Aave and CoW Release Opposing Analysis Reports on the $50 Million Slippage Incident

On March 16, white-hat hacker f4lc0n disclosed a **critical** vulnerability in the Injective Protocol that could let an attacker siphon over $500 million in assets directly from the chain. However, the project team only offered a $50,000 reward—far below the $500,000 cap for critical flaws in their bug bounty program. f4lc0n stated the flaw allowed any user to drain any account on the chain without special permissions. After submitting the report via Immunefi, the Injective team launched a mainnet upgrade vote to fix the vulnerability the next day but then went **radio silent** for three months. Currently, f4lc0n has disputed the reward amount and noted the $50,000 hasn’t been paid either. He announced he’ll allocate 10% of future bug bounty earnings to keep publicly addressing this issue until Injective pays the reward per their stated standards.

**March 16 Update** Per Coinbob Popular Address Monitor (https://t.me/Coinbob_track_CN), the "ETH Whale Master" address (0xa5b0) has seen total long position profits rise to $1.6 million, with total position value now at $203 million. This address is currently the largest BTC and ETH long holder on Hyperliquid. Its ETH long was initiated on Feb. 9 and remains open since Feb. 15, reflecting a bullish stance. Key positions include: - 15x ETH Long: ~70,000 ETH (valued at ~$152M), average entry price $1,991, $13M in profits (128% return) - 20x BTC Long: ~700 BTC (valued at ~$50.8M), average entry price $68,420, $2.93M in profits (114% return) The whale previously built a $1B+ ETH long position late last year, fully closing it in February. It has recently resumed position building and received repeated fund transfers from Matrixport, suggesting a potential associated address.

On March 16, per monitoring data from HyperInsight (https://t.me/HyperInsight), the 24-hour trading volume of CL (WTI Crude Oil Perpetual Contract) on Hyperliquid exceeded $400 million—second only to BTC’s $15.7 billion and ETH’s $8.1 billion, and double the $200 million volume of SOL contracts. Additionally, BRENTOIL (Brent Crude Oil Perpetual Contract) topped $147 million, with total crude oil contract volume hitting over $550 million in the past day. Elsewhere on the platform: XYZ100 (Nasdaq 100 Perpetual Contract) logged $130 million in volume (7th place); SILVER (Silver Perpetual Contract) saw $113 million (8th); and GOLD (Gold Perpetual Contract) reached $48 million (11th).

March 16 — Per OnchainLens monitoring, wallet address **0x7a7** is linked to a CAKE/THE liquidation event on Venus Protocol, having received 7,447 ETH (valued at $16.29 million) from Tornado Cash. The attacker used the ETH as collateral to borrow $9.92 million in stablecoins on Aave. After accumulating THE tokens, they likely manipulated their price on a centralized exchange (CEX). Subsequently, the attacker deposited 36.1 million THE into Venus and borrowed assets including BTC, BNB, and CAKE. Roughly 40 minutes later, a sharp drop in THE triggered liquidation. As a result: - Venus incurred $2.15 million in bad debt; - The attacker siphoned ~$5.07 million in assets; - Their actual profit may stem from short positions on a CEX during the crash.

March 16 — Per HTX market data, the Bittensor ecosystem’s subnet projects have seen notable surges recently. Bittensor (TAO) has continued climbing since its Upbit listing late last month, hitting a new high of $293.8 this morning — up over 46% since the start of March. Key subnets have posted strong weekly gains: - Chutes: +40.1% week-over-week, currently trading at $25.1 - τemplar: Surged 194% in the past 7 days, now at $19.3 - TARGON: Gained 60.3% week-to-date, priced at $13.25 - affine: Risen 42.7% over the week, trading at $21.3 Bittensor subnets are core to the network, with each operating as an independent, incentive-driven “micro AI economy” focused on creating specific AI-related digital assets. Post the Dynamic TAO (dTAO) upgrade, every subnet has its own native token.

**March 16 — ByteDance has put its global rollout of the AI video generator Seedance 2.0 on hold following copyright disputes with major Hollywood studios and streaming platforms, per The Information.** Last month, multiple U.S. studios—including Disney—sent legal threats. ByteDance noted it would take steps to stop unauthorized use of Seedance 2.0 from infringing intellectual property. Disney specifically sent a cease-and-desist letter to ByteDance, alleging the company trained and powered Seedance 2.0 on Disney characters without authorization. The studio claimed ByteDance loaded the model with a pirated library of copyrighted characters from franchises like *Star Wars* and Marvel, passing them off as public domain content. ByteDance had initially planned to launch Seedance 2.0 globally in mid-March, but those plans are now on hold. The company’s legal team is investigating potential legal issues, while engineers are adding extra safeguards to prevent the model from generati