Photo credit: Tima Miroshnichenko/Pexels
Bug bounty platform Immunefi has suspended TrustSEC, a cybersecurity firm specializing in blockchain security, amid an ongoing dispute regarding bounty payments.
Immunefi, which collaborates with major crypto projects to reward ethical hackers for uncovering vulnerabilities, confirmed the suspension following what it described as ongoing issues over TrustSEC’s payment demands.
Immunefi stated that the dispute escalated due to differences in the interpretation of bounty terms and compensation amounts, emphasizing that its suspension of TrustSEC was a measure taken to ensure clarity and uphold fair practices on the platform.
In a statement, Immunefi said, “Projects and whitehats have varying needs of confidentiality, and our publication policy ALWAYS allows whitehats to publish about an issue if Immunefi mediation disagrees with the project, so that projects can never abuse whitehats in the dark, period. As whitehats know, we regularly disagree with projects and whitehats–often on a daily basis–when we’re called in to mediate.”
The dispute has sparked broader discussions within the industry about the terms and transparency of bug bounty programs. TrustSEC, which has handled security evaluations for various blockchain projects, has not publicly responded to the suspension.
TrustSec in an X social media post stated, “We're going public because the shady, ultra-secretive behavior we're seeing from projects and some bounty platforms goes directly against the Web3 ethos and the white hat community. Instead of celebrating openness and transparency, white hats are divided and conquered, fighting their own battles for justice against well-funded parties and without public leverage.”
However, the case brings attention to the challenges faced by cybersecurity firms working in the rapidly evolving and highly competitive crypto sector, where ambiguity in bounty programs and interpretation of terms can lead to significant disagreements.
This dispute underscores the importance of clear guidelines and open communication in bug bounty frameworks to ensure disputes can be resolved effectively without damaging professional relationships.