Ethereum core developer and former Ethereum Foundation member Eric Conner recently took to Twitter to publicly vent his frustration over the abnormal lockout of his Coinbase account, expressing his dissatisfaction candidly. He stated: "I tried to send ETH to a friend, got a random question about my transaction in the UI, clearly my answer didn't pass, so I had to reset my password, and my account is locked??? Is this a joke?" and attached a screenshot of his restricted account.

After answering a question that popped up on the page when trying to submit a transaction, the platform displayed a warning of transaction cancellation, with Coinbase stating that they believed a fraudster might be attempting to access the Coinbase account. To protect the account security, the platform canceled the transaction, temporarily restricted some account activities, and requested the user to reset their password. Subsequently, Eric found his cryptocurrency transfers restricted.

Left Image: Transaction cancellation, password change warning; Right Image: Transfer restriction notice

Having endured enough of Coinbase's troubles, users began joining in on the complaint spree under Eric's tweet. Nansen CEO Alex Svanevik commented: "Welcome to Coinbase's hell." Management consultant and Ethereum investor 'DCinvestor.eth' advised: "I suggest not sending funds to an address that doesn't belong to you through Coinbase, just send it to your on-chain wallet first, then send it wherever you want."

The Coinbase Wallet, claiming to offer users "full control of their private keys" as a non-custodial wallet, was supposed to have a high level of decentralization. However, this incident exposed a contradiction in the platform's underlying logic: while emphasizing user sovereignty, it still relies on centralized servers to enforce risk control policies and directly locks the account when the user fails verification. This move undoubtedly sparked widespread attention and discussion in the crypto community—whether Coinbase is being overly risk-averse, or if the current industry environment is forcing exchanges to enhance security measures.

One-Size-Fits-All Security Measures Lead to Account Management Controversy

Coinbase's aggressive security policy is not the first to spark controversy. In January 2025, a former Coinbase employee publicly accused the platform of unreasonably freezing their account for two months, preventing them from paying for their wedding. The employee stated that the account had been used long-term for receiving wages and engaging in cryptocurrency transactions, with no prior irregular activity. However, Coinbase only cited "user protection" as a reason for refusing to provide a specific freeze reason and did not offer an effective appeals process. This incident quickly escalated, further amplifying market doubts about Coinbase's account management mechanism.

In recent years, Coinbase has adopted a cautious risk control strategy in user account management. While such strict measures indeed help reduce the risk of exchange hacking to a certain extent, overreliance on automated risk control systems and an operation model lacking transparency have also caused inconvenience to many innocent users. Particularly in the Web3 environment emphasizing decentralization and self-control, the legitimacy of such centralized risk control measures has come under heavy criticism.

Third-Party Service Vulnerabilities as Weak Links in Security Chains

Despite Coinbase and other exchanges continually strengthening their internal risk control mechanisms, external dependency points can still become the biggest vulnerability in the security chain. A typical case is the recent security incident involving Binance.

On February 25, a post accusing a hacker of asset transfer through red packets went viral on Twitter. The post explained that the user's Binance account, email, and Google Authenticator were all compromised by the hacker. While the hacker could not withdraw funds normally and even had to wait 24 hours after changing the password for withdrawals, Binance's red packet feature was still operational, acting like a bug that allowed the hacker to immediately transfer assets through red packets.

Image of the stolen user's Binance account red packet transfer record

Even more concerning, just a day later, cybersecurity company SlowMist's CISO 23pd issued a warning on Twitter that users had received "fake Binance official SMS messages." These messages appeared in the same conversation thread as previous official Binance notifications. This precise impersonation attack method suggests that the hacker may have infiltrated parts of the third-party SMS service supply chain, thereby increasing the attack's stealth and success rate.

On the other hand, while Coinbase has not experienced a similar attack event, its recent cryptocurrency lending service has suffered from delays and performance issues, indicating potential risks in the platform's technical architecture. For exchanges, in addition to strengthening their own system defenses, they also need to enhance their security monitoring capabilities for third-party services (such as email, SMS, authenticators, etc.) to prevent external elements from becoming a hacker's entry point.

As of the first quarter of 2025, Coinbase's global user base has exceeded 56 million. However, with the rapid expansion of its user base, the platform's shortcomings in customer support and account management have gradually been exposed.

For a long time, Coinbase has been criticized for its opaque token listing standards, and this extreme caution towards compliance also seems to be reflected in its account management, causing many users to have difficulty obtaining clear explanations after their accounts are banned. In the case of former employee account freezes, users claimed that Coinbase "did not provide effective support for two months," further highlighting the insufficient customer service response.

On the other hand, when dealing with hacking attacks, Binance only advised users to enable biometric login without proactively taking large-scale investigative measures. This indicates that the current mainstream exchanges' security strategies still lean towards passive defense rather than proactive monitoring and risk alerting. For users, this means that when encountering account anomalies, they often have to rely on the platform's "goodwill" rather than a clear and foreseeable resolution mechanism.

Whether it is the Coinbase account lockout incident or the case of Binance users falling victim to phishing attacks, they both expose the dilemma that exchanges currently face: excessive risk control can cause innocent users to be implicated, affecting the trading experience; overly lenient security policies may leave openings for hackers to exploit. Against the backdrop of rapid industry development, trading platforms not only need to establish a more robust risk control system but also need to continuously optimize in terms of transparency, user experience, and customer service responsiveness. Otherwise, when security incidents occur frequently and user trust declines, even the strictest risk control measures cannot prevent user churn.

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia