Originally published on: November 13, 2024
Immunefi recently made headlines after suspending white hat security firm Trust Security amid a bug bounty dispute. The controversy arose when Trust Security claimed that Immunefi unfairly denied a bug bounty payment for uncovering a critical vulnerability that posed a risk of fund theft.
On November 12, Trust Security disclosed that its team had identified a significant theft-of-funds vulnerability on a forked mainnet of a project, but Immunefi contested the bug’s scope, leading to disagreement over the reward payout.
Trust Security accused Immunefi of siding with the project and downplaying the severity of the bug, offering only a small “goodwill bounty” instead of the full reward for their discovery. In response, Immunefi issued a 90-day suspension to Trust Security on the grounds of mischaracterizing the situation and threatened a permanent ban for future violations.
In a statement to Cointelegraph, an Immunefi spokesperson defended their decision, stating that Trust didn’t comply with Responsible Publication guidelines. Trust, however, rejected the offer, preferring to expose the issue rather than compromise their ability to share details publicly.
The debate highlights the complexities of bug bounty programs and the challenges faced by white hat security firms like Trust Security. As the crypto community weighs in on the issue, questions regarding transparency, fairness, and dialogue between platforms, projects, and security researchers continue to arise.
This incident serves as a reminder of the importance of communication and collaboration in the blockchain space, especially when it comes to identifying and addressing critical vulnerabilities. Stay tuned for updates on this developing story.
