Crypto security pros launch new anti-phishing tool for safer Web3

Published: 14 October 2025
Last updated: 14 October 2025
fishing-hook-with-a-crypto

As phishing criminals become increasingly sophisticated, crypto security experts have developed a new tool for advanced users and security researchers that helps verify phishing reports.

After testing its Verifiable Phishing Reports program in private beta for a month, the team of crypto security researchers, Security Alliance (SEAL), has opened it to the public.

The program leverages its newly developed TLS (Transport Layer Security) Attestation system, which allows researchers to see exactly what the user reporting a phishing site sees. This enables researchers to evaluate more accurately whether malicious content was served on a domain.

ADVERTISEMENT

"At SEAL, we consistently receive an overwhelming number of reports of phishing sites that were clearly malicious based on a cursory review of just the domain name. However, while we could have confidence that our users were reporting content in good faith, blindly relying on hostname-based heuristics in a world where legitimate domains sometimes look as suspicious as phishing domains is also a sure path to false positives," the team said.

Its TLS Attestation system includes a client-side HTTP proxy that the user must run and a server-side attestation server that is assumed to be trusted. Once all the necessary steps are completed, the user can present this attested session as needed.

monitor-man-crypto-report-verified

Through the Verifiable Phishing Reports program, users can submit attestations for sites they believe contain phishing content.

According to SEAL, once they receive a report, they'll be able to verify the submission and ensure that it is both properly signed and contains evidence of malicious activity.

"This allows us to focus on identifying and mitigating specific variants of phishing kits, while allowing legitimate users to perform the actual requests to the phishing kits," it said, emphasizing that this makes it much harder for phishing kits to determine whether they should serve the malicious payload or a benign cloaked website.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

In a separate story, another crypto security tool has also been introduced. 0xBow, the developers behind the crypto privacy-focused project Privacy Pools, announced the Tornado Cash Proof of Association tool. It allows users of Tornado Cash, a so-called crypto mixer that helps protect users’ privacy, to prove their Tornado Cash withdrawals aren’t linked to illicit activity, without giving up privacy.

ADVERTISEMENT

"This launch marks a major step toward reconciling privacy and compliance for Tornado Cash," 0xBow said.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Nadella scoffs at AI giants as Microsoft may host China’s DeepSeek
Cruel cyber training in Canada: testing if exhausted employees would fall for a 'day off' scam
Cloudflare gives AI agents temporary accounts to deploy websites without human logins
Developers giving attackers a free ride after hundreds of iPhone AI apps found exposing credentials
This tiny European country is pioneering digital ID for AI agents
Canadian lender TD tells some employees it will use software to monitor their work
ADVERTISEMENT