White Hat Hacker Claims Discovery of Critical Injective Vulnerability Involving Over $500 Million in On-Chain Assets, Receives Only $50,000 Bounty

Odaily News White hat hacker f4lc0n posted on the X platform, stating that they discovered a critical vulnerability on the Injective chain through the Immunefi platform. This vulnerability allowed any user to directly steal funds from any on-chain account without special permissions, putting over $500 million in on-chain assets at risk. The hacker claimed that the Injective team submitted a fix proposal for governance voting the day after the report was submitted, but no follow-up or technical discussion was received in the three months thereafter. Ultimately, Injective offered a $50,000 bounty, while the project's maximum bounty for critical vulnerabilities is $500,000. The hacker stated they had raised an objection but received no response, and the $50,000 bounty has not been paid to date.