Trust Security accused Immunefi of supporting a project that purportedly disregarded a critical vulnerability that could facilitate fund theft.
White hat security firm Trust Security has been suspended by web3 bug bounty platform Immunefi for a period of 90 days in response to allegations that a bug bounty payment was unjustly denied.
Trust Security accused Immunefi of supporting a project that purportedly disregarded a critical vulnerability that could facilitate fund theft.
On November 12, Trust Security disclosed on X that its team had identified a critical theft-of-funds vulnerability on a forked mainnet of an undisclosed project, which sparked a controversy.
The purpose of disclosing the vulnerability to Immunefi was to secure a bounty payment for the discovery of a high-risk flaw.
Immunefi, a mediator between ethical hackers and blockchain projects, determined that the reported flaw was not within the scope of the project, thereby disqualifying it from receiving a full bounty.
Trust Security criticized the decision, stating that Immunefi supported the project’s “false argument” and provided only a modest “goodwill bounty” in lieu of the full compensation.
Trust declined the offer, citing concerns regarding transparency, as the acceptance of the offer would constitutionally prevent them from disclosing the vulnerability’s specifics without the project’s approval.
Immunefi denied the allegations, claiming that its decision was in accordance with established standards. Immunefi reiterated that the project’s generosity offer was a generous gesture, as the issue was outside the scope of our standard regulations.
The platform defended its position by suspending Trust Security for “mischaracterizing the issues” and issued a warning of a permanent prohibition for any subsequent violations.
Meanwhile, Trust Security said Immunefi put privacy ahead of Web3’s values of openness and community-driven security.
In October, the Evmos blockchain awarded a researcher a $150,000 reward for identifying a critical vulnerability that could have disrupted its operations. This is particularly noteworthy.
In a recent report, Immunefi disclosed that crypto hackers seized an estimated $409 million during the third quarter of 2024.
Hacks accounted for 99.25% of the total funds lost during the quarter, according to the report, while fraud accounted for only 0.75%. Year over year, fraud cases experienced a substantial decline, with a decline of 86.4%.
Compared to the same quarter in 2023, which saw losses of over $685 million to hackers and fraudsters, this $409 million figure represents a 40% decrease.
The report stated that DeFi experienced a greater number of incidents, whereas CeFi was responsible for more severe losses. Some individual assaults resulted in the theft of hundreds of millions of dollars in assets.
Founder and CEO of Immunefi, Mitchell Amador, stated, “We are observing an increase in the number of incidents targeting DeFi, whereas CeFi experiences fewer incidents but frequently with more severe consequences, such as the theft of hundreds of millions of dollars in a single exploit.”
Amador also clarified that private key management continues to be one of the most significant vulnerabilities in CeFi.
She also stated that it necessitates the implementation of stringent key management policies, procedures, and emergency plans.
