The coordinator issues milestones that the Iota network use as a root of trust when validating transactions. These milestones are signed, which in turn means that keys exist for signing the milestones.
If an adversary obtained the keys used to sign milestones, what attacks could they carry out?
"Root of trust" are wrong words.
Anyway, if the adversary was issuing conflicting milestones (by confirming transactions leading to an inconsistent state of the ledger) then IRI would stop updating confirmation status of the transactions. That would require human intervention to resolve which might look as node operators approaching the original coordinator operator and asking for a new public key derived from a new private key.
It should be emphasized that the full nodes don't trust the coordinator's milestones, the nodes use the coordinator for finalization of the transaction status, not for deciding if a particular transaction is legitimate or not.
From what i can see the worst attack an adversary can perform is stopping the network temporarily. Which imo is a pretty good trade off for the protection it provides
– Johnny Milkshakes Jul 25 '18 at 21:36