A white-hat hacker discovered a vulnerability in Injective that could jeopardize $500 million in assets, but only received a $50,000 reward, which has not yet been paid out.

CoinFeed reported on March 16th that white-hat hacker f4lc0n disclosed on the X platform that he discovered a "critical" vulnerability in the Injective protocol that could lead to the direct withdrawal of over $500 million in on-chain assets. However, the project only offered him a $50,000 reward, far below the planned maximum of $500,000 for this level. f4lc0n stated that the vulnerability allows any user to empty any on-chain account without special privileges. After he submitted the report through Immunefi, the Injective team initiated a mainnet upgrade vote to fix the vulnerability the following day, but then went "out of contact" for the next three months. Currently, f4lc0n has disputed the reward amount and claims that the $50,000 reward has not yet been paid. He announced that he will dedicate 10% of his future bug bounty income to continuously publicizing this matter until Injective pays out according to the standard rate.