Immunefi suspends Trust Security (TrustSec) amid bug bounty dispute

The post Immunefi suspends Trust Security (TrustSec) amid bug bounty dispute appeared on BitcoinEthereumNews.com.

Immunefi has suspended Trust Security for mischaracterizing a critical bug report. Trust Security discovered a theft-of-funds bug but was denied a full bounty payout. TrustSec rejected Immunefi’s goodwill offer, citing transparency concerns in Web3. Immunefi, a leading Web3 bug bounty platform, has imposed a 90-day suspension on Trust Security, a white-hat security firm, following a dispute over a critical bug report. The suspension follows a controversy that centres around Trust Security’s claims of an unjust denial of a bug bounty for identifying a vulnerability that could lead to the theft of funds. The bug bounty dispute On November 12, Trust Security took to X (formerly Twitter) to reveal that its bounty team had discovered a serious vulnerability in a forked mainnet of an unidentified project. Recently the bounty team at TrustSec found another critical leading to live unauthenticated theft of funds. Due to what we consider malicious behavior of the project and especially of @immunefi , not only did the project get away without paying the bounty, but due to a dirty… — Trust (@trust__90) November 12, 2024 The bug, described as a theft-of-funds issue, was reported to Immunefi, which facilitates the mediation of bug reports and bounty payments between white-hat hackers and projects. However, the project in question argued that the discovered vulnerability was out of scope and not eligible for a bounty payout. Immunefi sided with the project’s stance, dismissing the vulnerability as out of scope according to its established rules. Immunefi offered TrustSec a “goodwill bounty” instead of the full reward, but TrustSec rejected it, arguing that accepting the offer would prevent them from disclosing the bug’s details without the project’s approval. TrustSec further criticized Immunefi for siding with the project’s “nonsense argument” and for what it perceived as an attempt to suppress transparency in the Web3…

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ November 13, 2024 9:28 am