I need to expose the most disappointing experience I’ve ever had as a whitehat. Immunefi | Token2049, the “#1 bug bounty platform,” and Mountain Protocol literally scammed me. I’ll share everything + screenshots proving how they lied, broke promises, and banned me. Read until the end 🧵

So the reality is: 🚨 Mountain Protocol scams → Immunefi helps them escape. 🚨 Whitehat follows the rules → Immunefi bans him. I never thought I’d say this, but Immunefi literally scammed me. Screenshots attached. Evidence doesn’t lie.

Would have exploited it rather than reporting it 🥲 JK, still it’s very bad and ruining the credibility of Immunefi. Earlier ppl used to promote their projects saying that they have a bounty on Immunefi and now this 🤷‍♂️

Happy to see SHERLOCK getting audit contests. It is the best platform for researchers as well for clients.

Tim Immunefi 5. I don't expect the same from Immunefi but a noob today could be a skilled one tomorrow. And in business, you should treat people with gratitude even when you wanna end a relationship for good reasons.

Tori So sorry.. 😩😩 If you still have airdrops pending to unlock, ask me and consult me ​​by DM, I have almost the same tools as the scammers but I use them to recover people's money, I am one of the good ones, do not hesitate to contact me and remember that I will never, never,

Sherlock has the most rigid and well-defined criteria for bounty submissions out of all platforms. But it seems when their AI finds a live issue, it's legit to throw all the definitions out the window for a marketing stunt. What they call "reserve drain" is stealing 1 wei

Trust I guess they will be changing the bounty rules soon lol

Jack Sanford 🛡️ I think that Sherlock should not be publishing this kind of "reports" without explicit consent from the protocols. This is not how whitehats do things. On top of that there are many fishy points. I celebrate AI helping projects, but we have to do it right.

MegaETH That's actually quite concerning. An audit done by a tier 1 company on such a big codebase should never result in 0 findings.