A security researcher. A bug hunter. Someone who protects protocols — not exploits them.
Any user could directly drain any account on the Injective chain.
No special permissions needed.
IN ON-CHAIN ASSETS WERE AT RISK
F4LC0N identifies a critical vulnerability in Injective Protocol capable of draining any account.
The bug is responsibly disclosed through the proper channel — Immunefi's bug bounty platform.
The very next day, Injective pushes a mainnet upgrade to governance vote. They understood the severity.
No follow up. No technical discussion. No communication. Nothing. Complete radio silence.
After 3 months, Injective offers $50K for a Critical vulnerability — their own program's max payout is $500K. No explanation given.
F4LC0N disputes the decision. Silence again. No conversation at all.
To be clear: even the $50K has not been paid. Zero dollars for saving $500 million.
That's 0.01% of what was saved.
Their own program's maximum for Critical is $500,000.
"I will dedicate 10% of all my future bug bounty earnings to making sure this story stays visible — until Injective pays what I deserve."
— f4lc0n