• bitcoinBitcoin (BTC) $ 74,232.00
  • ethereumEthereum (ETH) $ 2,340.11
  • tetherTether (USDT) $ 0.999935
  • xrpXRP (XRP) $ 1.54
  • bnbBNB (BNB) $ 680.71
  • usd-coinUSDC (USDC) $ 0.999968
  • solanaSolana (SOL) $ 95.05
  • tronTRON (TRX) $ 0.297241
  • staked-etherLido Staked Ether (STETH) $ 2,265.05
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.02
  • dogecoinDogecoin (DOGE) $ 0.102564
  • whitebitWhiteBIT Coin (WBT) $ 58.01
  • usdsUSDS (USDS) $ 0.997220
  • cardanoCardano (ADA) $ 0.288844
  • bitcoin-cashBitcoin Cash (BCH) $ 480.77
  • wrapped-stethWrapped stETH (WSTETH) $ 2,779.67
  • hyperliquidHyperliquid (HYPE) $ 39.03
  • leo-tokenLEO Token (LEO) $ 9.01
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 76,243.00
  • chainlinkChainlink (LINK) $ 9.94
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.998762
  • moneroMonero (XMR) $ 375.92
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 2,466.93
  • ethena-usdeEthena USDe (USDE) $ 0.999817
  • canton-networkCanton (CC) $ 0.153876
  • stellarStellar (XLM) $ 0.175403
  • wrapped-eethWrapped eETH (WEETH) $ 2,465.31
  • usd1-wlfiUSD1 (USD1) $ 0.998967
  • litecoinLitecoin (LTC) $ 58.71
  • zcashZcash (ZEC) $ 272.61
  • susdssUSDS (SUSDS) $ 1.08
  • avalanche-2Avalanche (AVAX) $ 10.30
  • rainRain (RAIN) $ 0.009049
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 76,366.00
  • hedera-hashgraphHedera (HBAR) $ 0.099790
  • daiDai (DAI) $ 0.999751
  • suiSui (SUI) $ 1.06
  • wethWETH (WETH) $ 2,268.37
  • paypal-usdPayPal USD (PYUSD) $ 0.998739
  • shiba-inuShiba Inu (SHIB) $ 0.000006
  • crypto-com-chainCronos (CRO) $ 0.079969
  • usdt0USDT0 (USDT0) $ 0.998824
  • the-open-networkToncoin (TON) $ 1.34
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.106854
  • memecoreMemeCore (M) $ 1.67
  • tether-goldTether Gold (XAUT) $ 4,975.66
  • mantleMantle (MNT) $ 0.840896
  • polkadotPolkadot (DOT) $ 1.61
  • bittensorBittensor (TAO) $ 276.36
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.22
  • uniswapUniswap (UNI) $ 4.16
  • pax-goldPAX Gold (PAXG) $ 5,005.85
  • hashnote-usycCircle USYC (USYC) $ 1.12
  • okbOKB (OKB) $ 97.42
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • pi-networkPi Network (PI) $ 0.196522
  • nearNEAR Protocol (NEAR) $ 1.44
  • aaveAave (AAVE) $ 121.95
  • skySky (SKY) $ 0.078575
  • aster-2Aster (ASTER) $ 0.727311
  • global-dollarGlobal Dollar (USDG) $ 0.999975
  • falcon-financeFalcon USD (USDF) $ 0.998964
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.15
  • pepePepe (PEPE) $ 0.000004
  • ripple-usdRipple USD (RLUSD) $ 0.999996
  • bitget-tokenBitget Token (BGB) $ 2.20
  • internet-computerInternet Computer (ICP) $ 2.76
  • htx-daoHTX DAO (HTX) $ 0.000002
  • ethereum-classicEthereum Classic (ETC) $ 9.04
  • ondo-financeOndo (ONDO) $ 0.285746
  • bfusdBFUSD (BFUSD) $ 0.999499
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.12
  • pump-funPump.fun (PUMP) $ 0.002105
  • worldcoin-wldWorldcoin (WLD) $ 0.395785
  • gatechain-tokenGate (GT) $ 7.37
  • kucoin-sharesKuCoin (KCS) $ 8.52
  • superstate-short-duration-us-government-securities-fund-ustbSuperstate Short Duration U.S. Government Securities Fund (USTB) (USTB) $ 11.02
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.00
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.102360
  • morphoMorpho (MORPHO) $ 1.88
  • ethenaEthena (ENA) $ 0.118456
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.21
  • cosmosCosmos Hub (ATOM) $ 1.98
  • jito-staked-solJito Staked SOL (JITOSOL) $ 124.46
  • quant-networkQuant (QNT) $ 67.76
  • render-tokenRender (RENDER) $ 1.87
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 2,404.69
  • nexoNEXO (NEXO) $ 0.930286
  • official-trumpOfficial Trump (TRUMP) $ 3.90
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,262.26
  • kaspaKaspa (KAS) $ 0.033207
  • rocket-pool-ethRocket Pool ETH (RETH) $ 2,631.35
  • algorandAlgorand (ALGO) $ 0.096027
  • midnight-3Midnight (NIGHT) $ 0.051324
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999945
  • usdtbUSDtb (USDTB) $ 1.00
  • aptosAptos (APT) $ 1.01
  • wbnbWrapped BNB (WBNB) $ 759.61
  • janus-henderson-anemoy-treasury-fundJanus Henderson Anemoy Treasury Fund (JTRSY) $ 1.10
  • ignition-fbtcFunction FBTC (FBTC) $ 76,389.00
  • flare-networksFlare (FLR) $ 0.008867
  • filecoinFilecoin (FIL) $ 0.986602
  • usddUSDD (USDD) $ 1.00
  • ousgOUSG (OUSG) $ 114.58
  • hash-2Provenance Blockchain (HASH) $ 0.012475
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • xdce-crowd-saleXDC Network (XDC) $ 0.033430
  • vechainVeChain (VET) $ 0.007733
  • arbitrumArbitrum (ARB) $ 0.109677
  • binance-staked-solBinance Staked SOL (BNSOL) $ 108.24
  • beldexBeldex (BDX) $ 0.080532
  • yldsYLDS (YLDS) $ 0.999982
  • jupiter-exchange-solanaJupiter (JUP) $ 0.169562
  • ghoGHO (GHO) $ 0.999949
  • bonkBonk (BONK) $ 0.000007
  • stable-2​​Stable (STABLE) $ 0.027426
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999720
  • usual-usdUsual USD (USD0) $ 0.996695
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 76,461.00
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.240535
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 76,491.00
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 0.788033
  • pancakeswap-tokenPancakeSwap (CAKE) $ 1.51
  • true-usdTrueUSD (TUSD) $ 0.999355
  • clbtcclBTC (CLBTC) $ 76,920.00
  • justJUST (JST) $ 0.056048
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.007891
  • a7a5A7A5 (A7A5) $ 0.012320
  • blockstackStacks (STX) $ 0.263079
  • fasttokenFasttoken (FTN) $ 1.09
  • decredDecred (DCR) $ 27.09
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 2,419.84
  • sei-networkSei (SEI) $ 0.069218
  • layerzeroLayerZero (ZRO) $ 2.27
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 33.97
  • dashDash (DASH) $ 35.77
  • tbtctBTC (TBTC) $ 70,942.00
  • euro-coinEURC (EURC) $ 1.15
  • wrappedm-by-m0WrappedM by M0 (WM) $ 1.00
  • ether-fiEther.fi (ETHFI) $ 0.579757
  • riverRiver (RIVER) $ 21.71
  • tezosTezos (XTZ) $ 0.396036
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.03
  • chilizChiliz (CHZ) $ 0.039590
  • kinesis-goldKinesis Gold (KAU) $ 160.46
  • c8ntinuumc8ntinuum (CTM) $ 0.087592
  • kite-2Kite (KITE) $ 0.210905
  • mantle-staked-etherMantle Staked Ether (METH) $ 2,455.82
  • gnosisGnosis (GNO) $ 144.60
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.999818
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999983
  • curve-dao-tokenCurve DAO (CRV) $ 0.252241
  • resolv-wstusrResolv wstUSR (WSTUSR) $ 1.13
  • usxUSX (USX) $ 0.999551
  • cocaCOCA (COCA) $ 1.30
  • conflux-tokenConflux (CFX) $ 0.066319
  • bittorrentBitTorrent (BTT) $ 0.00000035
  • celestiaCelestia (TIA) $ 0.378276
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 2,406.26
  • adi-tokenADI (ADI) $ 3.41
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 76,200.00
  • apenftAINFT (NFT) $ 0.00000033
  • usdaiUSDai (USDAI) $ 0.999807
  • hastra-primePRIME (PRIME) $ 1.01
  • injective-protocolInjective (INJ) $ 3.27
  • wrapped-flareWrapped Flare (WFLR) $ 0.009961
  • aerodrome-financeAerodrome Finance (AERO) $ 0.352491
  • sun-tokenSun Token (SUN) $ 0.016758
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,266.86
  • siren-2Siren (SIREN) $ 0.448315
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.12
  • kaiaKaia (KAIA) $ 0.054938
  • syrupMaple Finance (SYRUP) $ 0.272843
  • spx6900SPX6900 (SPX) $ 0.338591
  • flokiFLOKI (FLOKI) $ 0.000032
  • bitcoin-svBitcoin SV (BSV) $ 15.28
  • binance-peg-xrpBinance-Peg XRP (XRP) $ 1.59
  • jasmycoinJasmyCoin (JASMY) $ 0.005971
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 2,443.47
  • the-graphThe Graph (GRT) $ 0.027892
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 2,421.84
  • lighterLighter (LIT) $ 1.17
  • pyth-networkPyth Network (PYTH) $ 0.050374
  • sbtc-2sBTC (SBTC) $ 77,039.00
  • iotaIOTA (IOTA) $ 0.066574
  • optimismOptimism (OP) $ 0.134414
  • doublezeroDoubleZero (2Z) $ 0.081192
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 115.56
  • venice-tokenVenice Token (VVV) $ 6.30
  • savings-usddSavings USDD (SUSDD) $ 1.03
  • story-2Story (IP) $ 0.794813
  • lido-daoLido DAO (LDO) $ 0.329257
  • fraxLegacy Frax Dollar (FRAX) $ 0.993418
  • msolMarinade Staked SOL (MSOL) $ 133.18
  • olympusOlympus (OHM) $ 17.20
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 2,265.06
  • official-foOfficial FO (FO) $ 0.265734
  • ape-and-pepeApe and Pepe (APEPE) $ 0.000001
  • plasmaPlasma (XPL) $ 0.118354
  • pippinpippin (PIPPIN) $ 0.258966
Bitcoin

Whitehat hacker accuses Injective of ghosting after $500M bug disclosure

By admin
0 4

Whitehat hacker accuses Injective of ghosting after $500M bug disclosure

A whitehat hacker has gone public over a months-long feud with the team behind Injective over its response to a critical bug disclosure.

According to the report, the vulnerability in question put $500 million at risk via a faulty validation system.

The pseudonymous crypto security researcher, who goes by the moniker al_f4lc0n, has accused Injective of ghosting them for three months, despite fixing the bug, and later lowballing the bounty payout.

The bug

The bounty hunter uploaded a full bug report to a GitHub repository called “injective-wall-of-shame.”

In the repo’s readme, entitled “I Saved Injective’s $500M. They Pay Me $50K,” they explain that the vulnerability allowed “any user to directly drain any account on the chain. No special permissions needed.”

The more detailed technical report describes how a faulty subaccount validation system allowed for an attacker to submit market orders on other users’ behalf.

The bug was exploitable by an attacker creating a worthless token and creating a spot market, pairing it with $USDT. Both these actions are permissionless on Injective.

Then, by creating a sell order of the fake token, the attacker could force victim accounts to buy the worthless token for $USDT, “at the attacker’s chosen price.” The $USDT could then be permissionlessly bridged off Injective, to Ethereum.

The report claims this put all value on the blockchain at risk, and that the total was over $500 million at the time of disclosure.

The figure currently sits at $280 million, the vast majority of which is in the INJ token.

Embed: Oracle error adds to turmoil at DeFi giant Aave

The bounty

Injective is a blockchain network which lists the likes of Binance, Jump, Google and Pantera as partners, claiming “institutional and government players are joining us.”

Bug bounties are a common way for organizations to crowdsource continuous security monitoring from specialist whitehat bounty “hunters.”

Injective’s ImmuneFi page lists a maximum bounty of $500,000 for critical threats related to its blockchain and smart contracts.

The researcher claims, “a mainnet upgrade to fix the bug went to governance vote. The Injective team clearly understood the severity.”

They also allege that injective “ghosted” for three months after the fix, before offering a bounty 10x lower than the maximum. “To be clear: the $50K has not been paid either,” they stress.

Protos has reached out to Injective for comment on al_f4lc0n’s claims, but hadn’t received a response before publication. This article will be updated should we receive one.

Source

admin 19085 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.