Eric Conner, a core developer of Ethereum and a former member of the Ethereum Foundation, recently publicly complained about the abnormal locking of Coinbase accounts on Twitter, and expressed his dissatisfaction bluntly. He said: I want to send ETH to a friend, and a random question about my transaction pops up in the user interface. Obviously my answer did not pass, so I have to reset my password, and my account is locked??? Is this a joke? He also attached a screenshot of his account being restricted.
After filling in the questions that pop up when submitting the transaction, the platform popped up a warning about the transaction cancellation. The reason given by Coinbase was that the scammer might be trying to access the Coinbase account. In order to protect the account security, the platform has canceled the transaction and temporarily restricted some account activities, and asked users to reset their passwords. Subsequently, Eric found that his cryptocurrency transfers were restricted.
Left: Transaction cancellation, password change warning; Right: Transfer restriction reminder
Perhaps because they have suffered from Coinbase for a long time, users have started to complain under Erics tweet. Nansen CEO Alex Svanevik commented: Welcome to Coinbase hell. Management consultant and Ethereum investor DCinvestor.eth said: I recommend not sending funds to addresses that do not belong to you through Coinbase, just send it to your on-chain wallet first, and then send it to anywhere you want.
As a non-custodial wallet that claims that users have full control over private keys, Coinbase Wallet should have a high degree of decentralization. However, this incident exposed the contradictions in the underlying logic of the platform: although it emphasizes user dominance, it still relies on centralized servers to implement risk control strategies and directly locks accounts when users fail to pass verification. This move has undoubtedly attracted widespread attention and discussion in the crypto community - is Coinbase over-controlling risks, or is the current industry environment forcing trading platforms to strengthen security measures?
Security measures are one-size-fits-all, and account management has long been controversial
Coinbases aggressive security strategy is not the first time to cause controversy. In January 2025, a former Coinbase employee publicly accused his account of being frozen for two months without reason, which prevented him from paying for his wedding. He said that the account had long been used to receive wages and conduct crypto transactions, and there had been no abnormal activity before. However, Coinbase refused to provide specific reasons for the freeze, citing user protection as the reason, and did not provide an effective channel for appeal. This incident quickly fermented, further amplifying the markets doubts about Coinbases account management mechanism.
In recent years, Coinbase has adopted a prudent risk control strategy in user account management. This strict measure can indeed reduce the risk of hacking of the exchange to a certain extent, but the over-reliance on automated risk control systems and the lack of transparency in the operation model have also caused trouble for many innocent users. Especially in the environment where Web3 emphasizes decentralization and autonomous control, the rationality of such centralized risk control measures has been criticized.
Third-party service vulnerabilities may become the weak link in the security chain
Although Coinbase and other trading platforms continue to strengthen their internal risk control mechanisms, external dependencies may still become the biggest loophole in the security chain. A typical example is Binance’s recent security incident.
On February 25, a post accusing hackers of transferring assets through red envelopes was widely forwarded on Twitter. The tweet explained that the users Binance account, email, and Google Authenticator were all hacked. Although the hacker could not withdraw money normally and had to wait 24 hours to withdraw money even after changing the password, Binances red envelope function could be used normally, like a bug that allowed hackers to transfer assets immediately through red envelopes.
The picture shows the red envelope transfer record of the stolen users Binance account
What is even more worrying is that just one day later, security company SlowMist CISO 23 pd warned on Twitter that some users had received fake Binance official text messages and that the text messages appeared in the same conversation thread as Binances previous official notifications. This precise counterfeit attack method means that hackers may have infiltrated some third-party SMS service supply chains, thereby increasing the concealment and success rate of the attack.
In contrast, although Coinbase has not been hit by similar attacks, its recent cryptocurrency loan services have experienced delays and performance degradation, indicating that the platforms technical architecture may have potential risks. For exchanges, in addition to strengthening their own system defenses, they also need to improve their security monitoring capabilities for third-party services (such as email, SMS, authenticators, etc.) to prevent external links from becoming gaps for hackers to break through.
As of the first quarter of 2025, Coinbases global user base has exceeded 56 million. However, with the rapid expansion of the user base, the platforms shortcomings in customer service support and account management have gradually been exposed.
Coinbase has long been criticized for its opaque token audit standards, and this extreme caution towards compliance seems to be reflected in account management, which has led to many users having difficulty getting a clear explanation after being blocked. In the case of the former employee’s account being frozen, the user claimed that Coinbase “did not provide effective support for two months”, which further highlighted the problem of insufficient customer service response.
On the other hand, when dealing with hacker attacks, Binance only recommended users to enable biometric login, but did not take the initiative to take large-scale investigation measures. This shows that the current security strategy of mainstream exchanges still tends to be passive defense rather than active monitoring and risk warning. For users, this means that when they encounter account anomalies, they can often only rely on the platforms goodwill rather than a clear and foreseeable solution mechanism.
Whether it is the Coinbase account lock incident or the case of Binance users being attacked by phishing, they all expose the dilemma currently faced by exchanges: excessive risk control will lead to innocent users being implicated and affect the trading experience; too loose security policies may leave opportunities for hackers. In the context of rapid development of the industry, trading platforms not only need to establish a more sound risk control system, but also need to continuously optimize transparency, user experience and customer service responsiveness. Otherwise, when security incidents occur frequently and user trust decreases, even the most stringent risk control measures cannot save the loss of users.
