A white-hat hacker discovered a vulnerability in Injective that could jeopardize $500 million in assets, but only received a $50,000 reward, which has not yet been paid out.

PANews reported on March 16 that white-hat hacker f4lc0n disclosed in an article on the X platform that he discovered a "critical" vulnerability in the Injective protocol that could lead to the direct extraction of more than $500 million in assets on the chain. However, the project team only offered him a reward of $50,000, far below the planned maximum of $500,000 for this level.

f4lc0n stated that the vulnerability allows any user to wipe any account on the blockchain without special privileges. After he submitted a report through Immunefi, the Injective team initiated a mainnet upgrade vote to fix the vulnerability the following day, but remained "out of contact" for the next three months. f4lc0n has now disputed the amount of the bounty, claiming that the $50,000 reward has not yet been paid. He announced that he will dedicate 10% of future bug bounty revenue to continuously publicizing this issue until Injective pays the standard reward.