The Injective ecosystem is currently navigating one of the most dynamic periods in its history. While developers celebrate a technological breakthrough by implementing native support for the fastest-growing stablecoin, the project’s reputation has been clouded by a heated dispute with a security researcher.
A New Era of Liquidity: Native USDC and the CCTP Protocol
The Layer-1 blockchain Injective has officially announced support for the USDC stablecoin and the integration of the Cross-Chain Transfer Protocol (CCTP) by Circle.
This move is driven by the rapid dominance of stablecoins in the global financial system. According to recent data, stablecoin transaction volume reached a staggering $33 trillion in 2025, marking a 72% year-over-year increase. USDC led the race with a turnover of $18.3 trillion, which is already comparable to half of Visa’s annual volume.
What does this mean for users and developers?
The integration of native USDC via the MultiVM token standard solves a major issue in modern blockchains: liquidity fragmentation.
- No “Wrappers”: Full availability across Wasm and EVM execution environments without the need for bridging.
- Speed: Transactions are processed with near-instant finality.
- Scalability: Direct access to Circle’s capitalization, which exceeds $80 billion.
Currently, operations are being tested in the testnet, with a phased rollout to the mainnet expected shortly.
The Flip Side of Security: The $500,000 Bounty Dispute
Parallel to its technological successes, the project faces a significant reputational challenge. A “white hat” hacker known as f4lc0n has publicly accused the Injective team of attempting to lowball a bounty payment for a critical vulnerability.
The Heart of the Conflict
The researcher discovered a critical flaw in the sub-account verification system. According to him, the bug allowed attackers to perform unauthorized trading operations on behalf of other users, effectively granting access to withdraw funds to external networks.
“I saved $500M for Injective. They want to pay me $50k,” reads the header of the hacker’s report on GitHub.
Arguments of the Parties
- The Hacker’s Position: f4lc0n claims that the network’s entire capital (approximately $500 million at the time of discovery) was at risk. According to Immunefi’s rules, a “critical” vulnerability warrants a $500,000 reward.
- Injective’s Actions: Upon receiving the report, the team promptly conducted a governance vote and updated the network to patch the hole. However, according to f4lc0n, the project remained silent for three months before offering a sum ten times smaller than expected—and even that has yet to be paid.
Currently, according to Arkham data, the platform’s assets are valued at $285 million, with a significant portion held in the native INJ token. The outcome of this dispute could set a precedent for the entire Web3 cybersecurity industry.
Summary
Injective is demonstrating its ambition to become a major hub for institutional liquidity by simplifying USDC integration. However, the conflict with the white hat community could undermine trust in the protocol’s security if a compromise is not reached soon.
