Get started
CointelegraphCointelegraph

Ethical hackers save crypto billions, SEAL’s Safe Harbor makes it possible

5 min read

For several agonizing hours in August 2022, white hat hackers watched anxiously as evil-doers, known as “black hats,” stole $190 million from the Nomad bridge — the fourth biggest crypto hack just that year alone. 

While some white hats eventually took it upon themselves to steal the funds for temporary safekeeping, many more hesitated over fears that getting involved could land them in prison.

This exact incident is what led crypto security nonprofit Security Alliance, or SEAL, to find a way to give white hats the freedom and, more importantly, legal safety, to fight against the bad guys. 

This later became the Safe Harbor Agreement — a framework launched in 2024 for white hats and projects to abide by during an active exploit, according to the SEAL Safe Harbor initiative’s co-leads Dickson Wu and Robert MacWha.

“Skilled whitehats who could stop the attack often hesitate due to legal uncertainty around ‘hacking’ the protocol they’re trying to save. Safe Harbor eliminates this fear by providing whitehats with clear legal protection and prescribed steps.”

SEAL recognizes 29 companies supporting crypto’s ethical hackers

Less than two years later, SEAL is now recognizing 29 crypto companies for adopting and supporting its Safe Harbor Agreement as part of its very first Safe Harbor Champions 2025 awards.

“By rallying around standards like Safe Harbor, we’re signaling a coordinated defense strategy rather than remaining fragmented,” Wu and MacWha said.

“With billions at risk and hundreds of attack vectors, establishing clear security standards and rewarding participation raises the baseline security for everyone.”

The nominees, split into “adopters” and “advocates,” include Polymarket, Uniswap, a16z Crypto, Paradigm, Piper Alderman, and many more, including Cointelegraph. 

Another nominee, Web3 security platform Immunefi, told Cointelegraph last month that its adoption of the Safe Harbor initiative has helped 30 of its white hat security researchers reach millionaire status, contributing to more than $25 billion in customer funds saved from attempted thefts.

So far, Immunefi has facilitated more than $120 million in payouts across thousands of reports, with SEAL’s Safe Harbor framework serving as one of its powerful tools to protect crypto protocols from bad actors, Immunefi’s Head of Triage Team, Adrian Hetman, told Cointelegraph.

”Safe Harbor is another powerful tool in our shared arsenal, available to any project that chooses to adopt it. By working together and taking action rather than waiting and hoping for the best, the industry sends a clear message: we are united, resilient, and committed to a more secure future.”

Notable white hat hacks that saved millions in crypto 

SEAL currently has 79 volunteer white hat hackers who can respond during active exploits. One of the more famous white hats is the pseudonymous c0ffeebabe.eth, who has run in and saved crypto projects on more than a few occasions.

In April, they ran a Maximal Extractable Value bot to frontrun a malicious transaction and intercept $2.6 million stolen from the Morpho App.

In July 2023, c0ffeebabe.eth returned $5.4 million worth of Ether (ETH) to Curve users through the same MEV strategy, and a few months earlier, they also recovered 300 ETH from a smart contract exploit on SushiSwap.

banteg
@bantg

thank you c0ffeebabe.eth for returning the funds ❤️https://t.co/DoBoh5QEaR pic.twitter.com/ltEKSvZo80

Jul 31, 2023

Good-faith white hat actors also withdrew and returned $12 million worth of Ether and USDC (USDC) from the Ronin bridge in August 2024, receiving praise from its team for their actions.

More recently, several SEAL volunteers coordinated to warn crypto protocols of the NPM supply chain attack that compromised JavaScript software libraries in September.

Despite early fears of a potential black swan event, the industry’s collective defense limited the total damage to less than $50 across the first 24 hours.

“I'm very proud of the fact that SEAL worked quickly to triage and remediate the crypto aspects of the attack while GitHub and other developers worked quickly to flag and neutralize the infection from a Web2 perspective,” SEAL’s pseudonymous founder and CEO, Samczsun, said.

SEAL’s Safe Harbor Champions 2025 open for voting 

Winners of SEAL’s Safe Harbor Champions 2025 awards will be determined by the total number of likes, retweets, quote tweets, and replies on posts from nominees using the @_SEAL_Org tag from Oct. 1 until Nov. 1.

The winners will be announced on Nov. 3. They will earn a commemorative SEAL nonfungible token and ongoing recognition as a 2025 Safe Harbor Champion.

The awards are part of SEAL’s wider initiative to encourage more crypto companies to adopt the Safe Harbor Agreement to strengthen the protection of customer assets.

How SEAL’s Safe Harbor framework works 

To adopt the Safe Harbor framework, crypto protocols must join SEAL’s onboarding waitlist. If approved, they will receive a step-by-step guide on how to comply with the framework.

During an active exploit where a white hat steps in to take the funds for temporary safekeeping, the Safe Harbor rules state that funds must be returned within 72 hours, with the bounty set at 10% of recovered funds (capped at $1 million).

Hackers, Cybersecurity, Hacks

Payment is made only after verification, and to ensure accountability, white hats must complete a Know Your Customer and OFAC check before receiving rewards. 

On the other hand, membership as a SEAL volunteer is granted through certain badges, which are earned by contributing time or money to support the operations and initiatives run by SEAL.

The crypto industry is taking accountability

Adoption of the Safe Harbor initiative shows “the outside world that crypto has evolved beyond the wild west into a mature ecosystem capable of collective action,” Wu and MacWha said.

Related: Crypto.com says report of undisclosed user data leak ‘unfounded’

Ayham Jaabari, a founding contributor of DeFi platform and Safe Harbor nominee Silo Finance, told Cointelegraph that the SEAL agreement being enforced on-chain and tied to updated user terms, reflects the type of accountability expected by banks and regulators.

Part of Silo Finance’s implementation of Safe Harbor has involved publishing recovery addresses on Ethereum, Avalanche, Sonic, Arbitrum, Base and Optimism to remove any doubt about where white hats should return rescued assets. 

Continued adoption of white hat frameworks like Safe Harbor should serve as a warning sign to bad actors, Jaabari added:

“For attackers, the message is clear: the community is organized, coordinated, and prepared to respond rapidly — making exploits less profitable and riskier to attempt.”

White hats now have legal protection 

Another Safe Harbor nominee is the Security Research Legal Defense Fund, a nonprofit that is prepared to fund the legal defense for any white hat who faces legal issues, provided the hack was carried out in good faith.

SRLDF President and Senior Attorney Kurt Opsahl told Cointelegraph that while they haven’t had to use the fund yet, it gives white hats more confidence to step in to safeguard protocols during active attacks:

“By setting out the terms and protections ahead of time, a good faith security researcher knows what the deal is, and can limit their exposure for acting as a Good Samaritan.”

Despite the progress, work remains. Hackers are becoming increasingly sophisticated, siphoning $3.1 billion in the first half of 2025 — already surpassing the $2.85 billion lost in all of 2024. 

The $1.4 billion Bybit hack, along with rising crypto prices, have been the biggest contributors to losses in 2025, already exceeding those seen last year.

CointelegraphCryptoTechnology and adoption
Read more from Cointelegraph

More news from Cointelegraph