Web3 bug bounty platform Immunefi has temporarily suspended Trust Security, a white hat cybersecurity firm, for 90 days following allegations surrounding a denied bug bounty payment. Trust Security claims that Immunefi sided with a project that disregarded a critical vulnerability capable of fund theft, leading to the dispute.
The controversy emerged on November 12, when Trust Security disclosed via X that they had identified a severe vulnerability on a forked mainnet of an undisclosed project. This vulnerability, if left unpatched, could potentially enable the unauthorized extraction of funds.
Immunefi Rules Bug Was Out of Scope
Trust Security reported the vulnerability to Immunefi, aiming to receive a high-stakes bounty payment for identifying a significant security threat. However, Immunefi determined that the reported issue fell outside the eligible scope, thereby disqualifying it from a full bounty. Instead, the project offered a “goodwill bounty,” which Trust Security rejected due to concerns about transparency and disclosure rights.
Immunefi defended its decision, stating that it adhered to its standard guidelines and that the goodwill offer was a fair response. The platform added that it suspended Trust Security for “mischaracterizing the issues” and warned of possible permanent suspension if violations continue. Trust Security countered, alleging that Immunefi’s actions prioritized secrecy over Web3’s ethos of transparency.
“We would rather expose the scam and caution other hackers than take a goodwill payout,” Trust Security stated, signaling its commitment to community-driven security.
Rising Concerns Amid Increasing Hacks in Q3 2024
Immunefi’s Q3 2024 report revealed staggering losses, with $409 million stolen by hackers, marking a 40% drop from Q3 2023’s $685 million in losses. The report indicated that 99.25% of the quarter’s lost funds resulted from hacks, while fraud cases constituted only 0.75%, seeing an 86.4% year-over-year decline. DeFi platforms experienced a higher frequency of attacks, while CeFi (centralized finance) incidents, though less frequent, often led to greater monetary losses.
Mitchell Amador, Immunefi’s founder and CEO, highlighted the challenges of key management within CeFi, stating that comprehensive policies and emergency plans are essential for mitigating risks.
Stay updated on the latest in blockchain security at CentBit.Online, Bangladesh’s go-to source for crypto expertise and insights.
