability

KuCoinFlash

Release Time: 03/16/2026 02:26:05

Summary

A recent vulnerability report from Blockbeats on March 16, 2026, reveals that white hat hacker f4lc0n discovered a critical flaw in Injective that could have enabled the theft of over $500 million in on-chain assets. Despite the severity, Injective reportedly offered only $50,000—far below the $500,000 bounty expected for such a high-risk vulnerability. f4lc0n disclosed the issue via Immunefi, and Injective patched the flaw but allegedly ignored him for three months. The bounty remains unpaid, and f4lc0n now plans to dedicate 10% of future earnings to advocate for resolution.

BlockBeats report, March 16: White-hat hacker f4lc0n disclosed a "critical" vulnerability in the Injective protocol that could allow direct extraction of over $500 million in on-chain assets, but the project team offered only a $50,000 bounty—far below the planned maximum of $5 million for this severity level.

f4lc0n stated that the vulnerability allowed any user to empty any on-chain account without special privileges. After submitting the report through Immunefi, the Injective team initiated a mainnet upgrade vote to fix the vulnerability the next day, but subsequently went offline for the following three months. f4lc0n has now disputed the bounty amount and noted that the $50,000 reward has not yet been paid. f4lc0n announced that 10% of future vulnerability bounty earnings will be dedicated to publicly raising awareness of this issue until Injective pays the standard reward.

Source:Show original

Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.