In August 2022, white hat hackers endured several tense hours as “black hats” stole $190 million from the Nomad bridge, marking it as the fourth largest crypto hack that year.
While some white hats opted to temporarily secure the funds, many were hesitant, fearing legal repercussions for their involvement.
This incident prompted the crypto security nonprofit Security Alliance, or SEAL, to develop a means to provide white hats with the freedom and, crucially, legal protections to combat malicious actors.
This evolved into the Safe Harbor Agreement—an initiative launched in 2024 to guide white hats and projects during active exploits, as explained by SEAL Safe Harbor initiative co-leads Dickson Wu and Robert MacWha.
“Skilled white hats who could stop the attack often hesitate due to legal uncertainty around ‘hacking’ the protocol they’re trying to save. Safe Harbor eliminates this fear by providing white hats with clear legal protection and outlined steps.”
SEAL honors 29 companies supporting ethical hackers in crypto
Less than two years later, SEAL is recognizing 29 crypto companies for adopting and supporting its Safe Harbor Agreement as part of its inaugural Safe Harbor Champions 2025 awards.
“By uniting around standards like Safe Harbor, we’re signaling a coordinated defense strategy instead of remaining fragmented,” Wu and MacWha stated.
“With billions at risk and numerous attack vectors, establishing clear security standards and recognizing participation elevates baseline security for all.”
The nominees, categorized as “adopters” and “advocates,” feature Polymarket, Uniswap, a16z Crypto, Paradigm, Piper Alderman, and others, including Cointelegraph.
Immunefi, another nominee and Web3 security platform, informed Cointelegraph last month that its adoption of the Safe Harbor initiative has enabled 30 white hat researchers to become millionaires, salvaging over $25 billion in customer funds from theft attempts.
To date, Immunefi has overseen over $120 million in payouts across thousands of reports, utilizing SEAL’s Safe Harbor framework as a robust tool against malevolent entities.
Significant white hat hacks that preserved millions in crypto
Currently, SEAL boasts 79 volunteer white hat hackers ready to engage during active exploits. A notable figure among them is the pseudonymous c0ffeebabe.eth, who has frequently intervened to rescue crypto projects.
In April, they utilized a Maximal Extractable Value bot to outmaneuver a malicious transaction, reclaiming $2.6 million from the Morpho App.
In July 2023, c0ffeebabe.eth returned $5.4 million in Ether (ETH) to Curve users using the same MEV tactic, and earlier that year, they recovered 300 ETH from a smart contract exploit on SushiSwap.
thank you c0ffeebabe.eth for returning the funds ❤️https://t.co/DoBoh5QEaR pic.twitter.com/ltEKSvZo80
— banteg (@bantg) July 31, 2023
In August 2024, good-faith white hat actors withdrew and returned $12 million in Ether and USDC (USDC) from the Ronin bridge, earning praise from the project’s team for their contributions.
Recently, several SEAL volunteers worked together to alert crypto protocols about the NPM supply chain attack that targeted JavaScript libraries in September.
Thanks to early warnings, the total damage was limited to under $50 within the first 24 hours, despite initial concerns about a significant blackout.
“I’m immensely proud that SEAL acted swiftly to address the crypto implications of the attack while GitHub and other developers promptly neutralized the Web2 threat,” remarked SEAL’s pseudonymous founder and CEO, Samczsun.
Voting is now open for SEAL’s Safe Harbor Champions 2025
Winners of SEAL’s Safe Harbor Champions 2025 awards will be decided based on likes, retweets, quote tweets, and replies on nominee posts using the @_SEAL_Org tag from October 1 to November 1.
The winners will be unveiled on November 3, earning a commemorative SEAL non-fungible token and recognition as a 2025 Safe Harbor Champion.
The awards are part of SEAL’s broader initiative to motivate more crypto companies to adopt the Safe Harbor Agreement, fortifying customer asset protection.
Understanding SEAL’s Safe Harbor framework
To adopt the Safe Harbor framework, crypto protocols need to join SEAL’s onboarding waitlist. Upon approval, they will receive a detailed guide on compliance.
During an active exploit where a white hat intervenes to secure funds temporarily, the Safe Harbor guidelines mandate the return of funds within 72 hours, with a bounty of 10% of the recovered amount (capped at $1 million).
Payouts are processed following verification, and to ensure accountability, white hats are required to undergo a Know Your Customer and OFAC check before receiving rewards.
Additionally, SEAL volunteer membership is granted through specific badges that are earned by contributing time or funds to support SEAL’s operations and initiatives.
The crypto sector is fostering accountability
Embracing the Safe Harbor initiative demonstrates “to the external world that crypto has matured beyond chaos into a cohesive ecosystem poised for unified action,” Wu and MacWha stated.
Related: Crypto.com claims report of undisclosed user data leak ‘unfounded’
Ayham Jaabari, a founding contributor of DeFi platform and Safe Harbor nominee Silo Finance, shared with Cointelegraph that the SEAL agreement, enforceable on-chain and linked to updated user terms, embodies the level of accountability expected by banks and regulators.
Silo Finance’s implementation of Safe Harbor includes publishing recovery addresses on Ethereum, Avalanche, Sonic, Arbitrum, Base, and Optimism, ensuring clarity for white hats returning rescued assets.
Ongoing adaptation of white hat frameworks like Safe Harbor should signal bad actors, according to Jaabari:
“For attackers, the message is unmistakable: the community is organized, proactive, and ready to respond swiftly—making exploits increasingly unprofitable and risk-laden.”
Legal protections for white hats are now in place
Another nominee for Safe Harbor is the Security Research Legal Defense Fund, a nonprofit prepared to financially support the legal defense of any white hat facing legal issues, provided their actions were conducted in good faith.
SRLDF President and Senior Attorney Kurt Opsahl remarked to Cointelegraph that even though they haven’t needed to utilize the fund yet, it instills greater confidence in white hats to intervene during active threats:
“By clarifying the terms and protections upfront, a well-meaning security researcher understands the conditions and can mitigate their risks in acting as a Good Samaritan.”
Despite advancements, challenges remain. Hackers are growing more sophisticated, having siphoned $3.1 billion in the first half of 2025—already surpassing the $2.85 billion lost in all of 2024.
Significantly, the $1.4 billion Bybit hack, coupled with rising crypto prices, has largely fueled the losses experienced in 2025, which have already exceeded those of the previous year.
Magazine: ‘SEAL 911’ team of white hats formed to combat crypto hacks in real-time
