Gate News: On March 16, white hat hacker f4lc0n disclosed on the X platform that he discovered a critical security vulnerability in the Injective protocol, which could lead to the direct withdrawal of over $500 million in on-chain assets. f4lc0n stated that this vulnerability allows any user to empty any account on the chain without special permissions. After submitting the report through Immunefi, the Injective team initiated a mainnet upgrade vote the next day to fix the issue. However, the project only offered him a $50,000 reward, far below the $500,000 maximum standard for critical vulnerabilities in their bounty program. f4lc0n said that within three months of submitting the report, the Injective team was unresponsive, and the $50,000 reward has not yet been paid. Currently, f4lc0n has challenged the reward amount and announced that he will allocate 10% of future bug bounty income to continue publicizing this matter until Injective pays according to the standard.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
CoW Swap Pauses Protocol After DNS Hijacking Drains at Least $1M in User Funds
CoW Swap suspended its protocol after DNS hijacking redirected users to a fraudulent site, resulting in over $1 million in crypto theft. The incident led to precautionary actions and user warnings, while security measures were implemented.
GateNews5m ago
Lattice Announces Shutdown: Redstone Will Close on May 16, Users Must Withdraw by the Deadline
Gaming infrastructure developer Lattice announced it will shut down on May 15 and reminded users to withdraw their funds. After the shutdown, contract funds cannot be withdrawn through L1 contracts; only funds in personal wallets can be recovered. Over the past five years, Lattice has failed to realize its business model and ultimately decided to close, but its MUD framework and DUST game will continue to run.
MarketWhisper1h ago
User Loses $316K USDC After Signing Malicious Permit2 Transaction, GoPlus Warns
A user lost $316,000 in USDC due to a malicious Permit2 transaction, highlighting vulnerabilities in token approval mechanisms. GoPlus Security urges users to avoid phishing by following key security practices and installing its protective extension.
GateNews2h ago
Cow Protocol suffers a DNS hijacking; users must immediately revoke permissions
Cow Swap, a DEX aggregation platform built by Cow Protocol, suffered DNS hijacking on April 14. The attacker tampered with domain name records, redirecting user traffic to a spoofed website, and deployed a wallet-draining script. Cow DAO immediately paused the service and advised users to revoke approvals. This incident did not affect the protocol’s smart contracts, but users should remain alert to related risks and verify their transaction records.
MarketWhisper3h ago
CoW Swap Issues Security Alert After Frontend Attack Detected by Blockaid
Blockaid has identified a frontend attack on CoW Swap, marking its domain as malicious. Users are advised to cease interactions, revoke wallet authorizations, and await further updates from the CoW Swap team.
GateNews9h ago
