Immunefi suspends TrustSec amid bug bounty dispute
Web3 bug bounty platform Immunefi issued a 90-day suspension on white hat security firm Trust Security. The decision was made after the latter accused Immunefi of unjust denial of bug bounty payment for discovering a critical bug that could potentially lead to the theft of funds.
On Nov. 12, Trust Security revealed on X that its bounty team identified a critical theft-of-funds vulnerability on a forked mainnet of an unidentified project.
The proof-of-concept of the vulnerability was shared with Immunefi, which acts as a mediator between the white hats and projects to ensure bounty payments are made on credible bug identifications.
Critical bug dismissed as “out of scope” report
However, the project claimed that Trust Security detected an out-of-scope bug, which would effectively disqualify the white hats from earning bounty rewards.
Source: Trust
According to Trust, Immunefi wrongly sided with the project’s “nonsense argument” and offered a “tiny goodwill bounty” instead of the full reward for identifying critical bugs.
Immunefi threatens a permanent ban on TrustSec
Immunefi rebutted Trust’s claims of unjust payout and issued a 90-day suspension for “mischaracterizing the issues at hand.” The bug bounty platform also threatened to permanently ban Trust if it repeated the infraction.
Source: Immunefi
Immunefi stood firm in supporting the project:
“In this case, we agreed with the project because the issue was absolutely out of scope according to our standard rules. The project was generous to offer a bounty at all.”
However, Trust rejected the goodwill bounty as accepting it would legally prevent them from publishing the details without approval, adding, “We rather expose the scam and warn hackers than having a few extra Ks in our pocket.”
Related: Near patches critical bug that could crash every node on the network
Additionally, Trust urged for greater transparency and openness:
“We’re going public because the shady, ultra-secretive behavior we’re seeing from projects and some bounty platforms goes directly against the Web3 ethos and the white hat community.”
Some crypto community members on X questioned Immunefi’s decision to impose a ban on Trust instead of engaging in a constructive dialogue.
Immunefi did not respond to Cointelegraph’s request for comment.
In October, EvmosBlockchainn paid a $150,000 bounty reward to a security researcher who identified a critical bug by reading the Cosmos Network documentation.
Evmos bug bounty payout system. Source: Evmos
According to the pseudonymous Spearbit security researcher jayjonah.eth, the critical bug could have halted the Evmos blockchain and all decentralized applications built on it.
Magazine: Real life yield farming: How tokenization is transforming lives in Africa
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
U.S. money market fund assets exceed $7 trillion for the first time
SEC Chairman Gary Gensler Makes Final Lobbying Call for US Crypto Regulation
SOL falls below $210