PANews|Mar 16, 2026 02:21
[White Hat Hacker Discovers $500 Million Vulnerability in Injective, Receives Only $50,000 Reward, Yet to Be Paid]
White hat hacker f4lc0n disclosed on the X platform that he discovered a 'critical' vulnerability in the Injective protocol, which could allow over $500 million worth of on-chain assets to be directly extracted. However, the project team only offered him a $50,000 reward, far below the $500,000 maximum cap for vulnerabilities of this level as outlined in their plan.
f4lc0n stated that the vulnerability allowed any user to empty any on-chain account without requiring special permissions. After submitting the report via Immunefi, the Injective team initiated a mainnet upgrade vote the next day to fix the vulnerability. However, they went 'silent' for the following three months. Currently, f4lc0n has disputed the reward amount and claimed that the $50,000 reward has yet to be paid. He announced that he will allocate 10% of his future bug bounty earnings to continue publicizing this matter until Injective pays the reward according to the standard.
Share To
HotFlash
APP
X
Telegram
CopyLink