Gate News: On March 16, white hat hacker f4lc0n disclosed on the X platform that he discovered a critical security vulnerability in the Injective protocol, which could lead to the direct withdrawal of over $500 million in on-chain assets. f4lc0n stated that this vulnerability allows any user to empty any account on the chain without special permissions. After submitting the report through Immunefi, the Injective team initiated a mainnet upgrade vote the next day to fix the issue. However, the project only offered him a $50,000 reward, far below the $500,000 maximum standard for critical vulnerabilities in their bounty program. f4lc0n said that within three months of submitting the report, the Injective team was unresponsive, and the $50,000 reward has not yet been paid. Currently, f4lc0n has challenged the reward amount and announced that he will allocate 10% of future bug bounty income to continue publicizing this matter until Injective pays according to the standard.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
