On the Importance of the Security Alliance
At Sigma Prime, we are proud to be a founding member of the Security Alliance (SEAL), a group of web3 security leaders who recognise the need for an industry wide organisation to promote blockchain safety.
Why do we need a Security Alliance?
We all know that security is extremely important in web3. It is estimated around \$1.6 billion was lost from hacks and exploits in 2023, and this was down from over \$3.8 billion the previous year.
Firms such as Sigma Prime work throughout the year to protect our clients from such dangers, but there is always more to be done. An organisation like SEAL offers a number of further benefits to the world of blockchain over and above the existing collection of private security firms:
- A trusted, neutral starting point for anyone looking for information on web3 security
- The chance to establish commonly agreed security standards
- A representative body to speak to those in power from the perspective of web3 security professionals
- New security initiatives that a neutral alliance such as SEAL makes possible
What do you mean, “a neutral alliance”?
SEAL is a registered non-profit organisation. The vast majority of those working in web3 security are paid professionals and companies. Because SEAL is not a profit seeking organisation, it can do things that an individual company can’t. Take the bullet points in the previous section:
- Anyone looking for web3 security information will be able to start at SEAL knowing its information is not distorted by any marketing concerns.
- Security standards can be agreed by everyone without concern that one group is setting them to their advantage.
- A neutral body will do a better job of speaking for all members of the industry.
- Some great ideas may be difficult for an individual company to fund, especially if they don’t generate revenue.
This is also where the Security Alliance’s original founder has been so pivotal. Samczsun is a universally admired security expert in web3 with countless brilliant saves to his name. Sam is well trusted across the industry, well known and, crucially, does not run a security product or consultancy. This has empowered him to draw together the many competing commercial actors into a common alliance, utilising our trust and admiration for him personally. In this, he has been crucially supported by other benevolent people who have worked tirelessly to help establish the Security Alliance.
New Offerings from SEAL
SEAL has launched these three great initiatives since its launch, but we expect there to be more in future.
SEAL 911
This is an emergency helpline for recently hacked projects, recently discovered live vulnerabilities, or any other situation where a person might not be sure who to turn to, but know that they need help fast.
Safe Harbour
Sometimes a live vulnerability can be discovered by a white hat hacker and the best course of action is to use the vulnerability to take out all the funds before a malicious actor does.
These can be the worst case situations where all safety measures would fail and the vulnerability is so critical that even discussing it appears to be a risk.
Unfortunately, there is a risk to the white hat that they could get into legal trouble for taking a project's funds without consent. This discourages white hats from helping in these situations, potentially leaving projects vulnerable.
If a white hat uses a vulnerability to move funds to a SEAL designated Safe Harbour address, they prove that they never had any intention to steal the funds. In fact, the funds remain within the control of the project all along.
Projects can sign up to legally commit not to sue white hats who use SEAL Safe Harbour addresses.
War Games
This is where a “red team” attempts to attack a protocol in a test environment. It’s a great way for projects to test their incident response procedures and train themselves for any security challenges they might come up against.
SEAL’s Early Achievements
The Security Alliance has come out swinging with many acts to make the web3 world more secure, such as alerting projects to discovered threats in real time or assisting in the recovery of millions in stolen funds. An unofficial estimate by SEAL insiders at the time of writing puts the total saved and protected funds at around $50 million, with this number likely to grow on a daily basis.
Sigma Prime @ SEAL
We have been enthusiastic backers of the Security Alliance idea ever since Samczsun approached us. We are proud founding members and have taken an active role in discussions and projects alongside many industry partners.
For example, as described in this X tweet, we participated in war games with AAVE where we attempted to hide attacks in seemingly innocent governance proposals.
Sigma Prime has met with regulators and policy makers in multiple countries who have a keen interest in web3 security regulation.
We continue to be an active part of initiatives inside SEAL, especially those around establishing and promoting common standards in web3 security.
What Next for SEAL?
SEAL will continue to push on with web3 security standardisation and representation, as well as offering exciting new facilities. We encourage everyone to view SEAL as the cross-industry authoritative voice on blockchain security. The establishment of this industry body will benefit everyone in web3.
If you want to support this promising initiative, please consider a donation to the Security Alliance: EVM-based tokens can be sent to seal911.eth, which resolves to this address (Safe multisig). The people working on SEAL right now are mostly doing so for free. Further funding expands the possibilities of what SEAL can achieve in future.
We think SEAL is an organisation well worthy of the blockchain community’s resounding support.