Gate News: On March 16, white hat hacker f4lc0n disclosed on the X platform that he discovered a critical security vulnerability in the Injective protocol, which could lead to the direct withdrawal of over $500 million in on-chain assets. f4lc0n stated that this vulnerability allows any user to empty any account on the chain without special permissions. After submitting the report through Immunefi, the Injective team initiated a mainnet upgrade vote the next day to fix the issue. However, the project only offered him a $50,000 reward, far below the $500,000 maximum standard for critical vulnerabilities in their bounty program. f4lc0n said that within three months of submitting the report, the Injective team was unresponsive, and the $50,000 reward has not yet been paid. Currently, f4lc0n has challenged the reward amount and announced that he will allocate 10% of future bug bounty income to continue publicizing this matter until Injective pays according to the standard.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
France to Introduce New Measures to Combat Crypto-Related Kidnappings, 41 Cases Reported in 2026
France is implementing new measures to protect cryptocurrency holders in response to rising crime, including a prevention platform and stricter protocols. The country has seen a significant increase in crypto-related kidnappings, leading global incidents.
GateNews33m ago
RedPeach Implements Facial Recognition Tests to Ban Sex Robots and Fake Creators
RedPeach has introduced mandatory facial recognition for content creators to combat impersonation by AI and outsourced chatters, ensuring genuine interactions. CEO Marco Cally emphasizes user protection against emotional scams, following legal challenges in the industry.
GateNews1h ago
CoW Swap users warned after Blockaid flags COW.FI frontend attack
Blockaid flags CoW Swap's cow.fi frontend as malicious, urging users to revoke token approvals and avoid the dApp amid a broader wave of DeFi interface attacks.
Summary
Blockaid flags CoW Swap's main cow.fi frontend as malicious.
Users are urged to revoke token approvals and avoid the dApp
Cryptonews5h ago
Bitcoin Core Developers Propose BIP-361 to Freeze 1.7M Early BTC Against Quantum Computing Threats
BIP-361, proposed by co-authors including Jameson Lopp, aims to secure early Bitcoin by migrating 1.7 million coins from weak P2PK addresses to stronger formats, allowing 3-5 years for users before freezing untransferred coins. Community responses vary significantly.
GateNews7h ago
CoW Swap Recovers cow.fi Domain After Social Engineering Attack on April 14
CoW Swap regained control of its cow.fi domain after a social engineering attack that occurred on April 14. The attackers used forged documents to manipulate the DNS registrar and deploy a phishing site. Users affected by the incident are advised to revoke transaction approvals and transfer funds.
GateNews8h ago
Florida and Massachusetts jointly recover $5.4 million in cryptocurrency scam assets
The Florida State Attorney’s Office and the Marion County Sheriff’s Office jointly recovered $5.4 million in cryptocurrency scam funds, involving an investment fraud scheme that used romance as a cover. Some of the funds have been returned to victims in Florida and Massachusetts. Since its inception, CFEU has recovered $7.2 million, and another $12.6 million in assets remains frozen. Massachusetts has also carried out multiple law-enforcement actions, shutting down scam websites and recovering funds.
MarketWhisper10h ago
