Vulnerabilities Addressed
Each case study highlights how attackers exploited systemic weaknesses, and how OnChain Sentinel prevents the same class of failures. These tables are direct slices of our full feature catalog applied to real-world breaches.
Case Study: Coinbase Breach (2025)
In 2025, Coinbase disclosed that overseas support contractors had been bribed by attackers — an insider-driven compromise that exposed millions of customer records. While Coinbase framed the incident as a data breach, a deeper review revealed more troubling flaws. When one account was investigated, it was discovered that assets were drained while the account was under active security review, premature unlock instructions were issued, and a fraudulent bank account was successfully linked. Even when suspicious activity was reported, Coinbase’s workflows still allowed transactions to proceed. These findings show that the failures were not about weak passwords or careless users, but about systemic gaps in administrative and technical controls at a major custodial exchange.
| Coinbase Vulnerability | OnChain Sentinel Feature | Category |
|---|---|---|
| No investigation flag / premature unlock | E5 — Incident “pause” mode; E4 — Pre-check async verdict | Risk Engine / Policy |
| No mandatory security hold during active breach | B6 — Multi-sig in-policy co-sign; E1 — Velocity & anomaly rules | Wallet Safeguards |
| Fraudulent recipient / bank account linking | B2 — Address Lock / Whitelist; E3 — Sanctions & heuristics checks | Risk Engine |
| Compromised support workflows | F1 — Real-time approval dashboard; F2 — Alerting integrations | Monitoring |
| Lack of accountability & post-mortems | F3 — Forensics bundle; F4 — Advisory templates | Response & Evidence |
| No signer attribution / impersonation risk | D4 — Session attestation | Runtime Integrity |
Case Study: NPM Supply-Chain Attack (2025)
In September 2025, a highly trusted JavaScript library distributed via NPM was compromised after attackers gained access to a reputable developer’s account. The malicious package update was pulled into millions of applications within hours. Hidden inside the code was a payload that silently replaced cryptocurrency recipient addresses on the fly, rerouting transactions mid-stream. Because the package was signed and came from a known maintainer, downstream projects trusted it automatically. This incident highlighted the fragility of software supply-chains: a single compromised dependency could weaponize thousands of wallets, dApps, and exchanges, bypassing user vigilance entirely.
| Supply-Chain Vulnerability | OnChain Sentinel Feature | Category |
|---|---|---|
| Compromised dependency / injected payload | A1 — Deterministic builds; A2 — Sigstore/Cosign; A3 — SBOM drift alerts; G1 — Pre-commit gates | Supply-Chain Security |
| Tampered scripts in front-end UI | A4 — SRI + CSP; D1 — Tamper-evident UI; D2 — Remote-config hardening | Runtime Integrity |
| Silent address-swaps in clipboard/UI | B2 — Address Lock / Whitelist; C2 — Clipboard hijack detection; C5 — Mempool simulator; C6 — Domain guard | Wallet Safeguards |
| No containment / kill-switch during exploit | A6 — Emergency dependency quarantine; E5 — Incident “pause” mode; G4 — Incident playbooks | Incident Response |
These incidents illustrate how Sentinel closes gaps others leave open. Explore the full feature list →