Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
White hat hacker accuses Injective crypto project of failing to pay $500,000, 2026/03/16 17:05:48
An anonymous cybersecurity expert known as al_f4lc0n has disclosed a prolonged dispute with the team behind the cryptocurrency project Injective. According to the white hat hacker, the team significantly reduced the promised reward for identifying a critical vulnerability by a factor of ten.
The white hat hacker claims to have found a flaw in the protocol that could have led to a loss of $500 million due to a faulty validation system. As per the bug report published in the GitHub repository titled injective-wall-of-shame, the identified vulnerability allowed anyone to directly drain any account on the blockchain without requiring special permissions.
By exploiting the flaw in the subaccount verification system, attackers could place market orders on behalf of other users. This vulnerability enabled the creation of worthless tokens and the initiation of spot trading paired with the stablecoin USDT—these actions on the Injective platform do not necessitate permission, which facilitates an attack, asserts the hacker.
Related Posts
By creating a sell order for counterfeit tokens, an attacker could compel potential victims to purchase these tokens for USDT “at their chosen price,” subsequently transferring funds from Injective to Ethereum. The researcher emphasizes that this jeopardized all funds within Injective—the total potential damage could exceed $500 million. Currently, it stands at $280 million, with nearly the entire amount attributed to the INJ token.
al_f4lc0n stated that the Injective team promised $500,000 for identifying critical threats related to the blockchain and smart contracts. The researcher claims that to rectify the issue, the project leadership put the matter of an update to a vote. This indicates that the Injective team recognized the severity of the problem. However, al_f4lc0n expressed dissatisfaction that the company ignored him for three months despite the issue being fixed, only to subsequently reduce the reward amount by tenfold—to $50,000.
In 2022, a similar incident occurred when a white hat hacker received $540,000 instead of the promised $2 million for uncovering a critical vulnerability in Arbitrum, a scaling solution for the Ethereum network.
