Vulnerabilities Addressed
Each case study maps a real attack vector to the specific PGTAIL guards and policy controls that address it. Every mitigation listed operates at evaluation time — before the transaction is signed — using the production API available today.
Case Study: Centralized Custodian Failure
The 2025 Coinbase breach — which affected the founder directly — revealed that the failures were not about weak user passwords. They were about systemic gaps in administrative and technical controls at a major custodial exchange.Even when suspicious activity was reported, centralized workflows still allowed unauthorized transactions to proceed. The root problem: policy enforcement was in the platform's hands, not the user's.
| Vulnerability | PGTAIL Feature | Category | How It Helps |
|---|---|---|---|
| Custodian-enforced transactions allowed during active investigation | E5 — Incident Pause Mode; E4 — Pre-check Async Verdict | PGTAIL Protocol | PGTAIL incident mode enforces an immediate user-defined lockdown of new destinations at evaluation time — before the transaction is signed. No custodian can override it. |
| No mandatory security hold / bulk asset drainage risk | E1 — Velocity & anomaly rules; Trust Range — Block Threshold | PGTAIL Policy | PGTAIL velocity guards block transactions that violate rolling spend patterns. The block threshold enforces automatic stops when risk exceeds policy — before the transaction is signed. |
| Fraudulent recipient / unauthorized destination | B2 — Address Registry (blacklist / graylist / whitelist) | PGTAIL Policy | PGTAIL evaluates the destination address against the registry before signing. Blacklisted destinations are blocked; graylisted destinations trigger elevated scrutiny. Whitelist-only mode blocks all non-approved destinations. |
| Compromised support workflows used to bypass controls | E5 — Incident Pause Mode; Audit Log | PGTAIL Protocol | PGTAIL holds no custody and issues no overrides. Every evaluation decision is logged with full context — which guards fired, policy state at evaluation time — providing an independent audit trail. |
Mitigation summary:OCS holds no custody and issues no overrides. PGTAIL evaluates policy before signing — velocity, registry, incident lockdown, and structured block decisions replace “trust the exchange workflow.” The user sets the rules; the engine holds the line.
Case Study: Code Supply-Chain Attack
In this class of attack, a malicious package update silently replaces cryptocurrency recipient addresses in the front-end UI. Attackers bypass user vigilance entirely — the user signs what looks correct. OCS addresses this with two independent layers: build integrity controls that reduce the chance the malicious code ships at all, and pre-signing evaluation that catches the tampered destination even if the front-end is compromised.
| Vulnerability | PGTAIL Feature | Category | How It Helps |
|---|---|---|---|
| Compromised dependency / injected payload in web app | A1 — Deterministic builds; A2 — Sigstore/Cosign; A6 — Emergency quarantine | Build Integrity | Reproducible builds with SBOM attestation and Sigstore/Cosign provenance reduce the risk of malicious code shipping in operator or client build pipelines. |
| Tampered scripts silently replacing recipient address | B2 — Registry evaluation; E4 — Pre-check verdict before signing | PGTAIL Policy | Even if the front-end submits a tampered destination, PGTAIL evaluates it against the active policy before signing. A substituted blacklisted or non-whitelisted address is caught at evaluation time. |
| No containment / kill-switch during live exploit | E5 — Incident Pause Mode | PGTAIL Protocol | The E5 incident switch gives users an immediate engine-wide lockdown: PGTAIL blocks all destinations not on the approved whitelist until the switch is cleared. One action, immediate effect, no custodian required. |
Mitigation summary: Defense in depth — build integrity reduces the attack surface; PGTAIL evaluation catches the substituted address at signing time. Even a successfully injected payload cannot move funds past a policy that does not allow the destination.
All mitigations above are in production today. Phase 2 forensics extends this with post-incident case intake and evidence packaging. Phase 4 extends enforcement to the protocol layer.
Explore the Full Feature Catalog →