{"id":41267,"date":"2024-11-13T09:48:39","date_gmt":"2024-11-13T09:48:39","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/immunefi-suspends-trust-security-trustsec-amid-bug-bounty-dispute\/"},"modified":"2024-11-13T09:48:39","modified_gmt":"2024-11-13T09:48:39","slug":"immunefi-suspends-trust-security-trustsec-amid-bug-bounty-dispute","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/immunefi-suspends-trust-security-trustsec-amid-bug-bounty-dispute\/","title":{"rendered":"Immunefi suspends Trust Security (TrustSec) amid bug bounty dispute"},"content":{"rendered":"<p><b>(Originally posted on : CoinJournal: Latest Crypto News, Altcoin News and Cryptocurrency Comparison )<\/b><br \/>\n<\/p>\n<div data-site=\"CoinJournal\">\n<div class=\"post-article-image  -mt-24  mb-8  lg:-mt-32  rounded  overflow-hidden\" data-site=\"CoinJournal\">\n<picture><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2024\/11\/Immunefi-suspends-Trust-Security-smartcrop-750x375.webp\" type=\"image\/webp\" media=\"(min-width: 750px)\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2024\/11\/Immunefi-suspends-Trust-Security-smartcrop-363x181.webp\" type=\"image\/webp\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2024\/11\/Immunefi-suspends-Trust-Security-smartcrop-750x375.jpg\" type=\"image\/jpeg\" media=\"(min-width: 750px)\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2024\/11\/Immunefi-suspends-Trust-Security-smartcrop-363x181.jpg\" type=\"image\/jpeg\"\/>\n<\/picture>                    <\/div>\n<ul>\n<li>Immunefi has suspended Trust Security for mischaracterizing a critical bug report.<\/li>\n<li>Trust Security discovered a theft-of-funds bug but was denied a full bounty payout.<\/li>\n<li>TrustSec rejected Immunefi\u2019s goodwill offer, citing transparency concerns in Web3.<\/li>\n<\/ul>\n<p>Immunefi, a leading Web3 bug bounty platform, has imposed a 90-day suspension on Trust Security, a white-hat security firm, following a dispute over a critical bug report.<\/p>\n<p>The suspension follows a controversy that centres around Trust Security\u2019s claims of an unjust denial of a bug bounty for identifying a vulnerability that could lead to the theft of funds.<\/p>\n<h2>The bug bounty dispute<\/h2>\n<p>On November 12, Trust Security took to X (formerly Twitter) to reveal that its bounty team had discovered a serious vulnerability in a forked mainnet of an unidentified project.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Recently the bounty team at TrustSec found another critical leading to live unauthenticated theft of funds. Due to what we consider malicious behavior of the project and especially of <a href=\"https:\/\/twitter.com\/immunefi?ref_src=twsrc%5Etfw\">@immunefi<\/a> , not only did the project get away without paying the bounty, but due to a dirty\u2026<\/p>\n<p>\u2014 Trust (@trust__90) <a href=\"https:\/\/twitter.com\/trust__90\/status\/1856356982766063847?ref_src=twsrc%5Etfw\">November 12, 2024<\/a><\/p>\n<\/blockquote>\n<p>The bug, described as a theft-of-funds issue, was reported to Immunefi, which facilitates the mediation of bug reports and bounty payments between white-hat hackers and projects. However, the project in question argued that the discovered vulnerability was out of scope and not eligible for a bounty payout.<\/p>\n<p>Immunefi sided with the project\u2019s stance, dismissing the vulnerability as out of scope according to its established rules.<\/p>\n<p>Immunefi offered TrustSec a \u201cgoodwill bounty\u201d instead of the full reward, but TrustSec rejected it, arguing that accepting the offer would prevent them from disclosing the bug\u2019s details without the project\u2019s approval.<\/p>\n<p>TrustSec further criticized Immunefi for siding with the project\u2019s \u201cnonsense argument\u201d and for what it perceived as an attempt to suppress transparency in the <a href=\"https:\/\/coinjournal.net\/news\/tag\/web3\/\">Web3 ecosystem<\/a>.<\/p>\n<p>Immunefi, in turn, accused Trust of mischaracterizing the situation and suspended the firm for 90 days. The platform threatened a permanent ban if TrustSec continued to misrepresent the issue.<\/p>\n<p>Immunefi defended its position, stating that the issue was, indeed, out of scope according to its rules and that the project was generous in offering any bounty at all.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Our response to Trust\u2019s tweet:<\/p>\n<p>\u2013 We want to be crystal clear: manipulative approaches like this that mischaracterize the issues at hand are unethical and unacceptable. We will be issuing a 90-day suspension. A third and final infraction would result in a permanent ban.<\/p>\n<p>-\u2026 <a href=\"https:\/\/t.co\/LcCGcBKvOr\">https:\/\/t.co\/LcCGcBKvOr<\/a><\/p>\n<p>\u2014 Immunefi (@immunefi) <a href=\"https:\/\/twitter.com\/immunefi\/status\/1856400499156594823?ref_src=twsrc%5Etfw\">November 12, 2024<\/a><\/p>\n<\/blockquote>\n<p>Trust Security, however, emphasized the importance of openness and transparency within the Web3 community, accusing both the underlying project and Immunefi of adopting overly secretive practices that conflict with the principles of the white-hat community.<\/p>\n<p>The dispute has sparked debate among community members, with some questioning Immunefi\u2019s decision to impose a suspension rather than engage in constructive dialogue.<\/p>\n<div class=\"post-meta\">\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Share this article<\/h6>\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Categories<\/h6>\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Tags<\/h6>\n<\/p><\/div>\n<\/p><\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><a href=\"https:\/\/coinjournal.net\/news\/immunefi-suspends-trust-security-trustsec-amid-bug-bounty-dispute\/\">Source link <\/a><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Originally posted on : CoinJournal: Latest Crypto News, Altcoin News and Cryptocurrency Comparison ) Immunefi has suspended Trust Security for mischaracterizing a critical bug report. Trust Security discovered a theft-of-funds bug but was denied a full bounty payout. TrustSec rejected Immunefi\u2019s goodwill offer, citing transparency concerns in Web3. Immunefi, a leading Web3 bug bounty platform, [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":41268,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[35],"tags":[],"_links":{"self":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/41267"}],"collection":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/comments?post=41267"}],"version-history":[{"count":0,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/41267\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media\/41268"}],"wp:attachment":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media?parent=41267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/categories?post=41267"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/tags?post=41267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}