MetaMask, Phantom, and several other leading crypto wallets have teamed up with the Security Alliance (SEAL) to launch a global phishing defense network, following reports that crypto phishing scams stole over $400 million in the first half of 2025.
“We’ve joined forces to launch a global phishing defense network that can protect more users across the entire ecosystem,” the MetaMask team announced on Wednesday.
According to SEAL, the new initiative aims to build a “decentralized immune system for crypto security,” allowing anyone worldwide to help prevent large-scale phishing attacks before they happen.
The system brings together MetaMask, Phantom, WalletConnect, and Backpack, and will work alongside SEAL’s recently launched “verifiable phishing reports” tool. That tool lets security researchers confirm and publicly verify when a website contains genuine phishing content, improving transparency and response times across the ecosystem.
The fight against crypto drainers
The main threat driving the new initiative is the rise of crypto drainers—malicious actors who continuously evolve their tactics to bypass traditional defenses, SEAL explained.
Recent techniques include rotating phishing pages more frequently to outpace blocklists, shifting to offshore hosting when providers crack down, and using cloaking methods to hide from automated scanners.
“Drainers are a constant cat-and-mouse game,” said Ohm Shah, a security researcher at MetaMask. Working with SEAL, he added, allows wallet teams to respond faster and “effectively throw a wrench into the drainer’s infrastructure.”
Expanding protection across wallets
The collaboration establishes an end-to-end security pipeline in which user-submitted phishing reports are automatically verified and shared among all participating wallets, offering instant protection against new threats.
“Anyone with a valid report can trigger a phishing warning across the network in real time—no special permissions required,” SEAL said.
“This means quicker response times to new phishing threats and more funds saved. We want to bring this data to as many wallets as possible.”
According to CertiK, phishing attacks were the most common type of security incident in the first half of 2025, resulting in over $400 million worth of stolen crypto.
