SEAL, a non-profit focused on online safety, has initiated a novel phishing defense network to combat the growing threat of crypto drainers. This initiative, launched on October 22nd, 2025, leverages the power of collaboration with key players in the crypto space, including MetaMask, WalletConnect, Backpack, and Phantom.
The cornerstone of this collaborative effort is the implementation of Verifiable Phishing Reports. This innovative technology allows users to directly submit cryptographically verified evidence of potentially harmful websites. This bypasses the traditional, slower manual review processes, which often allows drainer operations to adapt and evolve faster than security measures can respond.
Data from CertiK‘s reports, released earlier this year, reveals that losses from phishing attacks totaled an estimated $538 million as of September 30th, 2025. This figure excludes the significant $1.4 billion incident affecting Bybit that occurred in February 2025.
This collaborative network directly addresses the escalating tactics of drainer operations, which have become increasingly sophisticated in response to prior mitigation attempts.
For instance, when SEAL accelerated the frequency of updates to eth-phishing-detect, drainer operators swiftly adjusted by rotating their landing pages at an increased pace.
Similarly, when hosting providers started blocking abusive servers, drainers migrated to offshore “bulletproof” hosting services, which are more resistant to takedowns. And, when SEAL deployed its automated Phishing Bot for scanning, drainers implemented cloaking and anti-fingerprinting techniques to evade detection.
This continuous back-and-forth created an uneven playing field, giving attackers the advantage due to their ability to quickly adapt, while security teams struggled to manage and validate reports at scale.
The Verifiable Phishing Reporter fundamentally alters this dynamic. Users can now submit reports that include the exact content displayed by a suspected phishing site, along with a TLS attestation confirming the integrity of the content.
These submissions are processed by SEAL in real-time, without the need for manual review, thereby effectively circumventing cloaking techniques employed to hide malicious payloads from automated scanners.
Validated reports are then fed into a comprehensive detection system, which blocks phishing domains and prevents risky contract interactions across all participating wallets. This transforms localized intelligence into widespread network protection.
Ohm Shah, a security researcher at MetaMask, commented:
“Combating drainers is a constant game of cat and mouse, a common theme in security. Our collaboration with SEAL and their independent researchers allows wallet teams like MetaMask to be more responsive and efficiently apply their research to actively disrupt the infrastructure used by drainers.”
Derek Rein, CTO of WalletConnect, explained that this partnership further enhances the security measures for WalletConnect Certified wallets, which already alert users to known fraudulent websites.
Armani Ferrante, CEO of Backpack, views the integration as an essential component of the wallet’s commitment to enhancing the security of digital asset ownership. Kim Persson, Senior Engineer at Phantom, emphasized that domain security and user safety remain top priorities for the platform.
Measuring Success
The network’s success will be measured across three key areas: a reduction in user financial losses, faster response times in neutralizing threats, and accurate threat detection compared to both a pre-launch benchmark and a control group.
The primary metric will be the loss rate per active user, such as the amount of money lost to phishing attacks per 1,000 active wallets each month. This data can be estimated from on-chain drainer activity, user-reported incidents, and wallet telemetry data.
The speed of response is another critical measurement. Time-to-protect will track the median and 95th-percentile duration from the initial Verifiable Phishing Report to the implementation of a warning or block within a wallet.
Time-to-neutralize will be measured separately for web-based threats, tracking the time from report submission to blocklist propagation and site takedown, and on-chain threats, where reports trigger the interception of risky contracts or addresses.
Consistent improvements in these timeframes should correlate with a decrease in actual financial losses.
Coverage and accuracy constitute the third pillar. Recall will measure the percentage of known phishing domains and addresses that are flagged before the first successful victimized transaction. This data will be validated against independent sources and post-incident investigations.
Precision will be measured as one minus the false-positive rate, validated through subsequent clean TLS attestations and user appeals.
Additional quality checks will include the proportion of network actions supported by valid TLS attestations, deduplication rates across reporters, and the median lifespan of a domain after its initial attestation.
Behavioral metrics will also be monitored to determine how these security measures influence user behavior. The deflection rate will calculate the proportion of warnings that lead users to abandon risky actions out of the total warnings displayed. The blocked-sign rate will count the number of transactions that are completely prevented from occurring.
The organization is actively inviting more wallet providers to join the network and encourages security researchers and users to contribute by utilizing the Verifiable Phishing Reporter client, available on their website.