For a number of agonizing hours in August 2022, white hat hackers watched anxiously as evil-doers, often known as “black hats,” stole $190 million from the Nomad bridge — the fourth greatest crypto hack simply that yr alone.
Whereas some white hats finally took it upon themselves to steal the funds for momentary safekeeping, many extra hesitated over fears that getting concerned might land them in jail.
This precise incident is what led crypto safety nonprofit Safety Alliance, or SEAL, to discover a strategy to give white hats the liberty and, extra importantly, authorized security, to combat in opposition to the unhealthy guys.
This later grew to become the Protected Harbor Settlement — a framework launched in 2024 for white hats and initiatives to abide by throughout an lively exploit, based on the SEAL Protected Harbor initiative’s co-leads Dickson Wu and Robert MacWha.
“Expert whitehats who might cease the assault usually hesitate attributable to authorized uncertainty round ‘hacking’ the protocol they’re making an attempt to avoid wasting. Protected Harbor eliminates this concern by offering whitehats with clear authorized safety and prescribed steps.”
SEAL acknowledges 29 corporations supporting crypto’s moral hackers
Lower than two years later, SEAL is now recognizing 29 crypto corporations for adopting and supporting its Protected Harbor Settlement as a part of its very first Protected Harbor Champions 2025 awards.
“By rallying round requirements like Protected Harbor, we’re signaling a coordinated protection technique slightly than remaining fragmented,” Wu and MacWha stated.
“With billions in danger and tons of of assault vectors, establishing clear safety requirements and rewarding participation raises the baseline safety for everybody.”
The nominees, break up into “adopters” and “advocates,” embody Polymarket, Uniswap, a16z Crypto, Paradigm, Piper Alderman, and lots of extra, together with Cointelegraph.
One other nominee, Web3 safety platform Immunefi, advised Cointelegraph final month that its adoption of the Protected Harbor initiative has helped 30 of its white hat safety researchers reach millionaire status, contributing to greater than $25 billion in buyer funds saved from tried thefts.
Up to now, Immunefi has facilitated greater than $120 million in payouts throughout 1000’s of stories, with SEAL’s Protected Harbor framework serving as one among its highly effective instruments to guard crypto protocols from unhealthy actors.
Notable white hat hacks that saved tens of millions in crypto
SEAL presently has 79 volunteer white hat hackers who can reply throughout lively exploits. One of many extra well-known white hats is the pseudonymous c0ffeebabe.eth, who has run in and saved crypto initiatives on various events.
In April, they ran a Maximal Extractable Worth bot to frontrun a malicious transaction and intercept $2.6 million stolen from the Morpho App.
In July 2023, c0ffeebabe.eth returned $5.4 million price of Ether (ETH) to Curve customers by means of the identical MEV technique, and some months earlier, in addition they recovered 300 ETH from a smart contract exploit on SushiSwap.
thanks c0ffeebabe.eth for returning the funds ❤️https://t.co/DoBoh5QEaR pic.twitter.com/ltEKSvZo80
— banteg (@bantg) July 31, 2023
Good-faith white hat actors additionally withdrew and returned $12 million price of Ether and USDC (USDC) from the Ronin bridge in August 2024, receiving praise from its crew for his or her actions.
Extra lately, a number of SEAL volunteers coordinated to warn crypto protocols of the NPM supply chain attack that compromised JavaScript software program libraries in September.
Regardless of early fears of a possible black swan occasion, the trade’s collective protection restricted the overall harm to lower than $50 throughout the primary 24 hours.
“I am very happy with the truth that SEAL labored shortly to triage and remediate the crypto elements of the assault whereas GitHub and different builders labored shortly to flag and neutralize the an infection from a Web2 perspective,” SEAL’s pseudonymous founder and CEO, Samczsun, stated.
SEAL’s Protected Harbor Champions 2025 open for voting
Winners of SEAL’s Protected Harbor Champions 2025 awards can be decided by the overall variety of likes, retweets, quote tweets, and replies on posts from nominees utilizing the @_SEAL_Org tag from Oct. 1 till Nov. 1.
The winners can be introduced on Nov. 3. They are going to earn a commemorative SEAL nonfungible token and ongoing recognition as a 2025 Protected Harbor Champion.
The awards are a part of SEAL’s wider initiative to encourage extra crypto corporations to undertake the Protected Harbor Settlement to strengthen the safety of buyer property.
How SEAL’s Protected Harbor framework works
To undertake the Protected Harbor framework, crypto protocols should be part of SEAL’s onboarding waitlist. If accredited, they’ll obtain a step-by-step information on the way to adjust to the framework.
Throughout an lively exploit the place a white hat steps in to take the funds for momentary safekeeping, the Protected Harbor guidelines state that funds should be returned inside 72 hours, with the bounty set at 10% of recovered funds (capped at $1 million).
Fee is made solely after verification, and to make sure accountability, white hats should full a Know Your Customer and OFAC examine earlier than receiving rewards.
However, membership as a SEAL volunteer is granted by means of sure badges, that are earned by contributing time or cash to assist the operations and initiatives run by SEAL.
The crypto trade is taking accountability
Adoption of the Protected Harbor initiative exhibits “the surface world that crypto has developed past the wild west right into a mature ecosystem able to collective motion,” Wu and MacWha stated.
Associated: Crypto.com says report of undisclosed user data leak ‘unfounded’
Ayham Jaabari, a founding contributor of DeFi platform and Protected Harbor nominee Silo Finance, advised Cointelegraph that the SEAL settlement being enforced on-chain and tied to up to date person phrases, displays the kind of accountability anticipated by banks and regulators.
A part of Silo Finance’s implementation of Protected Harbor has concerned publishing restoration addresses on Ethereum, Avalanche, Sonic, Arbitrum, Base and Optimism to take away any doubt about the place white hats ought to return rescued property.
Continued adoption of white hat frameworks like Protected Harbor ought to function a warning signal to unhealthy actors, Jaabari added:
“For attackers, the message is evident: the group is organized, coordinated, and ready to reply quickly — making exploits much less worthwhile and riskier to aim.”
White hats now have authorized safety
One other Protected Harbor nominee is the Safety Analysis Authorized Protection Fund, a nonprofit that’s ready to fund the authorized protection for any white hat who faces authorized points, offered the hack was carried out in good religion.
SRLDF President and Senior Legal professional Kurt Opsahl advised Cointelegraph that whereas they haven’t had to make use of the fund but, it provides white hats extra confidence to step in to safeguard protocols throughout lively assaults:
“By setting out the phrases and protections forward of time, religion safety researcher is aware of what the deal is, and might restrict their publicity for appearing as a Good Samaritan.”
Regardless of the progress, work stays. Hackers have gotten more and more subtle, siphoning $3.1 billion within the first half of 2025 — already surpassing the $2.85 billion misplaced in all of 2024.
The $1.4 billion Bybit hack, together with rising crypto costs, have been the most important contributors to losses in 2025, already exceeding these seen final yr.
Journal: ‘SEAL 911’ team of white hats formed to fight crypto hacks in real time
