
Behavioral Security · Chainlink CRE
Behavioral Security for AI Agents On-Chain
We monitor your AI agents the way Hexagate monitors your smart contracts. Per-agent behavioral baselines catch compromise before damage is done.
They monitor contracts. We monitor agents. You need both.
AI Agents Are Managing Billions. Who’s Watching Them?
Hexagate monitors contracts. Hypernative monitors protocols. Nobody monitors the AI agents operating on them — until now.
$25M TVL
Theoriq Alpha Vault
Theoriq Alpha Vault — managed by autonomous AI agents
200K+
ERC-8004 Verified Agents
ERC-8004 verified agents on 6 chains
$285M
Drift Protocol · April 2026
Drift Protocol — compromised agent drained vault in 12 minutes
When a compromised AI agent uses valid credentials to propose a normal-looking transaction, Hexagate approves it.
SentinelCRE catches it.
$168.6M
Lost in Q1 2026 · 34 hacks
92%
Security pros concerned about AI agents
$30T
Projected agent economy by 2030
55.88%
Smart contract vulns AI can auto-exploit
Three Layers. No Single Point of Failure.
The SentinelCRE Behavioral Platform evaluates every action — across smart contracts, REST APIs, email workflows, and financial systems — through three independent layers.
Layer 1
On-Chain Policy
Hard-coded guardrails no AI can override. Value limits, contract whitelists, function blocklists, rate limiting, Proof of Reserves.
Layer 2
Behavioral Scoring
12 proprietary dimensions across 4 categories detect anomalies in real-time. Catches what rules alone cannot — value analysis, behavioral patterns, interaction monitoring, temporal analysis.
Layer 3
Dual-AI Consensus
Two independent AI models evaluate every suspicious action. Both must approve. One dissent blocks.
Even if both AI models are compromised, on-chain policy catches the violation. Defense in depth — not defense in hope.
Real incident · May 2026
The Grok drain, replayed with SentinelCRE
A Morse-encoded instruction and a gifted NFT drained a live AI agent. Watch where the three layers stop it.
BLOCKED
Attack neutralized before execution
↓ scroll to replay
How We Compare
CrowdStrike doesn’t do web3. Hypernative doesn’t do web2.
Nobody combines red team + behavioral platform across both.
CrowdStrike
Web2 EDR
- Web2 + Web3
- Behavioral monitoring
- Pre-execution blocking
- Red team service
- Multi-AI consensus
Hypernative
Web3 monitoring
- Web2 + Web3
- Behavioral monitoring
- Pre-execution blocking
- Red team service
- Multi-AI consensus
Mandiant
IR consulting
- Web2 + Web3
- Behavioral monitoring
- Pre-execution blocking
- Red team service
- Multi-AI consensus
Scoprix
Full-spectrum
- Web2 + Web3
- Behavioral monitoring
- Pre-execution blocking
- Red team service
- Multi-AI consensus
Comparison based on publicly available capabilities. We’re a complementary layer to most of these — partnership opportunities available.
Even With Compromised Access
SentinelCRE catches attacks at every stage — from obvious exploits to subtle frontier-class threats.
Attacker Gains Access
Admin keys compromised, credentials stolen, or agent hijacked
Layer 1 — Policy Enforcement
Blocked functions, value limits, contract whitelist, rate limiting
Layer 2 — Behavioral Scoring
12 proprietary dimensions across value analysis, behavioral patterns, interaction monitoring, temporal analysis
Layer 3 — Dual-AI Consensus
Two AI models evaluate social engineering, injection, impersonation
What Gets Through
Only 2 attacks pass — frontier classes discovered through our adversarial sandbox, mechanics withheld for responsible disclosure
Even with compromised admin access, SentinelCRE blocks 96.1% of attacks.
The 2 remaining attacks are frontier AI-agent classes our adversarial sandbox surfaced — scenarios no existing security system prevents. Mechanics withheld for responsible disclosure.
The losses we’re built to stop
$0
Across 19 real incidents — every one a valid-credential, anomalous-behavior attack. Behavioral monitoring catches this class even when keys are compromised.
$1.5B
Bybit
February 2025 · Ethereum
Largest single crypto theft — unauthorized hot wallet withdrawal
Attribution: Lazarus Group (DPRK)
$625M
Ronin Bridge
March 2022 · Ethereum
5 of 9 validator keys compromised via fake job offer
Attribution: Lazarus Group (DPRK)
$326M
Wormhole
February 2022 · Solana / Ethereum
Forged guardian signatures — uncollateralized 120K wETH mint
Attribution: Unknown
$292M
New · 2026KelpDAO (rsETH)
April 2026 · Ethereum (20+ chains)
Off-chain bridge infrastructure compromise — attacker took over internal RPC nodes and DDoS’d external ones to feed false data to a 1-of-1 DVN (single-signer verifier) on a LayerZero-powered bridge, releasing 116,500 rsETH against a phantom burn. Cross-chain message validity rested on one node.
Attribution: Lazarus Group / DPRK (reported)
$285M
Drift Protocol
April 1, 2026 · Solana
6-month DPRK intelligence operation — in-person social engineering, $1M deposited, contributor devices compromised via IDE vulnerability
Attribution: UNC4736 / AppleJeus (DPRK)
$197M
Euler Finance
March 2023 · Ethereum
Flash loan attack — majority of funds returned via on-chain negotiation
Attribution: Unknown (funds returned)
$182M
Beanstalk
April 2022 · Ethereum
Flash loan governance takeover — borrowed voting power in single tx
Attribution: Unknown
$114M
Mango Markets
October 2022 · Solana
Oracle manipulation via concentrated position — attacker publicly identified and convicted
Attribution: Avraham Eisenberg (convicted Apr 2024)
$50M
Radiant Capital
October 2024 · Ethereum / Arbitrum
Same DPRK group as Drift — multisig manipulation via device compromise
Attribution: UNC4736 (DPRK)
$32M
New · 2026Humanity Protocol
June 2026 · Ethereum
Developer-machine malware gained root and stole 7 private keys across 3 accounts; ~447M H tokens stolen/minted and dumped, token down 80%+ in 12h. One infected developer laptop = protocol-wide key compromise.
Attribution: DPRK-associated tooling (reported)
$29M
New · 2026Step Finance
January 2026 · Solana
Executive device/endpoint compromise → treasury + fee-wallet private keys stolen (261,854 SOL, ~$29M drained; ~$40M full impact). No smart-contract bug — the attack surface was a privileged human’s laptop.
Attribution: Unknown (DPRK tooling reported)
$25M
New · 2026Resolv Labs
March 2026 · Ethereum
Cloud KMS compromise — attacker gained unauthorized access to the project’s AWS Key Management Service and minted ~80M unbacked USR stablecoin. Cloud infra/KMS as a mint-authority attack surface.
Attribution: Unknown
$10M
New · 2026Syscoin Bridge
June 2026 · Syscoin / NEVM
Cross-layer proof-parsing mismatch between Syscoin Core and the NEVM relay — a crafted fake proof was parsed as a valid burn, authorizing an unbacked 5B SYS mint. Recovered.
Attribution: Unknown (funds returned + burned)
$7.5M
JaredFromSubway.eth (MEV bot)
June 2026 · Ethereum
One of Ethereum’s most active MEV/sandwich bots was drained by turning its own automated trading logic against it: fake wrapper tokens (fake WETH/USDC/USDT) and fake liquidity pools made trades look profitable, tricking the bot into approving attacker helper contracts; the approvals were left open and later used to sweep real funds via transferFrom.
Attribution: Unknown
$6M
Summer.fi (Lazy Summer)
July 2026 · Ethereum
A ~$65.4M flash loan manipulated liquidity across Curve DAI/USDC pools and Morpho V2 vaults, distorting the LazyVault_LowerRisk_USDC (LVUSDC) vault’s share accounting — its displayed APY briefly hit 2,080,000% — and the attacker abused the vault deallocation mechanism to extract $6M. Lazy Summer vaults were paused.
Attribution: Unknown
$4.7M
Moonwell
2024-2025 · Base / Moonbeam
$1M oracle exploit + $3.7M bad debt (Nov 2025), plus earlier incidents on Base and Moonbeam
Attribution: Multiple incidents
$4.67M
Secret Network (Axelar bridge)
June 2026 · Secret / Cosmos
Infinite-mint bridge exploit: a modified CW20-ICS20 contract failed to verify the origin IBC channel, so the attacker spun up a fake single-validator Cosmos chain, opened an IBC channel, and self-relayed forged packets to mint unlimited wrapped assets and withdraw ~$4.67M. The flaw sat unnoticed for 7 days.
Attribution: Unknown
$175K
New · 2026Grok / Bankrbot (DRB)
May 2026 · Base
AI-agent manipulation, no contract bug: attacker replied to Grok on X with a Morse-code-encoded payment instruction (bypassing plaintext guardrails) and gifted the agent wallet an NFT that unlocked Bankrbot’s tool-calling suite — encoded prompt injection + tool-permission escalation against an on-chain agent.
Attribution: Unknown (~80% returned)
$106K
AIXBT
March 2025 · Base
AI agent dashboard compromise — 55 ETH drained at 2 AM off-hours
Attribution: Unknown
Figures from public disclosures and security-firm reports. Attributions marked “reported” are not yet officially confirmed.
Don’t Trust Us.
Verify On-Chain.
Every blocked attack is logged as an on-chain event with the attempted dollar value. Unlike traditional security vendors who self-report, our protection is cryptographically provable.
Auditors, regulators, and protocol DAOs can independently verify every action SentinelCRE has taken — no trust assumptions required.
Intelligent. Not Expensive.
Not every transaction needs AI evaluation. Deeper analysis only triggers when our behavioral engine detects something suspicious.
All Transactions
100% evaluated
Layer 1 — On-Chain Policy
Included with every transaction. Near-zero marginal cost.
Layer 2 — Behavioral Analysis
5-10% of transactions trigger deeper inspection.
Layer 3 — Dual-AI Consensus
1-2% escalate to full AI evaluation.
1st Place
Chainlink Convergence 2026
112 Tests
7 suites, all passing
51 Scenarios
96.1% catch rate in sandbox
6 Services
Deep Chainlink CRE integration
The Difference SentinelCRE Makes
Same attack, two outcomes. Based on real incidents — Drift ($285M, DPRK 6-month op), Ronin ($625M), Bybit ($1.5B).
Without SentinelCRE
Traditional security — audits, multisigs, kill switches
Attacker Reconnaissance
UNDETECTEDWallet created, test transfers, probing limits
Drift: DPRK actors spent 6 months building trust — conferences, $1M deposited, same group behind Radiant Capital ($50M)
Access Compromised
UNDETECTEDAdmin keys stolen, multisig bypassed, credentials phished
Ronin: 5 of 9 validator keys compromised over weeks
Initial Drain
STOLENFirst unauthorized withdrawal — test the exploit
AIXBT: 55 ETH drained at 2 AM while operators slept
Escalation
STOLENAdmin functions called — ownership transfer, proxy upgrade
Drift: compromised contributor devices via poisoned repos and IDE vulnerability — multisig keys extracted
Full Drain
BANKRUPTTreasury emptied, vault collapsed, protocol dead
Drift: $285M stolen — TVL collapsed from ~$550M to under $250M in 12 minutes
Total Lost: $1.8B+
Company bankrupt. Protocol dead.
With SentinelCRE
Proactive 12-dimension behavioral defense
Attacker Reconnaissance
Same probing attempts — but behavioral engine is watching
Layer 2 detects: interaction anomaly spike, unusual timing
Access Compromised
Keys compromised — but SentinelCRE doesn't rely on keys
Layer 1 catches: blocked functions (transferOwnership, grantRole)
Drain Attempted
Attacker tries withdrawals — policy limits trigger
Layer 1 catches: value exceeds limits, unapproved targets
Subtle Exploitation
Attacker tries frontier AI-agent attack classes, social engineering
Layer 2+3 catch: prompt injection, velocity bursts, anomalous drift
Result
96.1% of attacks blocked — company survives
Circuit breaker fires, agent frozen, incident logged on-chain
Total Saved: $1.8B+
Company operational. Protocol alive.
How Much Would SentinelCRE Save You?
Enter your protocol's TVL to see your estimated risk and protection.
ROI Calculator
See how much Scoprix could save your protocol based on industry attack data.
Annual Attack Risk (3% avg)
$3.0M
Scoprix Catches (96.1%)
$2.9M
Value Saved Per Year
$2.9M
Return on Investment
80x
Real-World Comparison
Drift Protocol: $500M TVL lost $285M (54%)
With Scoprix: $285M x 96.1% = $259.7M saved
Start monitoring your AI agents today.
One engagement. We attack you the way real attackers would. You learn something regardless of whether you buy more.