Web3 bug bounty platform Immunefi has issued a 90-day suspension on the white hat security firm Trust Security. The decision was made after the latter accused Immunefi of unjust denial of a bug bounty payment for discovering a critical bug.
Critical bug dismissed as “out of scope” report
On Nov. 12, Trust Security revealed on X that its team identified a critical theft-of-funds vulnerability on a forked mainnet of an unnamed project. The proof-of-concept of the vulnerability was shared with Immunefi, which acts as a mediator between the white hats and projects to ensure bounty payments are made on credible bug identifications. However, the project claimed that the vulnerability was out of scope, disqualifying the white hats from earning bounty rewards. Trust Security claims Immunefi wrongly sided with the project and offered only a 'tiny goodwill bounty' instead of the full reward.
Immunefi threatens a permanent ban on TrustSec
Immunefi refuted Trust’s claims of unjust payout and issued a 90-day suspension for 'mischaracterizing the issues at hand.' The platform also threatened a permanent ban if the infraction recurred. Immunefi stood firm by the project's side, suggesting the issue was indeed out of scope according to their standard rules.
Public reaction and context
Crypto community members on X question Immunefi’s decision to impose a ban on Trust instead of engaging in constructive dialogue. Trust Security calls for increased transparency and openness between projects and bounty platforms. Immunefi did not respond to requests for comment. Meanwhile, in October 2023, Evmos blockchain paid a $150,000 bounty reward for identifying a critical bug.
The situation between Immunefi and Trust Security raises questions about dispute resolution processes between platforms and white hat hackers in the Web3 space. The crypto community is keenly observing the developments, calling for increased transparency and fairness in such interactions.
