Funkaclau

He who gives what he has is not obliged to give more.

Guess who is back!?

@elonmusk More deceptive, do you mean?

AI bots will be more human than human

Did you miss anything? 👶

@shidokid t.me/ShidoKidNews/34

@al_f4lc0n changing the bounty terms after the report drops is the ultimate rug pull. projects value chain consensus over user funds until the tvl actually drains. good on you for keeping the receipts.

@qckhp @al_f4lc0n @infosec_us_team Living and learning right? To each, it's own

@al_f4lc0n > I’d really like to know when this line was added. and do you really value chain consensus more than users' funds? @infosec_us_team got you Dec 4, 2025 #diff-d4aaedd43a789fbb2114e0105ce5adf0894797e783ab155e8f26b791ea46b517" target="_blank" rel="nofollow noopener">github.com/infosec-us-tea…

the figures referenced in the post are entirely misleading. There was no impact realized from this issue. Zero user funds were affected and zero addresses were compromised. My response: Are you suggesting I should have actually exploited the bug and caused real damage before coming to talk to you? For the stated vulnerability to work in practice, it would require execution of several suspicious transactions that would have an extraordinarily limited impact. My response: You should know better than anyone that on a Cosmos-based chain, a single transaction can pack multiple messages. Just one transaction is more than enough to completely drain multiple whale accounts. Injective has dynamic rate limiting functionalities which are applied automatically based on our live monitoring systems. This functionality has been live on mainnet since last year and is publicly available in our code base. My response: First, this has nothing to do with the vulnerability itself. Rate limiting doesn't stop attackers from stealing funds. It only slows them down when they try to bridge those funds over to Ethereum. Second, when I submitted my report, the mainnet configuration for this feature was not set. In other words, this feature wasn't even turned on! In addition to all of the above, this report was reviewed against the clearly defined terms of our Immunefi program. Based on those terms, issues such as those raised in this report that DO NOT impact block production or consensus are categorized outside of the Blockchain/DLT tier and carry a maximum payout of $50,000. My response: First, Immunefi has always put the impact of direct fund theft at the very top of its priority list. This is a fact that everyone knows. Second, you changed your bug bounty page after I submitted my report. Here’s the snapshot from November 8, 2025: web.archive.org/web/2025110816… . And now, there’s an extra line added to your bug bounty page: “IMPORTANT: Within the Assets in Scope table, the injective-core folder is listed for both Blockchain/DLT and Web/App due to overlap between the two within the same folder. However, for a report to be categorized as Blockchain/DLT, the resulting impact has to be directly involved with the block production process or with consensus failures. All reports not dealing directly with either of these are to be categorized as Web/App.” I’d really like to know when this line was added. and do you really value chain consensus more than users' funds? We remain committed to fair, transparent, and consistent handling of all reports, and to maintaining the highest standards of security for the ecosystem. Injective has done so since its mainnet inception in 2021 and will continue to do so in perpetuity, always putting builders and security first. My response: You never even replied to my messages, and now you’re blaming me for not requesting mediation? I can post the original report if you agree. I left many messages, but you haven't replied to a single one. ---------- Finally: Stop making excuses from every angle and trying to use technical jargon to confuse people who aren't developers. That doesn’t work anymore these days. Anyone can just ask an AI to fact-check what both of us are saying. I have no ill intentions toward your project. All I'm asking is for you to be honest and handle this transparently.

@EvanKlein338226 @al_f4lc0n they are teaching us about their method of work, and teaching us how should we treat them and their user base next time a vulnerability is found. play with fire, get burned

The "no impact = no payout" logic is broken. That's like saying a fire alarm that catches a fire early doesn't deserve credit because nothing burned. You found the vulnerability. You reported it responsibly. The alternative was waiting for actual damage. This is why many researchers just go full disclosure now.

@abrahamonchain @MaxLensherr @al_f4lc0n Yeah, because they don't believe in the legal system. They believe they can get away unaccountable

@MaxLensherr @al_f4lc0n 😂😂😂 Ngl bruh They're trying every means possible to divert the topic

@bangjelkoski @injective Yeah, you must be joking, right?

@al_f4lc0n It's not time to stop! It's time to push those irresponsible and deceptive power abusers. It pains me deeply to empathize with what you are going through, and everyone should know how rotten and unaccountable is that Blockchain team. Trying to walk away as if nothing happened

@Benn_Bullish @HyperliquidX Accountability for the win

@HyperliquidX is a great platform. But its fees and slippage on scalping are highly HIGHLY fuckink suspect. Seems to be a greedy platform with little or no respect for its clients. Even on winning trades, the slippage is maximum in the reverse. One day, they will be audited, and one day people will go to prison and enjoy a shower. Now that is maximum slippage.

Dev Life 😅

@Superbit123 @0xJolt

@0xJolt Ticker: $SHIDO Eco: Ecosystem.shido.io Web: Shido.io TG: t.me/ShidoGlobal Explorer: zone.aethercloud.xyz DEXtool: dextools.io/app/shido/pairs CMC: coinmarketcap.com/exchanges/shid…

I need the next 1000x 🎉 Shill me that ticker NOW!

Discover Shido DEX on @CoinMarketCap, now featuring updated tracking for liquidity and trading volume on the Shido Network. Explore market pairs and gain deeper insights into trading activity on the world’s largest crypto data platform. 🔗 coinmarketcap.com/exchanges/shid…

@Balance0606 @al_f4lc0n @injective i dont develop on Injective, but seeing humans stand up this way to help out a noble dev, i have to join. I know what he is feeling. i have been there and on my case not even a "thank you" i got

@al_f4lc0n @injective We have created a community to express it and direct the fees of tokens on sol to your github. You can claim it, which is what you deserve x.com/i/communities/…

Here is my Immunefi profile: immunefi.com/profile/f4lc0n/ I submitted my first valid bug report on Immunefi on December 15, 2024. And, could you help me reach out to @injective ? I want to ask if I’m allowed to public my original report. Alternatively, ask them to have a technical discussion with me about exactly how many assets were impacted. They’ve never responded to my messages.

@al_f4lc0n @immunefi sad, real and more common than you would imagine. i dont even dare share my experience on this 🤣

I Saved Injective's $500M. They Pay Me $50K. I like hunting bugs on @immunefi . I'm decent at it. - #1 — Attackathon | Stacks - #2 — Attackathon | Stacks II - #1 — Attackathon | XRPL Lending Protocol - 1 Critical and 1 High from bug bounties (not counting this one) Life was good. Then I found a Critical vulnerability in @injective . This vulnerability allowed any user to directly drain any account on the chain. No special permissions needed. Over $500M in on-chain assets were at risk. I reported it through Immunefi. The next day, a mainnet upgrade to fix the bug went to governance vote. The Injective team clearly understood the severity. Then — silence. For 3 months. No follow up. No technical discussion. Nothing. A few days ago, they notified me of their decision: $50K. The maximum payout for a Critical vulnerability in their bug bounty program is $500K. I disputed it. Silence again. No explanation for the reduced payout. No explanation for the 3 month ghost. No conversation at all. To be clear: the $50K has not been paid either. I've seen others share bad experiences with bug bounty payouts recently. I never thought it would happen to me. I can't force them to do the right thing. But I won't let this be forgotten. I will dedicate 10% of all my future bug bounty earnings to making sure this story stays visible — until Injective pays what I deserve. Full Technical Report: github.com/injective-wall…

@Fincozy1 @kyrixavlr @al_f4lc0n @immunefi seems like so

@kyrixavlr @al_f4lc0n @immunefi so you like it when billion dollar businesses enrich themselves with lowball payouts to ordinary people who are supposed to do it for "the love of it" cucklord

Shido weekly AMA on X, Sunday 5pm UTC 🎙️ As usual, join Rayqua to ask any questions. Not recorded, so don’t miss it👇 x.com/i/spaces/1lKQR…

AI generated video can deceive many, but if you pay attention to the sound. you will notice a very peculiar buzz that is a very distinguishable feature of AI created content. Last but not the least, welcome to the age of Disinformation and fantasy 😂 it's only getting worse from here 😅

This is Tel-Aviv Airport, Israel. Why are they lying about what is truly happening in Israel? Iran isn't here to play...