After several harrowing hours in August 2022, white hat hackers anxiously observed as black hats stole $190 million from the Nomad bridge, marking it as the fourth largest crypto hack of that year.
While some white hats bravely intervened to safeguard the funds temporarily, many refrained, fearing legal repercussions.
This incident prompted the crypto security nonprofit Security Alliance (SEAL) to create a means for white hats to operate freely and securely against malicious actors.
This ultimately led to the establishment of the Safe Harbor Agreement, a framework introduced in 2024 that guides white hats and projects during active exploits, as noted by SEAL Safe Harbor initiative co-leads Dickson Wu and Robert MacWha.
“Skilled whitehats who could prevent the attack often hesitate due to the legal uncertainties surrounding ‘hacking’ the protocol they are trying to protect. Safe Harbor alleviates this concern by offering whitehats clear legal safeguards and defined procedures.”
SEAL acknowledges 29 companies supporting crypto’s ethical hackers
Less than two years later, SEAL is now recognizing 29 crypto companies for embracing its Safe Harbor Agreement as part of its inaugural Safe Harbor Champions 2025 awards.
“By uniting around standards like Safe Harbor, we indicate a coordinated defense strategy rather than a fragmented one,” Wu and MacWha stated.
“With billions at stake and numerous attack vectors, establishing clear security standards and rewarding participation elevates the baseline security for all.”
The nominees, categorized as “adopters” and “advocates,” feature Polymarket, Uniswap, a16z Crypto, Paradigm, Piper Alderman, along with Cointelegraph.
Another nominee, Web3 security platform Immunefi, reported to Cointelegraph last month that its adoption of the Safe Harbor initiative has enabled 30 of its white hat security researchers to achieve millionaire status, saving more than $25 billion in customer funds from attempted thefts.
To date, Immunefi has arranged over $120 million in payouts across thousands of reports, with SEAL’s Safe Harbor framework acting as a crucial tool for shielding crypto protocols from malicious actors.
Significant white hat hacks that preserved millions in crypto
SEAL currently has 79 volunteer white hat hackers ready to respond during live exploits. A notable white hat is the pseudonymous c0ffeebabe.eth, who has successfully intervened to save various crypto projects multiple times.
In April, they utilized a Maximal Extractable Value bot to preempt a malicious transaction, recovering $2.6 million intended for theft from the Morpho App.
In July 2023, c0ffeebabe.eth returned $5.4 million worth of Ether (ETH) to Curve users using the same MEV strategy, while earlier that year, they also retrieved 300 ETH from a smart contract exploit on SushiSwap.
thank you c0ffeebabe.eth for returning the funds ❤️https://t.co/DoBoh5QEaR pic.twitter.com/ltEKSvZo80
— banteg (@bantg) July 31, 2023
Good-natured white hat actors also withdrew and returned $12 million worth of Ether and USDC (USDC) from the Ronin bridge in August 2024, receiving commendation from its team for their actions.
Recently, several SEAL volunteers banded together to alert crypto protocols regarding the NPM supply chain attack that impacted JavaScript software libraries in September.
Despite early concerns of a black swan event, the industry’s collective defense minimized total damages to under $50 within the first 24 hours.
“I’m incredibly proud that SEAL acted swiftly to manage and mitigate the crypto aspects of the attack while GitHub and other developers worked diligently to flag and neutralize the threat from a Web2 standpoint,” said SEAL’s pseudonymous founder and CEO, Samczsun.
SEAL’s Safe Harbor Champions 2025 open for voting
The winners of SEAL’s Safe Harbor Champions 2025 awards will be determined by the total number of likes, retweets, quote tweets, and replies to posts by nominees utilizing the @_SEAL_Org tag from October 1 until November 1.
The winners will be revealed on November 3, earning a commemorative SEAL nonfungible token and continued recognition as a 2025 Safe Harbor Champion.
This awards initiative forms part of SEAL’s broader effort to encourage more crypto companies to adopt the Safe Harbor Agreement to enhance the protection of customer assets.
How SEAL’s Safe Harbor framework functions
To adopt the Safe Harbor framework, crypto protocols must join SEAL’s onboarding waitlist. If accepted, they will receive a detailed guideline on compliance.
During an active exploit when a white hat intervenes to secure funds temporarily, the Safe Harbor rules stipulate that those funds must be returned within 72 hours, with a bounty of 10% of recovered funds (capped at $1 million).
Payments are processed only after verification, and to ensure accountability, white hats must complete a Know Your Customer and OFAC check before receiving their rewards.
Membership as a SEAL volunteer is conferred through specific badges that can be earned by contributing time or resources to support SEAL’s operations and initiatives.
The crypto industry is embracing accountability
Adopting the Safe Harbor initiative demonstrates “to outsiders that crypto has matured beyond its chaotic beginnings into a coherent ecosystem capable of collective action,” Wu and MacWha remarked.
Related: Crypto.com asserts report of undisclosed user data leak is ‘baseless’
Ayham Jaabari, a founding member of the DeFi platform and Safe Harbor nominee Silo Finance, stated that the SEAL agreement being enforced on-chain and linked to updated user terms mirrors the level of accountability expected by banks and regulators.
A part of Silo Finance’s implementation of Safe Harbor includes publishing recovery addresses on Ethereum, Avalanche, Sonic, Arbitrum, Base, and Optimism, eliminating any ambiguity surrounding where white hats should return liberated assets.
Continued adoption of white hat frameworks like Safe Harbor should act as a warning to bad actors, Jaabari added:
“For attackers, the message is clear: the community is organized, coordinated, and ready to react promptly — making exploits less profitable and riskier to attempt.”
White hats now benefit from legal protection
Another Safe Harbor nominee is the Security Research Legal Defense Fund, a nonprofit ready to finance the legal defense for any white hat facing legal issues, provided the hack was executed in good faith.
SRLDF President and Senior Attorney Kurt Opsahl informed Cointelegraph that although they have yet to utilize the fund, it instills greater confidence in white hats to intervene and protect protocols during ongoing attacks:
“By outlining terms and protections in advance, a good faith security researcher understands the situation, allowing them to minimize their risk when acting as a Good Samaritan.”
Despite the advancements made, challenges persist. Hackers are becoming increasingly adept, siphoning $3.1 billion in the first half of 2025 — already surpassing the $2.85 billion lost in all of 2024.
The $1.4 billion Bybit hack, coupled with rising crypto prices, has accounted for the majority of losses in 2025, already exceeding those incurred last year.
Magazine: ‘SEAL 911’ team of white hats formed to combat crypto hacks in real time
