Immunefi Suspends Trust Security Amid Dispute Over Denied Bug Bounty Payment
Web3 bug bounty platform Immunefi has suspended white hat security firm Trust Security for 90 days following allegations of an unfairly denied bug bounty payment.
Trust Security accused Immunefi of siding with a project that allegedly dismissed a critical vulnerability capable of enabling fund theft.
The controversy began on November 12, when Trust Security disclosed on X that its team had discovered a critical theft-of-funds vulnerability on a forked mainnet of an undisclosed project.
Immunefi Concludes Reported Bug Fell Out of Scope
The vulnerability, shared with Immunefi, was intended to secure a bounty payment for the identification of a high-risk bug.
Immunefi, which mediates between ethical hackers and blockchain projects, concluded that the reported bug fell out of scope, rendering it ineligible for a full bounty.
Trust Security criticized the decision, claiming Immunefi backed the project’s “nonsense argument” and offered only a small “goodwill bounty” instead of the full payout.
Trust rejected the offer, citing concerns about transparency, as accepting it would legally prevent them from revealing the vulnerability’s details without the project’s approval.
Immunefi countered the accusations, asserting that its decision followed standard guidelines.
“The issue was out of scope according to our standard rules,” Immunefi stated, adding that the project’s goodwill offer was a generous gesture.
The platform defended its stance by suspending Trust Security for “mischaracterizing the issues” and warned of a permanent ban for any repeated violations.
Trust Security, however, accused Immunefi of prioritizing secrecy over Web3’s ethos of transparency and community-driven security.
“We’d rather expose the scam and warn hackers than take a few extra Ks in our pocket.”
Notably, in October, the Evmos blockchain paid a $150,000 reward to a researcher for identifying a critical vulnerability that could halt its operations.
Over $409 Million Lost to Crypto Hacks in Q3 2024
An estimated $409 million was stolen by crypto hackers in the third quarter of 2024, Immunefi revealed in a recent report.
Per the report, the quarter saw hacks account for 99.25% of total funds lost, while fraud represented just 0.75%. Fraud cases saw a notable decrease year over year, dropping by 86.4%.
This $409 million figure represents a 40% decrease from the same quarter in 2023, which recorded losses of over $685 million to hackers and fraudsters.
The report said that while DeFi saw a higher number of incidents, CeFi was responsible for more severe losses, with some individual attacks leading to hundreds of millions of dollars in stolen assets.
“We’re seeing a higher number of incidents targeting DeFi, while CeFi experiences fewer incidents but often with more severe consequences, with hundreds of millions in stolen funds in a single exploit,” said Mitchell Amador, Immunefi founder and CEO.
Amador further explained that private key management remains one of the biggest vulnerabilities in CeFi.
“It requires rigorous key management policies, practices, and emergency plans,” she added.
- How Tether Co-Founder William Quigley Views Crypto Regulations in Trump’s Second Term
- Trump Appoints PayPal Veteran David Sacks as ‘White House AI and Crypto Czar’
- ChatGPT Predicts the Price of XRP, Pi Coin, and Dogecoin by the End of 2025
- XRP Price Prediction 18 July, 2025: As XRP Open Interest Hits $10B – Is Ripple Going to $4 Today?
- XRP Price Prediction: NYSE Approves First 2x XRP ETF – Is $1,000 XRP Now in Play?
Why Trust Cryptonews
- How Tether Co-Founder William Quigley Views Crypto Regulations in Trump’s Second Term
- Trump Appoints PayPal Veteran David Sacks as ‘White House AI and Crypto Czar’
- ChatGPT Predicts the Price of XRP, Pi Coin, and Dogecoin by the End of 2025
- XRP Price Prediction 18 July, 2025: As XRP Open Interest Hits $10B – Is Ripple Going to $4 Today?
- XRP Price Prediction: NYSE Approves First 2x XRP ETF – Is $1,000 XRP Now in Play?
More Articles
in numbers
