- Immunefi suspended Belief Safety for mischaracterizing a important bug report.
- Belief Safety found the funds theft bug, however refused to pay the complete bounty.
- TrustSec rejected Immunefi's good religion supply, citing considerations about transparency in Web3.
Immunefi, a number one Web3 bug bounty platform, has imposed a 90-day suspension on white hat safety agency Belief Safety following a dispute over a important bug report.
The suspension adopted an argument centered on Belief Safety's claims that it was unfairly denied a bug bounty for figuring out vulnerabilities that might result in the theft of funds.
Bug bounty controversy
On November 12, Belief Safety revealed to X (previously Twitter) that its bounty group found a important vulnerability within the forked mainnet of an unidentified undertaking.
Just lately, TrustSec's bounty group found one other vital incident that resulted within the theft of illicit funds. undertaking, particularly @immunefi the undertaking not solely bought away with not paying the bounty, but in addition due to the soiled deeds…
— Belief (@trust__90) November 12, 2024
This bug was described as a fund theft situation and reported to Immunefi. Immunefi facilitates bug reporting and bounty funds between white hat hackers and tasks. Nevertheless, the undertaking in query argued that the found vulnerabilities weren’t coated and wouldn’t be eligible for bounty funds.
Immunefi supported the undertaking's place and dismissed the vulnerability as not coated in accordance with established guidelines.
Immunefi provided TrustSec a “goodwill bounty” as a substitute of the complete price, however TrustSec rejected the supply, arguing that accepting the supply would forestall it from disclosing particulars of the bug with out the undertaking's approval. .
TrustSec additionally criticized Immunefi for supporting the undertaking's “nonsense arguments” and for what it deemed to be an try to stifle transparency within the Web3 ecosystem.
In the meantime, Imnefi accused Belief of misrepresenting the state of affairs and suspended the corporate for 90 days. The platform threatened to completely ban TrustSec if it continued to falsely report on the problem.
Immunefi defended its place, saying that the problem was certainly exterior the scope of its laws and that the undertaking was prepared to supply any incentives.
Our response to the Belief's tweet is under.
– We need to be clear: such a manipulative method that mischaracterizes the problem at hand is unethical and unacceptable. We’ll droop enterprise for 90 days. The third and closing violation will end in a everlasting ban.
-… https://t.co/LcCGcBKvOr
— Imunefi (@immunefi) November 12, 2024
Nevertheless, Belief Safety emphasizes the significance of openness and transparency inside the Web3 group, stating that each the underlying undertaking and Immunefi have adopted overly secretive practices that go towards the ideas of a white-hat group. I accused him of being there.
The controversy has sparked debate amongst group members, with some questioning Immunefi's determination to impose a moratorium with out partaking in constructive dialogue.
(Tag translation) Market