Immunefi Suspends Trust Security Amid Dispute Over Denied Bug Bounty Payment

DeFi Defi Security Security
Trust Security accused Immunefi of siding with a project that allegedly dismissed a critical vulnerability capable of enabling fund theft.
Last updated:
Author
Author
Ruholamin Haqshanas
About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Last updated:
Why Trust Cryptonews
For over a decade, Cryptonews has covered the cryptocurrency industry, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships.

Web3 bug bounty platform Immunefi has suspended white hat security firm Trust Security for 90 days following allegations of an unfairly denied bug bounty payment.

Trust Security accused Immunefi of siding with a project that allegedly dismissed a critical vulnerability capable of enabling fund theft.

The controversy began on November 12, when Trust Security disclosed on X that its team had discovered a critical theft-of-funds vulnerability on a forked mainnet of an undisclosed project.

Immunefi Concludes Reported Bug Fell Out of Scope

The vulnerability, shared with Immunefi, was intended to secure a bounty payment for the identification of a high-risk bug.

Immunefi, which mediates between ethical hackers and blockchain projects, concluded that the reported bug fell out of scope, rendering it ineligible for a full bounty.

Trust Security criticized the decision, claiming Immunefi backed the project’s “nonsense argument” and offered only a small “goodwill bounty” instead of the full payout.

Trust rejected the offer, citing concerns about transparency, as accepting it would legally prevent them from revealing the vulnerability’s details without the project’s approval.

Immunefi countered the accusations, asserting that its decision followed standard guidelines.

“The issue was out of scope according to our standard rules,” Immunefi stated, adding that the project’s goodwill offer was a generous gesture.

The platform defended its stance by suspending Trust Security for “mischaracterizing the issues” and warned of a permanent ban for any repeated violations.

Trust Security, however, accused Immunefi of prioritizing secrecy over Web3’s ethos of transparency and community-driven security.

“We’d rather expose the scam and warn hackers than take a few extra Ks in our pocket.”

Notably, in October, the Evmos blockchain paid a $150,000 reward to a researcher for identifying a critical vulnerability that could halt its operations.

Over $409 Million Lost to Crypto Hacks in Q3 2024

An estimated $409 million was stolen by crypto hackers in the third quarter of 2024, Immunefi revealed in a recent report.

Per the report, the quarter saw hacks account for 99.25% of total funds lost, while fraud represented just 0.75%. Fraud cases saw a notable decrease year over year, dropping by 86.4%.

This $409 million figure represents a 40% decrease from the same quarter in 2023, which recorded losses of over $685 million to hackers and fraudsters.

The report said that while DeFi saw a higher number of incidents, CeFi was responsible for more severe losses, with some individual attacks leading to hundreds of millions of dollars in stolen assets.

“We’re seeing a higher number of incidents targeting DeFi, while CeFi experiences fewer incidents but often with more severe consequences, with hundreds of millions in stolen funds in a single exploit,” said Mitchell Amador, Immunefi founder and CEO.

Amador further explained that private key management remains one of the biggest vulnerabilities in CeFi.

“It requires rigorous key management policies, practices, and emergency plans,” she added.

More Articles

Altcoin News
Hydra Founder Sentenced to Life in Prison by Russian Court for Running $5 Billion Crypto Black Market
Ruholamin Haqshanas
Ruholamin Haqshanas
2024-12-04 07:48:05
Blockchain News
‘Bitcoin Jesus’ Roger Ver Fights Tax Case, Claims Violation of Constitutional Rights
Shalini Nagarajan
Shalini Nagarajan
2024-12-04 07:00:49
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors