Gate News: On March 17, crypto security researcher al_f4lc0n publicly accused the blockchain project Injective of slow communication and bounty dispute issues during the handling of a major security vulnerability. The vulnerability was said to have threatened over $500 million in on-chain assets, raising community concerns about the project’s security governance.
According to disclosed information, the vulnerability stemmed from a flaw in the sub-account verification mechanism, allowing attackers to execute transactions on behalf of others without permission. Specifically, attackers could create fake tokens and pair them with USDT, manipulate market orders to force victims’ accounts to buy worthless assets at abnormal prices, then transfer the funds to their own addresses and cross-chain to the Ethereum network.
al_f4lc0n published a full technical report on GitHub, stating that at the time of disclosure, the vulnerability covered all on-chain funds, with a risk scale exceeding $500 million. The confirmed potential loss is approximately $280 million, mostly involving INJ tokens. The report bluntly states that the vulnerability “almost allowed direct extraction of funds from any account.”
Regarding the bounty issue, the controversy has further escalated. The researcher said that after the vulnerability was fixed, the project team did not respond for three months. When they finally received a reward, it was only $50,000, far below the platform’s previously announced maximum bounty of $500,000, and has not yet been paid.
Public information shows that Injective previously set up high rewards on a bug bounty platform to encourage security researchers to disclose critical vulnerabilities. However, this incident has brought scrutiny to its vulnerability response process and incentive mechanisms.
As of press time, the project has not officially responded to the allegations. Industry insiders point out that as DeFi and on-chain asset scales continue to grow, the vulnerability disclosure process, response efficiency, and transparency of bounty payouts are becoming key indicators of a blockchain project’s security and trustworthiness. (Protos)
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Hyperliquid introduces a priority fee mechanism on mainnet; the order priority fee cap is reduced to 8 bps
Hyperliquid founder Jeff announced on Discord that the priority fee mechanism has been live on the mainnet in Alpha mode, including two types: Gossip and Order. Users can pay with HYPE tokens; the order priority fee cap has been reduced from 20 bps to 8 bps. Currently, it only applies to IOC orders for HIP-3 assets.
GateNews23m ago
Byreal launches an on-chain AI trading assistant, RealClaw, supporting third-party skill extensions
Byreal launched an on-chain AI trading assistant, RealClaw, on April 13. The tool is built on the OpenClaw framework, supports third-party skill extensions, and allows users to customize their trading strategies. It is currently in the Alpha testing stage and is only available to invited users.
GateNews36m ago
Aave governance civil war ends: The AWW proposal overwhelmingly passes “all-product revenue to the DAO,” and $AAVE becomes the sole core asset
Aave founder Stani Kulechov announced that the “Aave Will Win” proposal has passed, consolidating all application product revenues into the DAO, and positioning $AAVE as the single core asset. The goal is to expand the agreement’s scale to $1 trillion. This proposal ended Aave’s governance crisis, establishing new revenue streams and governance principles aimed at strengthening community trust and value.
動區BlockTempo1h ago
Zcash core development team ZODL releases strategic roadmap, focusing on post-quantum security and user base expansion
Zcash’s core development team, ZODL, has released the latest strategic roadmap, focusing on post-quantum security, scalability, and user experience, and moving into the Zcash IV phase. The new version is now live, improving user experience and advancing key development. Meanwhile, ZODL is actively involved in industry cooperation, but due to regulatory issues it has temporarily taken down the Russian app store.
GateNews2h ago
Hyperliquid rejects $1 billion in funding: Jeff Yan sticks to the no-investor principle
Hyperliquid founder Jeffrey Yan declined the financing after receiving an expression of interest from an investment of $100 million at an estimated valuation of about $1 billion, to maintain the neutrality of the agreement. He believes that bringing in outside capital would undermine users’ trust in the agreement, and chose to support operations with his personal funds. Hyperliquid’s four core principles emphasize extreme decentralization and an operating model with no outside shareholders, distinguishing it from other DeFi projects.
MarketWhisper5h ago
Pi Network Major Transformation: 210 Ecosystem Applications Deployed, 23k Developers Ready
The Pi Network ecosystem is accelerating its transition, with more than 210 active applications and 23,000 developers actively participating in Pi Studio, spanning multiple areas such as payments, community engagement, education, and gaming. The ecosystem’s diversity shows indicators of healthy development, and developers’ engagement is driving ongoing application optimization. In the future, improving the usefulness of the mainnet will be a key challenge, including issues that need to be urgently addressed such as scalability, security, and user adoption rates.
MarketWhisper9h ago
