Immunefi exposes Trust Security (TrustSec) due to a bug bounty dispute

• Immunefi has suspended Trust Security because it incorrectly presented a critical error report.
• Trust Security discovered a mistake in theft of funds, but refused to pay for the bounty.
• Trustsec rejected the goodwill offer from Immunefi and referred to transparency concerns in web3.

ImmuneFi, a leading web3 bug bounty platform, has a 90-day lock imposed after a critical error report.

The suspension follows a controversy that revolves around Trust Security's claim that a bug bounty was wrongly refused because a weak point was identified that could lead to the theft of funds.

The bug bounty dispute

On November 12, Trust Security turned to X (formerly Twitter) to reveal that his bounty team had discovered a serious weak point in a split Minain of an unidentified project.

recently the Bounty team from TrustSec has found another critical indication of an unauthorized theft of funds. Because of what we as malicious behavior of the project and in particular from considering @immunefi The project was not only possible, but also due to a dirty one ...

- trust (@trust__90) 12. November 2024

The error described as money theft was reported to Immunefi, which facilitates the mediation of error reports and bounty payments between white hackers and projects. However, the project in question argued that the discovered weak point was outside the area of ​​application and is not in question for a premium payment.

immuneefi joined the attitude of the project and dismissed the weak point in accordance with the defined rules than outside the scope.

Immunefi offered Trustsec a "goodwill premiums" instead of the full reward, but TrustSec refused on the grounds that the acceptance of the offer would prevent it from being disclosed without the approval of the project.

TrustSec also criticized Immunefi for the fact that it became involved in the “nonsense coffination” of the project and what it saw as an attempt to suppress transparency in the web3 ecosystem.

immuneefi, in turn, accused Trust of the situation and suspended the company for 90 days. The platform threatened a permanent ban if TrustSec continued to represent the problem incorrectly.

immuneefi defended his position and explained that the problem was actually outside the scope in accordance with its rules and that the project was generous to offer a bounty at all.

Our answer to the tweet of Trust:

- We would like to say it very clearly: Manipulative approaches like this one who is incorrectly presenting the upcoming problems are unethical and unacceptable. We will impose a 90-day lock. A third and last violation would result in a permanent lock.

-… https://t.co/lccgcbkvor

- immunefi (@immunefi) 12. November 2024

Trust Security emphasized the importance of openness and transparency within the web3 community and accused both of the underlying project and immuneefi to apply excessive secret practices that are contradicting the principles of White-Hat community.

The dispute has triggered a debate among community members, with some of the decision of Immunefi in question to impose a suspension instead of participating in a constructive dialogue.