Close Menu
    Blockchain

    Bug bounty platform Immunefi suspends Trust Security for 90 days amid dispute over unpaid bounty claims

    By No Comments3 Mins Read

    30s Summary

    Immunefi, a bug bounty platform for Web3, has suspended white hat security company Trust Security for 90 days over a dispute about a bug bounty. Trust Security accused Immunefi of not paying a full bounty for finding a severe bug, which they claim could have led to theft. Immunefi defended its decision, stating that the bug was outside of the accepted scope and that Trust Security was not entitled to a full bounty payout. Trust Security rejected the reduced bounty and accused Immunefi of secretiveness, arguing this was against the spirit of Web3 and the white hat community.

    Full Article

    Immunefi, which is a bug bounty platform for Web3, has put Trust Security, a white hat security company, on a 90-day suspension. This was in response to Trust Security accusing Immunefi of refusing to pay them a bug bounty for finding a very serious bug that could have resulted in theft.

    Back on November 12, Trust Security announced through a post that their team found a bug that could lead to theft in a mainnet they wouldn’t disclose the name of. They shared evidence of the bug with Immunefi, who then mediates between these finders (white hats) and the projects, ensuring they get paid when they find these bugs.

    The project, however, claimed that Trust Security found a bug that didn’t fall within the acceptable range, making them ineligible to receive a bounty reward. Trust Security strongly disagreed, claiming that Immunefi sided with the project and ended up offering a mere courtesy bounty, very different from the full reward they would’ve received for finding such a serious bug.

    In response, Immunefi denied being unfair in their payment and decided to suspend Trust Security for a period of 90 days for false claims against them. They also warned Trust Security that they might potentially ban them permanently if similar claims reoccur.

    Immunefi stood behind its support of the project, explaining that the issue was indeed outside the acceptable scope and that the project was even generous to offer a bounty. Trust Security, however, turned down the courtesy bounty as accepting it would mean that they cannot publish the details of the bug they found without prior approval. They said they would rather expose this foul play and inform other hackers than accept a few extra bucks.

    Trust Security is also pushing for more transparency and honesty, citing that the secretive behavior of such projects counteracts the spirit of Web3 and the white hat community. Many members of the crypto community are questioning Immunefi’s decision to suspend Trust Security rather than have a productive conversation about the issue. Immunefi didn’t respond to any requests for comments.

    In another situation in October, a security researcher got a hefty $150,000 bounty reward from Evmos blockchain after they found a serious bug in the Cosmos Network. The researcher said the bug could stop the Evmos blockchain and all decentralized applications built on it.

    Related Posts