Gate News: On March 17, crypto security researcher al_f4lc0n publicly accused the blockchain project Injective of slow communication and bounty dispute issues during the handling of a major security vulnerability. The vulnerability was said to have threatened over $500 million in on-chain assets, raising community concerns about the project’s security governance.
According to disclosed information, the vulnerability stemmed from a flaw in the sub-account verification mechanism, allowing attackers to execute transactions on behalf of others without permission. Specifically, attackers could create fake tokens and pair them with USDT, manipulate market orders to force victims’ accounts to buy worthless assets at abnormal prices, then transfer the funds to their own addresses and cross-chain to the Ethereum network.
al_f4lc0n published a full technical report on GitHub, stating that at the time of disclosure, the vulnerability covered all on-chain funds, with a risk scale exceeding $500 million. The confirmed potential loss is approximately $280 million, mostly involving INJ tokens. The report bluntly states that the vulnerability “almost allowed direct extraction of funds from any account.”
Regarding the bounty issue, the controversy has further escalated. The researcher said that after the vulnerability was fixed, the project team did not respond for three months. When they finally received a reward, it was only $50,000, far below the platform’s previously announced maximum bounty of $500,000, and has not yet been paid.
Public information shows that Injective previously set up high rewards on a bug bounty platform to encourage security researchers to disclose critical vulnerabilities. However, this incident has brought scrutiny to its vulnerability response process and incentive mechanisms.
As of press time, the project has not officially responded to the allegations. Industry insiders point out that as DeFi and on-chain asset scales continue to grow, the vulnerability disclosure process, response efficiency, and transparency of bounty payouts are becoming key indicators of a blockchain project’s security and trustworthiness. (Protos)
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
MicroStrategy Proposes Semi-Monthly Dividends for STRC to Improve Liquidity and Stabilize Stock Price
MicroStrategy has proposed changing its STRC preferred stock dividends from monthly to semi-monthly to enhance liquidity and stabilize stock prices, maintaining an 11.5% annual yield. Concerns about this structure have been raised by Bitcoin critic Peter Schiff.
GateNews1h ago
Pi Network Launches First Smart Contract Feature on Testnet, Enabling Subscription Payments
Pi Network has launched its first Smart Contract feature on Testnet, enabling users to set up automatic subscription payments while maintaining control of their funds. This marks a shift toward ecosystem utility and lays the groundwork for potential mainnet deployment.
GateNews2h ago
Topnod Self-Custody Wallet Becomes Official Partner of Layer1 Blockchain Pharos
Topnod has partnered with Layer1 blockchain Pharos, providing a user-friendly self-custody wallet that simplifies access to real-world assets. It will support Pharos's airdrop activities and facilitate the distribution of RWA assets on the Pharos chain.
GateNews6h ago
Buck Protocol Announces Closure, Holders to Receive Full Redemption
The Buck protocol announced an immediate shutdown, ensuring holders receive 100% capital returns with fully backed reserves. A redemption window has opened with no time limit for asset retrieval.
GateNews7h ago
XRP Evolves From Bridge Asset to DeFi Collateral, Says Evernorth CEO
Evernorth CEO Asheesh Birla is shifting XRP's role from a settlement tool to a productive asset in decentralized finance, focusing on capital efficiency. The company aims to activate dormant capital through initiatives like native XRP lending, positioning XRP as a key player in credit markets.
CryptoFrontier11h ago
Sui Launches USDsui Stablecoin Across DeFi Ecosystem
Sui has launched USDsui, a stablecoin integrated into its DeFi ecosystem for trading, lending, and application development, enhancing liquidity and supporting developers in building efficient financial tools.
GateNews17h ago
