In a significant move to enhance online security in the cryptocurrency domain, the nonprofit security organization SEAL has launched a new real-time phishing defense network. This initiative emerged on October 22, 2025, resulting from a collaborative effort with notable entities such as MetaMask, WalletConnect, Backpack, and Phantom.
This defensive coalition introduces the innovative Verifiable Phishing Reports technology, allowing users to submit authentic, cryptographically verified evidence of phishing sites. This approach effectively reduces the manual review bottleneck typically exploited by malicious actors, who continuously adapt their tactics to outpace defenders.
Recent CertiK reports indicate that phishing attacks have resulted in an alarming $538 million in stolen assets by the end of September 2025. This figure notably excludes the staggering $1.4 billion exploit targeting Bybit in February.
The coalition actively addresses the evolving landscape of cybersecurity, where phishing operators swiftly adapt to countermeasures. For instance, when SEAL ramped up updates to eth-phishing-detect, malicious operatives would quickly change their landing pages to avoid detection. Similarly, when hosting services blocked abusive content, these attackers migrated operations to offshore platforms.
The result has been an ongoing arms race, heavily favoring attackers who have effectively retained the initiative while defenders struggle to keep pace with the influx of phishing submissions.
The introduction of the Verifiable Phishing Reporter alters the standard engagement model. Users can now submit detailed reports that include exact content served from potentially malicious sites, accompanied by TLS attestations to assure that the content in question hasn’t been tampered with.
Thanks to this technological advancement, SEAL can process these submissions in real-time, avoiding the pitfalls associated with manual vetting. This circumvention of advanced cloaking techniques, which obscure malicious payloads from conventional scanners, is a game-changer in the fight against phishing.
The coalition feeds validated reports into a comprehensive detection system that prohibits access to flagged phishing domains and risky contract interactions across all partner wallets. This integration transforms localized alerts into widespread network protection.
Ohm Shah, a security researcher at MetaMask, emphasizes the importance of this collaboration, stating, “The challenge with drainers is akin to a perpetual cat-and-mouse game. Our partnership with SEAL and other independent researchers empowers wallet teams like MetaMask to respond more swiftly and effectively against these threats.”
“Drainers are a constant cat-and-mouse game like most of security, working alongside SEAL and their independent researchers enables wallet teams like MetaMask to be more agile and apply SEAL’s research to practice effectively throwing a wrench at the drainer’s infra.”
Derek Rein, the CTO of WalletConnect, acknowledged that this partnership broadens the protective measures for WalletConnect Certified wallets, which already alert users to known phishing sites. Armani Ferrante, CEO of Backpack, framed the integration as a crucial stride towards enhancing secure digital asset ownership. Meanwhile, Kim Persson, a senior engineer at Phantom, reiterated that maintaining domain security and user safety is of paramount importance.
Assessing Effectiveness
The success of this network hinges on three essential pillars: reducing user losses, accelerating threat neutralization, and producing high-quality detections, benchmarked against pre-launch data and corresponding controls.
The foremost metric involves tracking losses per active user, specifically focusing on dollar losses due to phishing for every 1,000 monthly active wallets, which will be derived from on-chain drainer clusters, victim self-reports, and wallet telemetry.
Speed serves as the second tier of evaluation. The time-to-protect metric monitors the duration from the initial Verifiable Phishing Report to the issuance of an in-wallet warning or block, encompassing both median and 95th-percentile durations.
Time-to-neutralize, which examines both web and on-chain vectors, separately calculates the time from reporting to blocklist integration or site takedown, providing comprehensive insight into operational efficiency.
Consistent reductions in these metrics are expected to correlate with diminished financial losses due to phishing attacks.
The third pillar is centered on coverage and quality. Recall includes the percentage of known phishing domains and addresses identified before any transactions leading to victimization, validated against independent sources. Precision is assessed as the complement of the false-positive rate, verified through accurate TLS attestations and user feedback.
Additional quality metrics assess the proportion of network actions supported by valid TLS attestations, deduplication rates across diverse reports, and the median duration of domain lifetimes following initial attestations.
Behavioral insights can reveal whether these protections effectively alter user behavior. The deflection rate, for instance, measures how many warnings lead users to abandon potentially risky actions compared to the overall number of warnings issued, while the blocked-sign rate tallies transactions halted in their tracks.
SEAL invites other wallet providers to join this essential network and encourages researchers and engaged users to contribute through the Verifiable Phishing Reporter client available on its website, driving a collective effort towards a safer crypto environment.
