It started with the chaotic $190 million Nomad hack in August 2022. An exploit, or flaw in the code, was found for the bridge, and a colossal crowd of criminals rushed in to loot the funds.
In its analysis of the exploit, Immunifi said one problem was: “Staying true to DeFi Principles, this hack was permissionless — anyone could join in.”
Plenty of white hat hackers wanted to help but were forced to watch from the sidelines due to the legal risks of pitching in.
Looking back in February, famed white hat hacker Samczsun said the security community had wondered afterward, “How did we get to a point where random people felt comfortable stealing money from the bridge, but white hats felt it was too risky to intervene.”
Something needed to be done. Samczsun, who is also Paradigm’s head of security, decided that for future hacks, the SEAL911 bat signal could be shone into the metaphorical night so white hats could help combat hacks. But first, the legal issues needed to be sorted out.
The hacks keep coming. (Dragonfly citing DeFi Llama)
SEAL: Security Alliance of white hat hackers
The idea for the Security Alliance (SEAL) emerged with the project officially launching February 14. SEAL 911 is a hot desk on the Telegram messaging service where a crack team of around 40 white hat hackers can pick up reports of hacks in progress and assist in real time.
Samczsun calls it a “firefighting helicopter” that will “show the world that crypto as an industry is taking security seriously.”
“The idea is that if someone finds a critical bug but doesn’t know who to talk to in the project team […] that’s one of the things SEAL911 can help with. Then we can also help respond to the hack, obviously.”
DefiLlama’s tally of funds stolen by hackers so far. (DefiLlama)
But the huge number of hacks happening every day is a massive job for a few dozen hackers, no matter how good.
“It’s super ambitious, part of it is that, for now, the volume is manageable. We want to serve all of crypto. We may split into teams, but for now, the teams are small because we are dealing with very sensitive information.”
Apart from white hats, there are auditors, bug bounty program coordinators and investigative sleuths. Ethereum creator Vitalik Buterin was the first donor, donating 250 ETH to kick things off, and various Web2 and Web3 companies, along with VCs, have also chipped in funding.
SEAL’s donors, illustrated. (X)
The emergency hotline is just one of three distinct initiatives from SEAL to try and help the crypto industry with these ongoing issues. It also conducts Wargames to develop strategies to deal with simulated attacks and came up with a Safe Harbor Legal Agreement for white hats, designed to protect the good guys from liability if things get hairy when trying to help patch an imminent or ongoing criminal hack. Until now, getting into legal trouble despite trying to help has been a constant concern
“If I mess up, which I will eventually, I’m only human — am I on the hook for it? For the 7, 8, 9 figures of…
..
