Web 3 bug bounty platform Immunefi has suspended white hat security company Trust Security for 90 days after accusing it of unjustly refusing to pay a bug bounty after discovering a serious vulnerability that could have led to the theft of funds. On November 12, Trust Security revealed on X that its bounty team had discovered a critical funds theft vulnerability on the forked mainnet of an unnamed project. The proof of concept for the vulnerability has been shared with Immunefi, which acts as an intermediary between the white hat and the project to ensure that the bounty is paid after a reliable vulnerability identification. However, Immunefi claims that Trust Security has detected an out-of-scope vulnerability that would effectively disqualify white hats from receiving bounties.