BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up
HomeNews

Whitehat clashes with Injective over $500M bug bounty

Injective $500M bug bounty dispute erupts after critical vulnerability disclosure.

Pavlos Giorkas
By Pavlos Giorkas
5
  • A researcher disclosed a critical vulnerability that put approximately $500 million at risk on the Injective blockchain.
  • The bug allowed an attacker to create a worthless token and force victim accounts to buy it, potentially draining funds.
  • The researcher claims Injective delayed response and offered a bounty significantly lower than the disclosed maximum payout.

A pseudonymous security researcher has publicly detailed a months-long dispute with the team behind the Injective blockchain over their handling of a critical bug disclosure that put substantial funds at risk. According to a report posted to a public GitHub repository, the vulnerability could have allowed “any user to directly drain any account on the chain,” potentially jeopardizing hundreds of millions of dollars. The researcher, who goes by al_f4lc0n, accused Injective of ghosting them for three months after the fix was deployed.

- Advertisement -

Consequently, the researcher alleges that after the silence, the project offered a bounty payment far below the listed maximum for critical threats. The technical report explains the flaw stemmed from faulty subaccount validation, which could let an attacker create a worthless token and a paired market, then force sell orders on victim accounts. This method could siphon funds like USDT, which could then be bridged off the chain. The researcher states that Injective later implemented a mainnet upgrade to resolve the issue, confirming its severity.

Meanwhile, the researcher’s GitHub repository titled “injective-wall-of-shame” outlines the saga, including the claim that the offered $50,000 bounty has not yet been paid. Injective, which lists partners including Binance and Google, maintains a bug bounty program on Immunefi with a maximum reward of $500,000 for critical vulnerabilities. The researcher contends their disclosure warranted a higher reward given the scale of the risk, which they estimated at over $500 million based on total value locked on the blockchain at the time.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

News

Tether-backed firms Northern Data and Rumble begin merger

Tether-owned companies Northern Data and Rumble have commenced their merger, giving Rumble access to...
News

Bitcoin Hits 10-Week High as Trader Targets $88K Rally

<div✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant...
News

VeBetter’s AI Validates Sustainability on Blockchain

The VeBetter platform has integrated AI since its 2024 launch to verify sustainable actions...
News

Google Stock Dips After 6-Day Rally

Google’s Alphabet, listed on the NASDAQ as GOOG, snapped its six-day upward trend after...
News

Circle Facing Lawsuit Over $285M Drift Protocol Hack

Circle faces a class action lawsuit from Drift Protocol investors over its handling of...

Must Read

Guides

7 Best Crypto To Invest In This Year

Investing in cryptocurrencies has become a popular way for people to diversify their investment portfolio and make potential profits.However, with so many cryptocurrencies available...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading