• bitcoinBitcoin (BTC) $ 76,428.00
  • ethereumEthereum (ETH) $ 2,261.25
  • tetherTether (USDT) $ 0.999489
  • xrpXRP (XRP) $ 1.37
  • bnbBNB (BNB) $ 615.44
  • usd-coinUSDC (USDC) $ 0.999651
  • solanaSolana (SOL) $ 83.19
  • tronTRON (TRX) $ 0.326638
  • staked-etherLido Staked Ether (STETH) $ 2,265.05
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.03
  • dogecoinDogecoin (DOGE) $ 0.106611
  • whitebitWhiteBIT Coin (WBT) $ 57.28
  • usdsUSDS (USDS) $ 0.999726
  • leo-tokenLEO Token (LEO) $ 10.33
  • hyperliquidHyperliquid (HYPE) $ 39.75
  • wrapped-stethWrapped stETH (WSTETH) $ 2,779.67
  • cardanoCardano (ADA) $ 0.246590
  • bitcoin-cashBitcoin Cash (BCH) $ 441.26
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 76,243.00
  • moneroMonero (XMR) $ 379.22
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.998762
  • chainlinkChainlink (LINK) $ 9.11
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 2,466.93
  • zcashZcash (ZEC) $ 349.83
  • canton-networkCanton (CC) $ 0.150210
  • stellarStellar (XLM) $ 0.158780
  • wrapped-eethWrapped eETH (WEETH) $ 2,465.31
  • usd1-wlfiUSD1 (USD1) $ 0.999661
  • daiDai (DAI) $ 0.999628
  • susdssUSDS (SUSDS) $ 1.08
  • litecoinLitecoin (LTC) $ 55.18
  • memecoreMemeCore (M) $ 3.18
  • avalanche-2Avalanche (AVAX) $ 9.10
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 76,366.00
  • ethena-usdeEthena USDe (USDE) $ 0.999065
  • hedera-hashgraphHedera (HBAR) $ 0.087531
  • rainRain (RAIN) $ 0.007832
  • wethWETH (WETH) $ 2,268.37
  • shiba-inuShiba Inu (SHIB) $ 0.000006
  • suiSui (SUI) $ 0.910368
  • paypal-usdPayPal USD (PYUSD) $ 0.999859
  • usdt0USDT0 (USDT0) $ 0.998824
  • the-open-networkToncoin (TON) $ 1.34
  • crypto-com-chainCronos (CRO) $ 0.068439
  • hashnote-usycCircle USYC (USYC) $ 1.12
  • tether-goldTether Gold (XAUT) $ 4,613.18
  • global-dollarGlobal Dollar (USDG) $ 0.999644
  • bittensorBittensor (TAO) $ 249.60
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.22
  • pax-goldPAX Gold (PAXG) $ 4,616.77
  • mantleMantle (MNT) $ 0.626815
  • polkadotPolkadot (DOT) $ 1.21
  • uniswapUniswap (UNI) $ 3.20
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.060622
  • skySky (SKY) $ 0.079697
  • pi-networkPi Network (PI) $ 0.176781
  • falcon-financeFalcon USD (USDF) $ 0.996713
  • okbOKB (OKB) $ 82.46
  • aster-2Aster (ASTER) $ 0.653242
  • little-pepe-5Little Pepe (LILPEPE) $ 2.16
  • nearNEAR Protocol (NEAR) $ 1.30
  • htx-daoHTX DAO (HTX) $ 0.000002
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.15
  • pepePepe (PEPE) $ 0.000004
  • usddUSDD (USDD) $ 0.999474
  • ripple-usdRipple USD (RLUSD) $ 0.999830
  • aaveAave (AAVE) $ 92.97
  • bitget-tokenBitget Token (BGB) $ 2.00
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.12
  • janus-henderson-anemoy-treasury-fundJanus Henderson Anemoy Treasury Fund (JTRSY) $ 1.10
  • bfusdBFUSD (BFUSD) $ 0.998600
  • internet-computerInternet Computer (ICP) $ 2.38
  • ethereum-classicEthereum Classic (ETC) $ 8.35
  • ondo-financeOndo (ONDO) $ 0.262536
  • morphoMorpho (MORPHO) $ 2.00
  • kucoin-sharesKuCoin (KCS) $ 8.45
  • united-stablesUnited Stables (U) $ 1.00
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.00
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.095198
  • quant-networkQuant (QNT) $ 68.95
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.23
  • algorandAlgorand (ALGO) $ 0.110371
  • superstate-short-duration-us-government-securities-fund-ustbSuperstate Short Duration U.S. Government Securities Fund (USTB) (USTB) $ 11.07
  • jito-staked-solJito Staked SOL (JITOSOL) $ 124.46
  • blockchain-capitalBlockchain Capital (BCAP) $ 105.75
  • cosmosCosmos Hub (ATOM) $ 1.88
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 2,404.69
  • ethenaEthena (ENA) $ 0.102948
  • nexoNEXO (NEXO) $ 0.894230
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,262.26
  • kaspaKaspa (KAS) $ 0.032518
  • rocket-pool-ethRocket Pool ETH (RETH) $ 2,631.35
  • render-tokenRender (RENDER) $ 1.68
  • gatechain-tokenGate (GT) $ 7.22
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999945
  • worldcoin-wldWorldcoin (WLD) $ 0.243067
  • aptosAptos (APT) $ 0.995924
  • wbnbWrapped BNB (WBNB) $ 759.61
  • arbitrumArbitrum (ARB) $ 0.124132
  • ignition-fbtcFunction FBTC (FBTC) $ 76,389.00
  • justJUST (JST) $ 0.089083
  • stable-2​​Stable (STABLE) $ 0.033162
  • filecoinFilecoin (FIL) $ 0.922844
  • flare-networksFlare (FLR) $ 0.007462
  • pump-funPump.fun (PUMP) $ 0.001781
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.010016
  • beldexBeldex (BDX) $ 0.079799
  • ousgOUSG (OUSG) $ 115.09
  • binance-staked-solBinance Staked SOL (BNSOL) $ 108.24
  • hash-2Provenance Blockchain (HASH) $ 0.011460
  • vechainVeChain (VET) $ 0.007002
  • jupiter-exchange-solanaJupiter (JUP) $ 0.180238
  • xdce-crowd-saleXDC Network (XDC) $ 0.029692
  • usdtbUSDtb (USDTB) $ 1.00
  • ghoGHO (GHO) $ 0.999525
  • new-x-ceo-is-backNEW X CEO IS BACK (XFLOKI) $ 0.506041
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999720
  • usual-usdUsual USD (USD0) $ 0.998991
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 76,461.00
  • official-trumpOfficial Trump (TRUMP) $ 2.39
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 76,491.00
  • midnight-3Midnight (NIGHT) $ 0.032755
  • bonkBonk (BONK) $ 0.000006
  • yldsYLDS (YLDS) $ 0.999997
  • clbtcclBTC (CLBTC) $ 76,920.00
  • dexeDeXe (DEXE) $ 11.30
  • siren-2Siren (SIREN) $ 0.679958
  • true-usdTrueUSD (TUSD) $ 0.999545
  • a7a5A7A5 (A7A5) $ 0.012308
  • pancakeswap-tokenPancakeSwap (CAKE) $ 1.45
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 0.690028
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 2,419.84
  • dashDash (DASH) $ 35.30
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.196019
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 33.97
  • tbtctBTC (TBTC) $ 70,942.00
  • euro-coinEURC (EURC) $ 1.17
  • chilizChiliz (CHZ) $ 0.041310
  • wrappedm-by-m0WrappedM by M0 (WM) $ 1.00
  • adi-tokenADI (ADI) $ 4.07
  • aerodrome-financeAerodrome Finance (AERO) $ 0.450386
  • terra-lunaTerra Luna Classic (LUNC) $ 0.000075
  • blockstackStacks (STX) $ 0.220994
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.03
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.998925
  • c8ntinuumc8ntinuum (CTM) $ 0.087592
  • edgexedgeX (EDGE) $ 1.15
  • mantle-staked-etherMantle Staked Ether (METH) $ 2,455.82
  • tezosTezos (XTZ) $ 0.364373
  • venice-tokenVenice Token (VVV) $ 8.54
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999983
  • sei-networkSei (SEI) $ 0.057343
  • resolv-wstusrResolv wstUSR (WSTUSR) $ 1.13
  • usxUSX (USX) $ 0.999531
  • cocaCOCA (COCA) $ 1.30
  • layerzeroLayerZero (ZRO) $ 1.43
  • megausdMegaUSD (USDM) $ 0.999480
  • manadiaManadia (UMXM) $ 1.73
  • doge-strategyDoge Strategy (DOGESTR) $ 0.288297
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 2,406.26
  • curve-dao-tokenCurve DAO (CRV) $ 0.235585
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 76,200.00
  • sun-tokenSun Token (SUN) $ 0.018514
  • kinesis-goldKinesis Gold (KAU) $ 147.57
  • skyaiSkyAI (SKYAI) $ 0.353783
  • zebec-networkZebec Network (ZBCN) $ 0.003493
  • wrapped-flareWrapped Flare (WFLR) $ 0.009961
  • bianrensheng币安人生 (BinanceLife) (币安人生) $ 0.345977
  • injective-protocolInjective (INJ) $ 3.43
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,266.86
  • ether-fiEther.fi (ETHFI) $ 0.410241
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.12
  • spx6900SPX6900 (SPX) $ 0.363885
  • humanityHumanity (H) $ 0.178523
  • hastra-primePRIME (PRIME) $ 1.03
  • gnosisGnosis (GNO) $ 122.38
  • monadMonad (MON) $ 0.027217
  • binance-peg-xrpBinance-Peg XRP (XRP) $ 1.59
  • celestiaCelestia (TIA) $ 0.349726
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 2,443.47
  • bitcoin-svBitcoin SV (BSV) $ 15.81
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 2,421.84
  • decredDecred (DCR) $ 18.17
  • bittorrentBitTorrent (BTT) $ 0.00000032
  • noonNoon (NOON) $ 0.751949
  • sbtc-2sBTC (SBTC) $ 77,039.00
  • apenftAINFT (NFT) $ 0.00000032
  • lido-daoLido DAO (LDO) $ 0.366341
  • flokiFLOKI (FLOKI) $ 0.000032
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 115.56
  • conflux-tokenConflux (CFX) $ 0.058888
  • savings-usddSavings USDD (SUSDD) $ 1.03
  • usdgoUSDGO (USDGO) $ 0.999764
  • olympusOlympus (OHM) $ 19.09
  • doublezeroDoubleZero (2Z) $ 0.081916
  • msolMarinade Staked SOL (MSOL) $ 133.18
  • crvusdcrvUSD (CRVUSD) $ 0.999734
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 2,265.06
Bitcoin

Whitehat hacker accuses Injective of ghosting after $500M bug disclosure

By admin
0 29

Whitehat hacker accuses Injective of ghosting after $500M bug disclosure

A whitehat hacker has gone public over a months-long feud with the team behind Injective over its response to a critical bug disclosure.

According to the report, the vulnerability in question put $500 million at risk via a faulty validation system.

The pseudonymous crypto security researcher, who goes by the moniker al_f4lc0n, has accused Injective of ghosting them for three months, despite fixing the bug, and later lowballing the bounty payout.

The bug

The bounty hunter uploaded a full bug report to a GitHub repository called “injective-wall-of-shame.”

In the repo’s readme, entitled “I Saved Injective’s $500M. They Pay Me $50K,” they explain that the vulnerability allowed “any user to directly drain any account on the chain. No special permissions needed.”

The more detailed technical report describes how a faulty subaccount validation system allowed for an attacker to submit market orders on other users’ behalf.

The bug was exploitable by an attacker creating a worthless token and creating a spot market, pairing it with $USDT. Both these actions are permissionless on Injective.

Then, by creating a sell order of the fake token, the attacker could force victim accounts to buy the worthless token for $USDT, “at the attacker’s chosen price.” The $USDT could then be permissionlessly bridged off Injective, to Ethereum.

The report claims this put all value on the blockchain at risk, and that the total was over $500 million at the time of disclosure.

The figure currently sits at $280 million, the vast majority of which is in the INJ token.

Embed: Oracle error adds to turmoil at DeFi giant Aave

The bounty

Injective is a blockchain network which lists the likes of Binance, Jump, Google and Pantera as partners, claiming “institutional and government players are joining us.”

Bug bounties are a common way for organizations to crowdsource continuous security monitoring from specialist whitehat bounty “hunters.”

Injective’s ImmuneFi page lists a maximum bounty of $500,000 for critical threats related to its blockchain and smart contracts.

The researcher claims, “a mainnet upgrade to fix the bug went to governance vote. The Injective team clearly understood the severity.”

They also allege that injective “ghosted” for three months after the fix, before offering a bounty 10x lower than the maximum. “To be clear: the $50K has not been paid either,” they stress.

Protos has reached out to Injective for comment on al_f4lc0n’s claims, but hadn’t received a response before publication. This article will be updated should we receive one.

Source

admin 20591 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.