Security Alliance

From Safe Harbor protections to threat intel sharing to incident response coordination -- our programs exist because the community needed them and no one else was building them. Help us keep the working going: securityalliance.org/donate

Welcome @SkyEcosystem! Sky joins a growing list of protocols giving ethical hackers legal cover to rescue funds during active exploits. Sky's adoption extends the framework's coverage to $62B TVL across all adopting protocols. securityalliance.org/safe-harbor

Missed darkMode 2026? Check out the link below for a recap of several talks that caught our attention. Hope to see you next year!

Up next in our Framework of the Month series: Multisig for Protocols "We use a multisig," tells you nothing about actual security because configuration, signer selection, and operational procedures matter. Most multisigs fail on all three. 🔥 Remember that adding more signers ≠ more security. Poorly configured 5-of-9 multisig < well-configured 2-of-3. Real security comes from thoughtful design. 🎯 Our Framework covers the full multisig lifecycle: - Threshold & signer selection strategy - Signer security requirements & verification - Operational procedures & approval workflows - Key rotation & signer replacement protocols - Emergency response & recovery procedures Your multisig is only as secure as: - The most compromised signer - Your weakest operational procedure - Your slowest emergency response time 🙏 Massive appreciation to @bl4ckb1rd71 @pinalikefruit @isaacpatka @DicksonWuML @PabloSabbatella @theSouilos and Geoffrey at @0xshield3 for contributing their implementation expertise to this framework! 🔗 Here's the complete Multisig for Protocols framework: frameworks.securityalliance.org/multisig-for-p…

@MarcoWorms It’s good advice & a tasty snack. 🤣

I just got a new dog and now I have to upgrade my house opsec 😂 @_SEAL_Org

See something suspicious? Send us a tip on Telegram: t.me/seal_tips_bot Want to know more about our work? Check out radar.securityalliance.org

The @_SEAL_Org Intel team is tracking multiple attacks targeting @EthereumDenver attendees. These are bogus NFT and POAP claim sites linking to cryptocurrency drainers: An attack designed to drain all the funds from victim wallets.

Did you go to @EthereumDenver or any side events? Are you being offered free NFTs? Always check the transaction details! Be wary of any website requiring you to connect your wallet, or even side events linking to outside websites.

"Would you give an intern admin keys?" The panel on AI agents and Security tools gave us a candid overview of the current state of the market. Kicking off @EthereumDenver with some crucial questions and challenges. Thanks to @SEAL_Org for organizing and friends joining

Initiative Lead @isaacpatka shared some exciting updates on SEAL Certs today at DarkMode! Following his talk, we wanted to share the progress we’ve made building this with the community. Since releasing our RFC in November, 20+ security researchers & firms have contributed feedback. 20+ protocols, treasuries, & foundations participated in free gap analyses to help refine the criteria. This isn’t a top-down standard being imposed on crypto. It’s being built WITH the industry by the security experts and protocols who will actually use it. Want to help shape the future of operational security standards for crypto? Review the public RFC, request a free gap analysis, or join the waitlist: frameworks.securityalliance.org/certs/overview/

gm ☀️ Show of hands — who’s joining us at DarkMode today? @samczsun kicks things off at 9:45am MT 🎉 darkmode.securityalliance.org/darkmode-2026/…

Another one joins the Safe Harbor family! 🎉 @KleidiWallet just adopted Safe Harbor – perfect timing as we celebrate our 2nd birthday tomorrow. That's 25 protocols now committed to working with white hats who protect the ecosystem. Welcome to the crew.

3/ Why this matters: Safe Harbor empowers skilled researchers to step in during active exploits without legal uncertainty. When protocols are under attack, white hats can act immediately to rescue funds, knowing they’re protected for doing the right thing. It’s about building an ecosystem where the people with the skills to help during a crisis can actually help – turning potential legal risk into clear, mutual protection. Beyond individual incidents, Safe Harbor demonstrates that protocols can operate with operational excellence and professionalism. 🙏 Huge shoutout to @pendle_fi, @BorosFi, and @eulerfinance for already upgrading to v3.0 and leading the way in protecting white hats. Ready to join them? 📖 Already using Safe Harbor? Upgrade guidance here: github.com/security-allia… 🆕 Not on Safe Harbor yet? Now’s the time to join leading protocols committed to protecting the researchers who protect users. frameworks.securityalliance.org/safe-harbor/se… Building a safer, more collaborative Web3. 💪

2/ What’s new in v3.0: 🔍 Enhanced clarity on good faith actions – Explicit definitions for what qualifies as good faith security research, including criteria for contacting protocols, avoiding harm, and acting in the ecosystem’s best interest. 🛡️ Expanded coverage – Clearer protections for vulnerability testing, security research, and white hat fund recovery operations during active exploits. 📋 Streamlined implementation – Updated adoption guidance showing protocols how to integrate Safe Harbor with existing bug bounty programs and incident response procedures. ✅ Battle-tested – Independently audited by @Cyfrin to ensure it protects both researchers and protocols. Full audit: github.com/cyfrin/cyfrin-…

Happy 2nd Birthday to SEAL Safe Harbor — v3.0 is now live! Here’s what’s new and why it matters for the ecosystem 🧵 What we’ve built together: ✅ 24 protocol adoptions to date ✅ Capability to support 100+ chains ✅ On-chain verification ✅ 2 major revisions based on real-world use ✅ Dedicated SEAL Framework with resources for self-adoption ✅ A new standard for how crypto works with white hats during crises

Proud to have contributed to this as a steward at SEAL Alliance, I drafted the initial framework for Domain and DNS Security, an attack surface that's massively underrated in Web3. While most teams focus on smart contracts and key management, attackers are quietly going after DNS registrars, subdomain configs, and domain renewals. We've seen major protocols get rekt through DNS hijacking alone. This framework covers the full spectrum - registrar hardening, DNS configuration best practices, subdomain governance, expiration management, and incident response playbooks. I'm actively reviewing PRs and contributing to evolve this further. If you're working on infrastructure security in Web3, would love to chat and collaborate. 🔜 Also building something exciting at DigiBastion.com, an automated DNS security scanner where you just input a domain name and instantly get: 1. Misconfiguration detection and malicious pattern alerts 2. DNSSEC validation status 3. Subdomain takeover risk assessment 4. Dangling DNS records and zone transfer checks 5. SPF/DKIM/DMARC policy analysis 6. Nameserver delegation chain audit 7. Actionable remediation steps with a full dashboard Bringing Web2 infra security expertise into Web3 because your protocol is only as secure as the domain serving it. Check-out the Full framework → frameworks.securityalliance.org/infrastructure…

Grateful for community partners like @thedaofund that make this work possible! 🙏

5/ 🙏 Thanks to @__Raiders, @DicksonWuML, & @mattaereal for driving this one, bridging web2 & web3! Full Domain and DNS Security framework: frameworks.securityalliance.org/infrastructure…

4/ Our Framework covers: • Registrar selection & account hardening • DNS configuration security best practices • Domain renewal & expiration management • Subdomain governance & monitoring • Incident response for domain compromises

5/ 🙏 Thanks to @__Raiders, @DicksonWuML, & @mattaereal for driving this one across web2 & web3! Full Domain and DNS Security framework: frameworks.securityalliance.org/infrastructure…