BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up
HomeNews

Whitehat clashes with Injective over $500M bug bounty

Injective $500M bug bounty dispute erupts after critical vulnerability disclosure.

Pavlos Giorkas
By Pavlos Giorkas
0
  • A researcher disclosed a critical vulnerability that put approximately $500 million at risk on the Injective blockchain.
  • The bug allowed an attacker to create a worthless token and force victim accounts to buy it, potentially draining funds.
  • The researcher claims Injective delayed response and offered a bounty significantly lower than the disclosed maximum payout.

A pseudonymous security researcher has publicly detailed a months-long dispute with the team behind the Injective blockchain over their handling of a critical bug disclosure that put substantial funds at risk. According to a report posted to a public GitHub repository, the vulnerability could have allowed “any user to directly drain any account on the chain,” potentially jeopardizing hundreds of millions of dollars. The researcher, who goes by al_f4lc0n, accused Injective of ghosting them for three months after the fix was deployed.

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading

Consequently, the researcher alleges that after the silence, the project offered a bounty payment far below the listed maximum for critical threats. The technical report explains the flaw stemmed from faulty subaccount validation, which could let an attacker create a worthless token and a paired market, then force sell orders on victim accounts. This method could siphon funds like USDT, which could then be bridged off the chain. The researcher states that Injective later implemented a mainnet upgrade to resolve the issue, confirming its severity.

Meanwhile, the researcher’s GitHub repository titled “injective-wall-of-shame” outlines the saga, including the claim that the offered $50,000 bounty has not yet been paid. Injective, which lists partners including Binance and Google, maintains a bug bounty program on Immunefi with a maximum reward of $500,000 for critical vulnerabilities. The researcher contends their disclosure warranted a higher reward given the scale of the risk, which they estimated at over $500 million based on total value locked on the blockchain at the time.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

News

BlockFills Files for Chapter 11 Bankruptcy After Financial Strain

Chicago-based crypto trading platform BlockFills filed for Chapter 11 bankruptcy in Delaware on Monday,...
News

MicroStrategy Buys $1.57B in Bitcoin, Now Holds 761K BTC

MicroStrategy acquired 22,337 Bitcoin for $1.57 billion last week, marking one of its largest...
News

Iran May Demand Yuan for Oil Passage: Report

Iran may allow oil tankers to pass the Strait of Hormuz if payments are...
News

Australian senate committee backs crypto licensing bill

A key Australian senate committee endorsed a bill that would require cryptocurrency exchanges and...
News

Android 17 Beta Tightens Accessibility API Security

Google is testing a new restriction in Android 17 Beta 2 that blocks non-accessibility...

Must Read

Guides

8 Best Bitcoin Offshore Hosting Providers

In this blog post, we'll list the top 8 best bitcoin offshore hosting providers that accept Bitcoin and other cryptocurrencies.As Bitcoin continues to grow...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading