TLDR
- ETH and SOL wallets unite with SEAL as real-$538M stolen by drainers by Q3 2025.
- Verifiable reports now block phishing in real time with no manual delay.
- $538M in phishing theft led to a new network launched on October 22, 2025.
- Real-time threat blocks now protect MetaMask, Phantom, WalletConnect, Backpack.
Over $538 million has been stolen from crypto users by drainer operations as of September 30, according to CertiK. To respond, leading Ethereum and Solana wallet providers have joined forces with SEAL, a nonprofit security organization, to launch a real-time phishing defense system that aims to block scams before they reach users.
Real-Time Phishing Defense Network Launches
On October 22, SEAL launched a new real-time phishing defense network in collaboration with MetaMask, WalletConnect, Backpack, and Phantom. This effort is designed to stop the fast-evolving tactics used by drainer operations, which have become one of the most damaging threats in the crypto space.
The system uses a tool called Verifiable Phishing Reports (VPR). This lets users send cryptographically proven evidence of phishing sites, including the exact content served by the site. This removes the need for manual checks, allowing threats to be acted on immediately.
The network works across wallets and turns each phishing report into a fast block. Wallet users are protected from harmful domains and unsafe smart contracts as soon as reports are verified.
Blocking Fast-Moving Attacks at Scale
Drainers have evolved quickly in the past year. As defenders updated detection systems, attackers adapted by rotating domains, hiding content, or switching to bulletproof hosting. This made traditional systems slow and ineffective.
With the new network, SEAL can process reports without manual review. This means cloaking tricks and evasive measures used by scammers no longer work. TLS attestations ensure the reported content is real, making the system hard to trick.
The network stops scams at multiple levels. It blocks phishing domains and warns users in supported wallets. It also flags risky smart contracts linked to drainer wallets, reducing chances of funds being stolen.
Ohm Shah, a security researcher at MetaMask, said working with SEAL gives wallet teams the speed needed to stop new threats. “It allows wallet teams like MetaMask to be more agile and apply SEAL’s research to practice,” Shah said.
Measuring Success Through Losses, Speed, and Detection Quality
The network’s success will be judged by three main areas: fewer losses, faster response times, and better detection. These are based on real user data and threat logs.
The first key measure is the loss rate per active user. This is based on how much is lost to phishing attacks per 1,000 users each month. The data is taken from user reports, blockchain analysis, and wallet activity.
The second group of metrics tracks how fast the system reacts. One metric is time-to-protect, which measures how quickly a warning appears after a report. Another is time-to-neutralize, which looks at how fast malicious domains or contracts are blocked.
The third area focuses on how well the system detects phishing threats. This includes recall, which is the rate of phishing domains caught before any user loss, and precision, which checks how many false positives were avoided. The system uses TLS attestations and user feedback to verify results.
Community Involvement and Broader Adoption
SEAL is inviting other wallet providers and security teams to join the network. The goal is to expand coverage and keep detection rates high across the industry. More users and researchers can also take part by submitting phishing reports using the Verifiable Phishing Reporter tool.
Engineers from Phantom, Backpack, and WalletConnect all confirmed that user safety is a top priority. The network gives wallets a way to share threat data in real time and act faster than attackers.
The collaboration aims to stop the trend of phishing drainers stealing millions from users, and to set a new standard for crypto wallet security.
