Security Alliance (SEAL), a nonprofit crypto crime investigation group, has introduced and to combat phishing scams that exploited over $400 million in cryptocurrency-related losses during the first half of 2025[2]. The system addresses a critical gap in current phishing detection: the inability to verify whether reported malicious websites genuinely serve harmful content or use cloaking techniques to display benign pages to automated scanners[1].
Traditional phishing reporting relies on user-submitted URLs and hostname-based heuristics, which are vulnerable to false positives and evasion tactics like CAPTCHAs and IP-based cloaking[1]. SEAL's solution leverages cryptographic verification to ensure that reports reflect exactly what a user encountered. The TLS Attestations protocol creates signed, tamper-evident proofs of web content delivered during a TLS session, allowing researchers to confirm malicious activity without visiting the site directly[2].
The system operates through a and a . When a user suspects a phishing site, the proxy captures the TLS session, including the ClientHello handshake. The attestation server then mimics the user's browser, performs cryptographic operations, and signs a transcript of the session, including the server's certificate chain and observed content[1]. This signed attestation becomes a , which can be shared with platform defenders or law enforcement without exposing the submitter to risk[2].
SEAL emphasizes that the tool is designed for , not the average user[2]. By cryptographically binding reports to specific sessions, the system reduces reliance on unverified claims and accelerates takedown efforts. For example, phishing kits that dynamically serve malicious content only to real victims-rather than scanners-can now be exposed through attested session data[1].
The initiative builds on SEAL's existing tools, such as (a Telegram channel for reporting crypto crimes) and (a collaboration hub for victims and researchers). Backed by a16z Crypto, the
Foundation, and Paradigm, the nonprofit aims to strengthen defenses against a phishing landscape that saw 1.13 million attacks in Q2 2025 alone.Despite its promise, adoption hinges on interoperability and integration with existing security workflows. Critics note that while TLS Attestations enhance evidence collection, they do not prevent phishing attacks outright but rather improve detection and response accuracy[2].
The technology's architecture deliberately balances privacy and efficiency. Unlike TLSNotary, which uses multi-party computation (MPC) but generates large proofs, TLS Attestations streamline the process by relying on a trusted attestation server[1]. This allows high-volume verification without compromising user anonymity, as the server only accesses data necessary for attestation[1].
SEAL tested the system in a private beta for over a month, with plans to expand its use among researchers and defenders. The tool's impact is expected to be significant in sectors like crypto, where phishing losses accounted for $2.17 billion in H1 2025 according to Chainalysis.
Comments
No comments yet