MetaMask, Phantom, and other prominent cryptocurrency wallets have joined forces with the Security Alliance to establish a global phishing defense network. This initiative aims to combat the escalating threat of crypto phishers, who were responsible for stealing over $400 million in the first half of 2025.
"We’ve joined forces to launch a global phishing defense network that can protect more users across the entire ecosystem," stated the MetaMask team on Wednesday.
The Security Alliance (SEAL) explained that the new defense network will function as a "decentralized immune system for crypto security," allowing individuals worldwide to proactively prevent future phishing attacks.
Key participants in this "decentralized immune system" include MetaMask, Phantom, WalletConnect, and Backpack.
This network will operate in conjunction with SEAL’s recently announced "verifiable phishing reports" system. This tool empowers security researchers to substantiate claims of malicious websites containing phishing content, ensuring greater accuracy in reporting.
The Growing Threat of Crypto Drainers
The increasing prevalence of crypto drainers poses a significant challenge, as these malicious actors continuously adapt their tactics to bypass traditional security measures, as explained by SEAL.
New methods employed to lure victims include rapidly rotating landing pages to evade blocklists, migrating to offshore hosting to avoid infrastructure provider crackdowns, and utilizing cloaking techniques to circumvent automated scanning.
"Drainers are a constant cat and mouse game," commented Ohm Shah, a security researcher at MetaMask.
Collaborating with SEAL enables wallet teams to enhance their agility and translate research into practical countermeasures, "effectively throwing a wrench at the drainer’s infra," Shah added.
Widespread Deployment for Maximum Protection
This partnership establishes an end-to-end pipeline where user-submitted reports are automatically validated and disseminated across all participating wallets. This ensures immediate protection against emerging phishing threats for a broad user base.
"Anyone with a valid report is able to trigger a phishing warning across network participants in real time and without any special permissions," SEAL elaborated.
"This means quicker response times to new phishing threats and more funds saved. We want to bring this data to as many wallets as possible."
Phishing attacks represented the highest number of security incidents in the first half of the year, resulting in over $400 million in stolen cryptocurrency, according to data from CertiK.