Gate News: On March 17, crypto security researcher al_f4lc0n publicly accused the blockchain project Injective of slow communication and bounty dispute issues during the handling of a major security vulnerability. The vulnerability was said to have threatened over $500 million in on-chain assets, raising community concerns about the project’s security governance.
According to disclosed information, the vulnerability stemmed from a flaw in the sub-account verification mechanism, allowing attackers to execute transactions on behalf of others without permission. Specifically, attackers could create fake tokens and pair them with USDT, manipulate market orders to force victims’ accounts to buy worthless assets at abnormal prices, then transfer the funds to their own addresses and cross-chain to the Ethereum network.
al_f4lc0n published a full technical report on GitHub, stating that at the time of disclosure, the vulnerability covered all on-chain funds, with a risk scale exceeding $500 million. The confirmed potential loss is approximately $280 million, mostly involving INJ tokens. The report bluntly states that the vulnerability “almost allowed direct extraction of funds from any account.”
Regarding the bounty issue, the controversy has further escalated. The researcher said that after the vulnerability was fixed, the project team did not respond for three months. When they finally received a reward, it was only $50,000, far below the platform’s previously announced maximum bounty of $500,000, and has not yet been paid.
Public information shows that Injective previously set up high rewards on a bug bounty platform to encourage security researchers to disclose critical vulnerabilities. However, this incident has brought scrutiny to its vulnerability response process and incentive mechanisms.
As of press time, the project has not officially responded to the allegations. Industry insiders point out that as DeFi and on-chain asset scales continue to grow, the vulnerability disclosure process, response efficiency, and transparency of bounty payouts are becoming key indicators of a blockchain project’s security and trustworthiness. (Protos)
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
ADA Price Outlook as Cardano Lands LSE Tokenized Deal
Key Insights
Cardano tokenized a Hannover Re reinsurance product and listed it on the London Stock Exchange, expanding blockchain use in regulated institutional markets.
ADA price holds within a descending wedge as support at $0.2400 remains intact while resistance near $0.2550 and $0.2824 l
CryptoNewsLand1h ago
XRP Expands to Solana as wXRP Drives DeFi Access
Key Insights
Wrapped XRP on Solana surpasses 834,000 tokens, enabling new DeFi access while strengthening cross-chain liquidity and expanding XRP utility beyond its native ledger.
Ethereum and Solana dominate DeFi activity, while XRP Ledger trails significantly, driving the need for
CryptoNewsLand2h ago
Spark Protocol Q1 2026 Report: Total Protocol Revenue Reaches $31.5M
Gate News message, April 24 — Spark Protocol released its first-quarter 2026 financial report, showing total protocol revenue of $31.5 million, net protocol revenue of $6.91 million, and net protocol surplus of $3.46 million. The protocol's treasury now holds $46.1 million in assets, with $986,000 i
GateNews3h ago
XRP Breakout Holds as XRPL Lending Vote Gains Momentum
XRP shows weekly strength, trading above EMAs after breaking from a descending wedge; XRPL advances XLS-65/66 lending upgrades with pooled vaults and fixed-term loans; derivatives rise in volume, open interest, and options activity.
Abstract: This report notes XRP's persistent weekly momentum and price strength above key moving averages following a breakout from a descending wedge. It covers XRPL validators voting on XLS-65 and XLS-66, enabling native lending, pooled liquidity vaults, and fixed-term loans to expand on-chain financial activity. It also reports rising derivatives participation, with higher trading volume, open interest, and a surge in options activity, suggesting increasing trader positioning for a continued breakout.
CryptoNewsLand4h ago
Kelp DAO 漏洞救援:Mantle 擬貸 Aave 3 萬 ETH、DeFi 聯盟承諾逾 43,500 ETH
After the Kelp DAO cross-chain bridge was hacked, DeFi United mobilized agreements from protocols including Aave to commit 43,500 ETH (about $101 million) to provide relief for bad debts. Mantle proposed MIP-34, offering to lend up to 30,000 ETH to the Aave DAO and granting 130,000 AAVE voting rights; Stani Kulechov personally injected 5,000 ETH, and Lido and others also contributed. This move is seen as an experiment in “exchanging loans for governance rights” during a crisis, pending a vote.
ChainNewsAbmedia5h ago
Nakamoto Inc. Activates BTC Treasury With Derivative Trading Strategy, Holds 5,058 BTC
Gate News message, April 24 — Nakamoto, Inc. (Nasdaq:NAKA) has announced an active management strategy for its Bitcoin treasury, marking a shift from idle holdings to derivative-based income generation. The company holds 5,058 BTC, ranking 20th among public companies with BTC holdings, and recently
GateNews5h ago
