MetaMask and wallets unite after $400M stolen in phishing attacks

TLDR

• Over $400M in crypto stolen via phishing attacks in the first half of 2025
• MetaMask, Phantom, and others now share real-time phishing alerts
• SEAL’s tool verifies malicious sites and broadcasts warnings instantly
• Attackers rotate phishing sites and use cloaking to avoid detection

Crypto wallet providers have launched a joint defense system after phishing attacks cost users over $400 million in the first half of 2025. MetaMask, Phantom, WalletConnect, and Backpack are now working with the Security Alliance (SEAL) to build a shared network that detects and blocks phishing websites. This move aims to prevent further losses and reduce the speed at which attackers operate across the crypto ecosystem.

Wallet Providers Unite to Launch Real-Time Phishing Defense

MetaMask, Phantom, WalletConnect, and Backpack have partnered with SEAL to create a global phishing defense network. This collaboration follows a sharp rise in phishing attacks, which according to CertiK, led to over $400 million in stolen funds between January and June 2025.

The new defense system is designed to quickly identify phishing sites and share that data across participating wallets. SEAL explained that the goal is to build a “decentralized immune system” that reacts in real time. “We’ve joined forces to launch a global phishing defense network that can protect more users across the entire ecosystem,” MetaMask stated.

The network integrates SEAL’s new verifiable phishing reports tool. This tool allows researchers to submit proof that a reported site is indeed malicious, speeding up the process of identifying threats. Verified reports are then shared across wallets in real time, providing users with faster protection.

Phishing Tactics Evolve as Defenses Improve

SEAL reported that phishing attacks have grown more advanced, making it harder for traditional defenses to stop them. Attackers are now rotating phishing websites faster, hosting them offshore, and using cloaking methods to bypass automated security tools.

These tactics have led to increased losses and more successful scams. “Drainers are a constant cat and mouse game,” said Ohm Shah, a researcher at MetaMask. He noted that partnering with SEAL has allowed wallet teams to respond faster and take direct action against phishing operations.

The phishing websites are often disguised as common dApps or wallet interfaces, making them harder for users to detect. By sharing verified reports instantly, the new system is designed to reduce the window of exposure and stop attacks before they spread.

Real-Time Alerts Through a Decentralized System

The defense network works by verifying user-submitted reports and broadcasting warnings across all participating wallets. SEAL said that this process does not require any special permissions. Any user or researcher with a valid phishing report can trigger alerts across the network.

This approach allows wallets to react faster than traditional blocklist updates. It also reduces the need for users to depend on centralized security providers. SEAL explained, “Anyone with a valid report is able to trigger a phishing warning across network participants in real time.”

The shared system also reduces duplication of effort. Instead of each wallet provider managing its own reports, the defense network enables joint action. This coordination is expected to help stop phishing campaigns earlier and reduce user losses.

Crypto Wallets Aim to Expand Network Coverage

The long-term goal is to bring this protection to more wallets in the ecosystem. SEAL and its partners believe that widespread adoption is key to improving response times and stopping phishing threats quickly.

The defense system is built to be lightweight and adaptable, allowing for integration into various wallet infrastructures. Wallet teams are encouraged to join the network and benefit from shared threat intelligence.

As phishing attacks remain the top security issue in 2025, the move signals a shift in how wallets approach protection. By pooling resources and acting together, they hope to limit damage and restore trust among crypto users.

The post MetaMask and wallets unite after $400M stolen in phishing attacks appeared first on CoinCentral.