As a seasoned researcher with years of experience in the crypto space, I find myself increasingly concerned about the state of security and transparency within our industry. The recent 90-day suspension of Trust Security by Immunefi is a troubling development that highlights the need for greater accountability and fairness in bug bounty programs.
Suspension Announcement: Immunefi, a platform for Web3 bug bounties, has temporarily suspended Trust Security for 90 days. This action was taken following accusations by Trust Security that Immunefi unfairly withheld payment for a critical bug they found, which could potentially result in the loss of funds.
On November 12th, Trust Security disclosed on X platform that their bounty team discovered a significant security flaw (theft-of-funds vulnerability) in the main network of an undisclosed project’s fork.
The proof-of-concept of the vulnerability was shared with Immunefi, which acts as a mediator between the white hats and projects to ensure bounty payments are made on credible bug identifications.
Critical bug dismissed as “out of scope” report
As a crypto investor, I found myself in a situation where the project asserted that a bug, deemed out of scope by Trust Security, had been discovered. This meant that the ethical hackers, or ‘white hats’, would miss out on their reward bounties because the bug didn’t fit within the defined parameters for earning rewards.
As per reports from Trust, Immunefi appears to have erred by supporting the “spurious reasoning” of the project and providing a minimal “gesture of kindness” as a bounty, rather than the complete reward for uncovering crucial flaws.
Immunefi threatens a permanent ban on TrustSec
Immunefi contested Trust’s assertions about unfair compensation and imposed a 90-day suspension on them, stating that they had misrepresented the matters in question. Moreover, Immunefi warned Trust that continued repetition of this offense could lead to a permanent ban from the bug bounty platform.
Immunefi stood firm in supporting the project:
“In this case, we agreed with the project because the issue was absolutely out of scope according to our standard rules. The project was generous to offer a bounty at all.”
In my analysis, I found that they declined the goodwill gesture since accepting it would have restricted them from disclosing the details without prior consent. To put it simply, they chose to unmask the fraudulent activity and issue warnings rather than gaining a few additional thousands for themselves.
Additionally, Trust urged for greater transparency and openness:
“We’re going public because the shady, ultra-secretive behavior we’re seeing from projects and some bounty platforms goes directly against the Web3 ethos and the white hat community.”
Members within the cryptocurrency community on platform X have expressed concern over Immunefi’s choice to impose a ban on Trust, rather than fostering a productive conversation instead.
Immunefi did not respond to CryptoMoon’s request for comment.
In October, a security researcher was awarded a $150,000 bounty by EvmosBlockchain for discovering a crucial flaw in their system after carefully studying the Cosmos Network’s documentation.
As per the anonymous cybersecurity analyst known as Spearbit (jayjonah.eth), this significant flaw potentially could have caused a stoppage in the functioning of the Evmos blockchain, as well as all the decentralized apps constructed upon it.
Read More
- SEI PREDICTION. SEI cryptocurrency
- HBAR PREDICTION. HBAR cryptocurrency
- GBP EUR PREDICTION
- CNY RUB PREDICTION
- Rumoured The Elder Scrolls 4: Oblivion Remake Dev is Working on an “Unannounced Unreal Engine 5 Remake”
- INJ PREDICTION. INJ cryptocurrency
- TRB PREDICTION. TRB cryptocurrency
- The DCU Is Better Off Without More Batman Movies for Awhile
- HOOK PREDICTION. HOOK cryptocurrency
- Nosferatu Director Explains Orlok’s Impressive Mustache (And It Makes Sense)
2024-11-13 11:16