Crypto Wallets Launch Real-Time Phishing Defense Network

The security collaboration emerges against a backdrop of staggering financial losses from crypto phishing attacks. According to CertiK reports published throughout 2024, approximately $538 million was stolen by phishing attacks as of September 30, with this figure excluding the massive $1.4 billion exploit against Bybit in February. This financial hemorrhage has been driven by sophisticated drainer operations that have consistently adapted to each new security measure implemented by defenders. When SEAL accelerated updates to its eth-phishing-detect system, drainer operators responded by rotating landing pages more frequently. When infrastructure providers blocked abusive hosting services, drainers simply migrated to offshore bulletproof services.

The security arms race intensified further when SEAL implemented automated scanning via its Phishing Bot, prompting drainers to deploy advanced cloaking and anti-fingerprinting measures to evade detection. This created a defensive environment heavily weighted toward attackers, who maintained the initiative while security teams struggled to validate submissions at scale. The result was a cycle where drainer infrastructure could rotate faster than defenders could respond, leaving users of popular wallets like MetaMask, Phantom, and others vulnerable to increasingly sophisticated attacks.

The newly launched Verifiable Phishing Reports technology represents a fundamental breakthrough in breaking this cycle. The system enables users to submit cryptographically attested evidence of malicious sites, complete with TLS attestation that proves the content was served by the actual phishing domain and not forged. This cryptographic verification bypasses the manual review bottleneck that previously allowed drainers to maintain their advantage. SEAL can now process these submissions in real-time without manual triage, effectively circumventing the cloaking techniques that hid malicious payloads from automated scanners.

The coalition pipes validated reports into an end-to-end detection system that blocks phishing domains and risky contract interactions across all participating wallets, including MetaMask, WalletConnect, Backpack, and Phantom. This transforms localized intelligence into network-wide protection, creating a collective defense mechanism that grows stronger with each user submission. As Ohm Shah, security researcher at MetaMask, explained: “Drainers are a constant cat and mouse game like most of security, working alongside SEAL and their independent researchers it allows wallet teams like MetaMask to be more agile and apply SEAL’s research to practice effectively throwing a wrench at the drainer’s infra.”

The technology represents a significant advancement over previous approaches by ensuring that every report contains verifiable proof of malicious activity, eliminating the uncertainty that plagued earlier detection systems. This allows for immediate action against confirmed threats rather than waiting for manual verification, dramatically reducing the window of opportunity for drainer operations.

The partnership brings together some of the most prominent names in the cryptocurrency wallet space, each bringing their unique security expertise to the collective defense effort. Derek Rein, CTO of WalletConnect, emphasized that the collaboration expands protections for WalletConnect Certified wallets, which already warn users about known scam sites. This integration builds upon existing security infrastructure while adding the real-time verification capabilities of the new network.

Armani Ferrante, CEO of Backpack, framed the integration as part of the wallet’s core mission to make digital asset ownership more secure, highlighting how the partnership aligns with broader industry efforts to enhance user protection. Similarly, Kim Persson, senior engineer at Phantom, stressed that domain security and user safety remain core priorities for the wallet provider, with the new network representing a significant step forward in achieving these objectives.

The collaboration marks one of the most comprehensive security partnerships in the crypto space, bringing together wallets supporting both ETH and SOL ecosystems to address a common threat. By pooling resources and intelligence, the participating organizations aim to create a security standard that can be adopted industry-wide, with SEAL inviting additional wallets to join the network and encouraging security researchers and users to contribute via the Verifiable Phishing Reporter client available on its site.

The network’s effectiveness will be measured against three critical pillars: reduced user financial losses, faster threat neutralization, and high-quality detection rates. The primary metric focuses on loss rate per active user, specifically tracking dollar-denominated losses to phishing per 1,000 monthly active wallets. This data will be gathered from on-chain drainer clusters, victim self-reports, and wallet telemetry to provide a comprehensive view of the network’s impact.

Speed forms the second measurement tier, with time-to-protect tracking the duration from the first Verifiable Phishing Report to an in-wallet warning or block. Time-to-neutralize separately measures web vectors (reports to blocklist propagation to site takedown) and on-chain vectors (where reports trigger interception of risky contracts or addresses). Sustained reductions in these intervals are expected to correlate directly with lower realized losses across the ecosystem.

Coverage and quality constitute the third pillar, with recall capturing the share of known phishing domains and addresses flagged before the first victimized transaction. Precision is measured as one minus the false-positive rate, confirmed through subsequent clean TLS attestations and user appeals. Additional quality checks include the fraction of network actions backed by valid TLS attestations, deduplication rates across reporters, and median domain lifetime after the first attestation. Behavioral metrics will also track whether protections alter user actions, including deflection rates (warnings leading to abandonment of risky actions) and blocked-sign rates (hard-stopped transactions).