OnChain Sentinel logoOnChain Sentinel

The Coinbase Breach

In May 2025, Coinbase disclosed a major security breach in which cyber criminals bribed overseas support agents to steal customer data. Millions of users were exposed to social engineering and account takeover attempts. But beyond that disclosure, a deeper problem emerged: systemic failures in Coinbase’s own controls enabled attackers to drain accounts.

Even those with strong personal security practices are not immune when custodians fail. Our founder — a seasoned cybersecurity leader with over a decade of direct experience protecting critical systems and leading teams of thousands — followed every best practice available. Yet systemic failures at Coinbase allowed attackers to bypass safeguards, link fraudulent accounts, and move assets during active investigations. This experience shows that personal diligence alone is not enough when the stewards of money and crypto neglect to apply security at the institutional level.

Timeline of Incidents

Incident 1 — February 17, 2025

Unauthorized transfers were executed from a Coinbase account before the legitimate user even logged in. Blockchain records confirm multiple transfers were processed during this window, proving that exchange systems allowed movement of funds without proper authorization safeguards in place.

Incident 2 — February 25, 2025

While the account was under active security investigation, Coinbase prematurely instructed the user to unlock it. During this vulnerability window, a fraudulent bank account was linked and nearly all remaining funds — tens of thousands in value — were drained. Despite multiple alerts to Coinbase, the transfers were not blocked.

Discovered Vulnerabilities

Technical Control Failures

  • No investigation flag to stop unlock instructions on compromised accounts
  • Absence of mandatory security holds during active investigations
  • Weak integration between support and security workflows
  • No automated safeguards against reactivation after reported breaches
  • Fraudulent bank account linking bypassed standard verification

Administrative Control Failures

  • Support agents instructed account unlocks while breaches were unresolved
  • Lack of supervisory review for high-risk account changes
  • Failure to isolate compromised accounts from standard workflows
  • False assurances given to the customer while funds were being stolen
  • No escalation despite repeated reports of fraudulent activity

Impact

The outcome was devastating. Tens of thousands in value were stolen, not because of weak passwords or poor personal security, but because the custodian failed to apply even baseline security practices. If a seasoned cybersecurity leader — responsible for securing systems for thousands of personnel — could be compromised in this way, it proves that no individual can fully defend against custodial negligence.

Why This Proves the Need for OnChain Sentinel

Coinbase’s failures highlight the central flaw of custodial models: users must blindly trust stewards of money and crypto to apply security correctly. When they fail, even the most diligent customers are left exposed. OnChain Sentinel was created as a direct answer to this systemic weakness.

  • Zero-trust policy enforcement before any transaction is signed
  • Fraud intelligence and destination scoring at the point of approval
  • Multi-party, hardware-based approvals for sensitive transfers
  • Immutable audit receipts proving every action and decision

For a full list of vulnerabilities addressed by OnChain Sentinel, see our Vulnerabilities Addressed page.

OnChain Sentinel is not a wallet. It is not a custodian. It is the guard at the gate, ensuring that what should happen, does — and what shouldn’t, never will.

← Back to About