Gate News: On March 17, crypto security researcher al_f4lc0n publicly accused the blockchain project Injective of slow communication and bounty dispute issues during the handling of a major security vulnerability. The vulnerability was said to have threatened over $500 million in on-chain assets, raising community concerns about the project’s security governance.
According to disclosed information, the vulnerability stemmed from a flaw in the sub-account verification mechanism, allowing attackers to execute transactions on behalf of others without permission. Specifically, attackers could create fake tokens and pair them with USDT, manipulate market orders to force victims’ accounts to buy worthless assets at abnormal prices, then transfer the funds to their own addresses and cross-chain to the Ethereum network.
al_f4lc0n published a full technical report on GitHub, stating that at the time of disclosure, the vulnerability covered all on-chain funds, with a risk scale exceeding $500 million. The confirmed potential loss is approximately $280 million, mostly involving INJ tokens. The report bluntly states that the vulnerability “almost allowed direct extraction of funds from any account.”
Regarding the bounty issue, the controversy has further escalated. The researcher said that after the vulnerability was fixed, the project team did not respond for three months. When they finally received a reward, it was only $50,000, far below the platform’s previously announced maximum bounty of $500,000, and has not yet been paid.
Public information shows that Injective previously set up high rewards on a bug bounty platform to encourage security researchers to disclose critical vulnerabilities. However, this incident has brought scrutiny to its vulnerability response process and incentive mechanisms.
As of press time, the project has not officially responded to the allegations. Industry insiders point out that as DeFi and on-chain asset scales continue to grow, the vulnerability disclosure process, response efficiency, and transparency of bounty payouts are becoming key indicators of a blockchain project’s security and trustworthiness. (Protos)
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Fireblocks Launches Institutional Stablecoin Yield Tool Earn
Fireblocks has introduced Earn, allowing institutional clients to use stablecoin balances in on-chain lending via Aave and Morpho, enhancing capital efficiency. The feature initially offers Morpho vaults and Aave's lending market, with variable yields.
GateNews49m ago
ether.fi Completes Migration to Optimism Mainnet
Ether.fi has successfully migrated to the Optimism mainnet, boasting over 70,000 active cards, 300,000 accounts, and $220 million in total value locked (TVL).
GateNews50m ago
Circle Launches Cross-Chain USDC Settlement Mechanism Supporting Batch Payments
Circle has launched a new cross-chain USDC payment mechanism for high-frequency settlements, utilizing the Cross-Chain Transfer Protocol to pre-fund transfers and enable batch settlements, thereby minimizing operational overhead and reducing burn operations.
GateNews1h ago
The Stablecoin Era! Circle founder Jeremy Allaire makes the 2026 Global Top 100 Most Influential People list
Against the backdrop of the gradual expansion of global crypto and financial regulation, Circle co-founder Jeremy Allaire was named to Time’s 2026 list of the 100 most influential people, symbolizing the growing importance of stablecoins. Circle has evolved from a digital payments company into a stablecoin platform centered on USDC, and plans to become part of global financial infrastructure. This shift makes its business model more akin to a digital money market fund, foreshadowing the potential profitability and growth of stablecoins in the future.
ChainNewsAbmedia9h ago
0G Labs Launches 0G App as Ecosystem Gateway: Decentralized Compute, Verifiable AI, and $0G Token Close Loop
0G Labs launched the 0G App, a no-code platform enabling users to create AI applications through natural language. It combines decentralized computing and AI capabilities, addressing centralization issues while enhancing privacy. This launch aims to boost AI Agent adoption and integrates with 0G's broader AI economy.
GateNews12h ago
WLFI Proposes Token Governance Plan: 62.2B Tokens Locked for Minimum 2 Years, 10% Team Share Burn
World Liberty Financial (WLFI) has proposed a governance plan locking 62.2 billion WLFI tokens for two years, with different vesting schedules for advisors and early supporters. This aims to enhance long-term governance in DeFi and includes a token burn requirement.
GateNews14h ago
