Starting Auditor Accreditations and Protocol Assessments

Smart contract vulnerabilities were once the dominant cause of crypto exploits. Now, operational failures dominate, including compromised signers, poorly managed multisigs, DNS takeovers, leaked credentials, unmonitored infrastructure, and missing incident response playbooks. These account for the majority of major incidents and they’re not problems a code audit catches, because the code isn't the issue.

SEAL Certifications close this gap with an open-source certification program built specifically for crypto, evaluating the operational practices that determine whether a protocol can actually defend itself, detect an incident, and respond when things go wrong.

The standard is maintained by SEAL, but it’s not ours alone. It’s been shaped over the past year in collaboration with the protocols, security firms, and researchers who tested it against real operational practices, and we plan for it to keep evolving that way. While SEAL sets and publishes the standard, the wider community keeps it aligned with what's actually breaking protocols.

Since publishing the RFC in late 2025, we've run:

  • Analyses with 25+ protocols across DeFi, staking, treasury management, and infrastructure
  • Feedback sessions with 10+ auditing firms and security researchers. 

As a result, the framework is stable and the process is proven. We're now moving from pilot validation into active certification.

The Framework

SEAL Certification assessments currently cover 6 domains:

  • Multisig Ops: Governance, signer security, transaction verification, emergency procedures
  • Treasury Ops: Architecture, fund management, custody, transaction security
  • Incident Response: Team structure, monitoring, response playbooks, drills
  • DNS & Registrar: Domain management, DNS controls, registrar security, email authentication
  • DevOps & Infrastructure: Development environment, source code security, CI/CD, cloud infrastructure
  • Identity & Accounts: Account inventory, phishing-resistant MFA, credential management, account lifecycle, takeover monitoring

During scoping, the auditor and protocol align on which controls apply. Certification is a single pass/fail decision across the full agreed scope.

All framework criteria remain open-source and freely available for self-assessment: frameworks.securityalliance.org/certs/overview

A Consistent Standard, With Flexibility for Firms

SEAL Certifications give auditing firms a shared North Star. The framework defines what good operational security looks like across the six domains, so a certification means the same thing regardless of which firm performed the assessment. Two accredited firms assessing the same protocol should reach materially the same conclusion, so that the certification can also mean the same thing to end users and investors.

What the standard doesn't do is dictate how a firm works with its clients. Firms set their own pricing and decide how to deliver against the standard. That might be a one-time assessment, a live dashboard, a high-touch engagement, or ongoing support with the SEAL Certification as the target a protocol maintains over time. The standard is the what. How you get a protocol there is up to the firm and its client.

Firms can also bring their own standard and align it to SEAL through accreditation, issuing SEAL Certifications alongside their own work. Wonderland’s DARC is one example: an independent digital asset operational risk standard developed by Wonderland in collaboration with SEAL and mapped to its certification framework. 

Organizations can implement a purpose-built security standard while receiving a certification that provides a consistent and trusted signal to users, investors, and institutions. This is exactly the kind of flexibility the program is built for. Alignment on what a certification means and freedom in how a firm gets there.

An Intentional High Bar

The standard is deliberately demanding. It reflects what actually went wrong in real incidents, and meeting it across all six domains is hard. Most protocols that start working toward certification will find gaps and need to make improvements before they pass. That's expected. The value is as much in the work of closing those gaps as in the certification itself.

The most useful thing a protocol can do today is treat the framework as a gap analysis: work through it as a team, or with a firm you already trust, find where you fall short, and set concrete targets for your organization. The framework is open-source, so you can start that work right now at frameworks.securityalliance.org/certs/overview.

How an Engagement Works

An accredited firm works with the protocol team through the full process:

  1. Scoping. Align on which controls apply and what infrastructure is in scope.
  2. Evidence collection. The protocol team gathers documentation and evidence that their practices meet the framework controls.
  3. Assessment. The firm reviews evidence against the open-source framework criteria.
  4. Remediation (if needed). The firm provides recommendations to close any gaps, and the protocol team implements fixes.
  5. Certification. Protocols that meet the standard receive a formal on-chain attestation, publicly and cryptographically verifiable.

A typical engagement runs a few weeks from scoping to certification.

For firms, the economic model is per engagement, fee-based and designed so firms pay nothing upfront before there's actual client demand. Firms set their own pricing with clients. This keeps the program financially aligned with how much certification the ecosystem is actually doing and supports SEAL’s ability to continue maintaining the standard.

Firms undergoing Accreditation

The firms below have started the SEAL Certification accreditation process and are open to taking on protocol clients now. Each firm's first certification engagement is supervised by SEAL, working alongside their team end-to-end, with confidential client information kept between the firm and the protocol. Once we're confident a firm can assess independently to the standard, they are fully accredited. We are also in the process of reaching out to additional firms who already filled out the forms below.

Auditware, BlockSec, ChainSecurity, Composable Security, Consensys Diligence, Cyfrin, DeFiSafety, Hacken, HackenProof, Oak Security, OpenZeppelin, Opsek, Quantstamp, Shield3, Sigma Prime, Statemind, Trail of Bits, Wonderland, Zellic, zeroShadow.

If your protocol already has an active relationship with one of these firms, we encourage you to work with them on certification. We'll keep an up-to-date list of firms and their points of contact on the SEAL site.

If you're a security firm that isn't listed and want to be, reach out at [email protected] and we'll get you into the process.

Get Involved

Auditing firms: If you're interested in becoming a SEAL-accredited assessor, https://securityalliance.typeform.com/CertsAuditor

Protocols: If you're interested in a SEAL Certification assessment, https://securityalliance.typeform.com/CertsWaitlist

Questions? Reach out to [email protected].

Thank You

This program exists because of the protocols, foundations, and security firms who gave us time, feedback, and a real-world testbed over the past year of development. Thanks to everyone involved, including (alphabetically) those below, and apologies in advance to anyone we missed.

a16z Crypto, Auditware, BlockSec, Berachain, ChainSecurity, Chaos Labs, Commit Boost, Composable Security, Consensys Diligence, Credo V, Cyfrin, DeFiSafety, Derive, Dragonfly, Ethena, EthZilla, Fidelity Digital Assets, Filecoin Foundation, Hacken, HackenProof, Lido, Nexus Mutual, Nomic Foundation, Oak Security, OpenZeppelin, OpSek, Pendle, Pier Two, Quantstamp, Scroll, Shield3, Sigma Prime, SolAz, Statemind, Steakhouse Financial, STRK, Synthetix, TheDAO, Trail of Bits, Uniswap Foundation, Wonderland, Zama, Zellic, zeroShadow, ZKsync.

The link has been copied!