ImmunFi, a company specializing in identifying vulnerabilities in Web3 projects, has . This decision was made due to a dispute over compensation for a critical vulnerability that was discovered.
On November 12, the Trust Security team on the social network X* about finding a critical vulnerability in the main network of an unnamed project. They provided evidence of the vulnerability to the Immunefi platform, which acts as an intermediary between security researchers and projects to ensure fair payments.
However, the project where the vulnerability was found claimed that the issue was “outside the framework” of the agreement, leading to Trust Security being denied proper compensation. Immunefi allegedly supported the project’s stance and offered symbolic compensation instead of full payment for the critical vulnerability.
In response to public criticism, Immunefi temporarily suspended Trust Security for 90 days for allegedly distorting the problem. The platform warned of permanent suspension if a similar violation occurs again.
Immunfi defended its decision, stating that the problem was outside the scope of testing according to their rules and that the project had offered a reward. Trust Security refused the symbolic compensation, emphasizing their commitment to exposing fraud and protecting users.
Immunfi told Cointelegraph that they do not consider Trust Security’s finding as a full-fledged vulnerability, as it requires user error or physical access to execute an attack. Trust Security called for more transparency in the Web3 community to ensure ethical behavior.
Some members of the crypto community criticized Immunefi’s decision to suspend Trust Security instead of engaging in constructive dialogue. This incident highlights the challenges of navigating compensation and ethical standards in the world of Web3 projects.
*Please note that the social network mentioned in the article is prohibited in the Russian Federation.