Crypto exploit triage group SEAL sees uptick in tickets in 2025

2025-12-31 18:03:47

The Security Alliance, a mostly volunteer crypto security group better known as SEAL, handled over 1,800 support tickets in 2025, representing more than double the amount of onchain incidents it has responded to since officially launching two years ago. This includes actively managing over 125 war rooms, or a collaborative real-time response effort to respond to crises like protocol exploits, as well as responding to help requests via the 24/7 SEAL 911 Telegram channel, according to security researcher pcaversaccio. SEAL 911 has seen 3,300 tickets since its official launch in late 2023. The growing number of tickets reflects both SEAL’s growing presence in the crypto security scene as well as a rebound in exploits close to pandemic-era levels. 2025 not only saw the largest exchange exploit to date — the $1.4 billion Bybit hack — but also a growing diversity in the types of security incidents. “What really makes me f****** proud is the sheer volume of incidents we handled this year, and the fact that we managed them so effectively,” pcaversaccio, co-founder of and lead on SEAL 911, who requested to be cited by his online moniker, told The Block. “Look, maintaining a best-in-class incident response standard across so many incidents required strong coordination, strict TLP:RED rules, and great teamwork, and seeing that consistently come together is what I'm most proud of.”According to pcaversaccio, the most common type of attacks SEAL responded to this year were “private key/seed leaks,” aligning with research from Chainalysis, which found that “personal wallet compromises” have grown from about 7.3% of total stolen value in 2022 to 44% in 2024.Other common types of attacks include malware and phishing schemes, including increasingly sophisticated infiltration by Democratic People's Republic of Korea (DPRK) hackers. Pig butchering, the “saddest tickets,” which often rely on social engineering phishing schemes, demonstrates how “scammers have infinite creativity,” pcaversaccio said. “Personally, I think we have seen a concerning increase in physical attacks. People like to flex their wealth, and there are too many database breaches that are abused. Local-first accounting/tax software must be the way to go. Don't make perpetrators easy to know your holdings,” he added. Indeed, TRM Labs told The Block that 2025 was the worst year on record for so-called wrench attacks, with at least 60 reported incidents. SEAL also responded onchain to a number of threats like smart contract exploits and frontrunning compromised wallets. And in response to a growing number of URL scams, the group launched a new Verifiable Phishing Reporter service that enables whitehat hackers to inspect and flag suspicious websites. Relatedly, pcaversaccio pointed to issues downstream of AI-generated code and audits. "We need to become hardware wallet maxis now. Stop yolo-installing software and executing random code. Stop handing LLMs (I'm looking at you, Claude) code-execution rights. Use hardware wallets. Keep keys off your daily machines. Triple-check domains. This will help your and my own sanity," he said. Non-profit fundingSEAL, founded in some form as early as 2022, is a non-profit organization funded by donations with about $2 million in annual operating expenses, according to a recent financial transparency report. There are about 28 volunteers on SEAL 911, and about five full-time staff as part of the wider SEAL organization, including former Paradigm researcher Samczsun.The group has about $428,000 in liquid assets, dominated by crypto holdings.“Every ticket, every war room, every rescue, all of it is handled by people donating their own time & expertise. It's very easy to forget, but this entire operation runs on volunteers (people who sometimes just want to pee at night without accidentally joining a war room),” pcaversaccio said.Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.