SEAL 911: A Few Lessons from the Frontlines 

SEAL 911

Today, I’d like to share my personal experience as a member of SEAL 911, the emergency hotline that assists Web3 projects in protecting their assets in case of hacks or malicious attacks.

I’ve been part of SEAL 911 since October 2023 and I witnessed:

  • Numerous vulnerability disclosures.
  • War rooms were set up to prevent the exploitation of live vulnerabilities or help protocols that were actively being exploited.
  • Many cases where individuals’ funds were stolen either because of investment scams, phishing attacks, or even drainer malware.

I had the opportunity to see many of the industry’s top security experts in action and gain useful insights. 

Aside from addressing code vulnerabilities, SEAL 911 can also provide significant assistance in the area of on-chain forensics. Although this requires considerable time and effort, members of SEAL have been able to track the movement of stolen funds and provide victims with helpful information to report to law enforcement authorities. By effectively coordinating with authorities, the victim can often freeze stolen funds and even identify the perpetrators of the malicious activities.

With the increase in cryptocurrency capitalization, bad actors will continue attempting to steal funds from users by exploiting code vulnerabilities, stealing users’ wallet information, or even tricking users into sending the funds themselves.  This poses a threat to the security of De.FI. As we have seen repeatedly, the most vulnerable group is non-tech-savvy regular users, so it is important to spread good operational security (op-sec) practices and fundamental cryptocurrency knowledge to the public. 

What is Security Alliance (SEAL)

Security Alliance (SEAL), established with the support of blockchain innovators, has rapidly become a key asset of Web3 security. Before its public debut on February 14, 2024, SEAL connected users, developers, and experts to offer free Web3 simulation exercises.

Seal’s goal is to improve the security of the blockchain and cryptocurrency system by supporting security researchers and removing barriers that could prevent them from taking immediate action to safeguard protocols. The initial members include security teams at Paradigm, a16z crypto, and Dedaub, who have played a key role in significant recovery efforts. Seal’s programs include rapid response, legal assistance, and developer security training.

The Security Alliance (SEAL) offers several initiatives to enhance security. These include SEAL 911, a 24/7 emergency response hotline, and SEAL Wargames team exercises designed to identify and address vulnerabilities. Additionally, the Whitehat Safe Harbor Agreement provides legal protection for white-hat hackers participating in fund rescues, and the Legal Defense Fund supports researchers dealing with legal challenges. SEAL operates as a US 501(c)(3) nonprofit organization with the mission to protect the decentralized internet. For more information, please visit the Security Alliance.

What is SEAL 911?

SEAL 911 is a 24/7 emergency hotline for incident response, vulnerability disclosures, and other security issues in blockchain and crypto. It provides immediate assistance to address security threats quickly, ensuring expert help is available to mitigate risks and prevent damage.  

  • Collaborative Defense: Working quickly with platform teams to temporarily pause contracts that have been hacked, when applicable.
  • Evolving Threats: Growing sophistication in cyberattacks requiring advanced strategies.
  • Rapid Response: Speed and coordination prevent losses and restore confidence.

What Are the SEAL Wargames?

SEAL conducts SEAL Wargames and red team exercises to help developers prepare for security incidents. These simulated attacks help identify weaknesses and improve defense strategies. Many developers have never experienced the high-intensity environment of a security incident before. It can be challenging to stay focused and productive when every second could potentially mean millions of additional dollars lost to attackers. The SEAL Chaos Team provides projects with the resources and training to respond to the worst-case scenarios.

Each wargame consists of two phases:

1. A tabletop exercise in which the Chaos Team presents hypothetical attack scenarios to project developers and notes potential weaknesses.

2. A simulated attack in which the Chaos Team exploits a vulnerability on a test network and challenges the project developers to set up an incident war room, triage the exploit, and remediate the situation.

Yannis Smaragdakis and I from the Dedaub Security search team are currently active members of SEAL 911.

Conclusion

As a member of SEAL 911, I have seen firsthand how critical our role is in securing the Web3 ecosystem. The collaborative efforts and rapid response capabilities we’ve developed are essential in combating the evolving threats in the crypto space. Working with some of the brightest minds in the field has been invaluable, and I’m proud to contribute to a safer, more resilient blockchain community.