We’ve been on the front lines fighting crypto drainers since late 2023, and today we’re excited to announce that we are partnering with MetaMask, WalletConnect, Backpack, and Phantom to protect their end users with real-time phishing protection against the most sophisticated hackers. This is made possible by our Verifiable Phishing Reports technology, which allows anyone from around the world to join the fight against phishing.
Over the past two years, we’ve worked closely with industry partners to disrupt drainers such as Inferno Drainer, Angel Drainer, Ace Drainer, Riddance Drainer, and many more. As our defenses and mitigations improved, so did the hackers. When we deployed faster updates into eth-phishing-detect, drainers responded by rotating landing pages quicker. When we coordinated with infrastructure providers to mitigate abuse, drainers responded by moving their workload to offshore bulletproof hosting. When we implemented automated scanning and blocking of phishing URLs via the SEAL Phishing Bot, drainers responded by implementing cloaking and other anti-scanning measures. It was a battle of attrition, and drainers had the upper hand.
In order to turn the tide, we began work on enabling more people to join the fight, and last week we announced the Verifiable Phishing Reporter. This tool allows users to submit a phishing report for a website based on the exact content they were served, along with a cryptographic attestation proving that the content was not forged. Now, instead of needing a team of security researchers to manually check each submission and determine if the website was malicious, something that was extremely time consuming and prone to error, we’re able to automatically and trustlessly process reports in real time, all while circumventing advanced cloaking techniques. By forming this coalition with MetaMask, WalletConnect, Backpack, and Phantom, we’re able to use these submissions to create an end-to-end pipeline which leverages crypto’s decentralized network to build a global immune system, allowing a single person to protect the entire community.
“Drainers are a constant cat and mouse game like most of security, working alongside SEAL and their independent researchers it allows wallet teams like MetaMask to be more agile and apply SEAL's research to practice effectively throwing a wrench at the drainer's infra”, says Ohm Shah, Security Researcher at MetaMask.
“With WalletConnect Certified, every Certified wallet warns users when they encounter known scam sites. By partnering with SEAL, we’re expanding our protections even further as they begin providing us with their scam domain database. We’re encouraged to see these security standards being adopted more broadly across the industry. Security best practices must remain at the forefront of wallet development”, says Derek Rein, CTO of WalletConnect.
“SEAL’s approach to verifiable, real-time phishing protection empowers Backpack users to interact with the crypto ecosystem safely and freely through our ‘explore’ experience. Partnering with SEAL is part of our ongoing mission to make digital asset ownership more secure," says Armani Ferrante, CEO of Backpack.
“Security and user safety are core tenets at Phantom. Partnering with SEAL will strengthen our domain security and better protect our users,” says Kim Persson, Senior Engineer at Phantom.
Next steps
We’re going to continue scaling out our ability to detect and mitigate future variants of phishing scams so that we can better collaborate with and protect crypto users. If you work on a wallet and you wish to join the network, please reach out for integration instructions. If you’re a security researcher or just want to do your part in protecting others, consider using our verifiable phishing reporter client here. Finally, SEAL is a non-profit organization, so if you would like to support our work in the future, please consider donating.