Silently, the account will be blocked when transferring money from Coinbase to the chain

Author: Penny, BlockBeats

Eric Conner, a core Ethereum developer and former member of the Ethereum Foundation, recently publicly complained about the abnormal locking of Coinbase Wallet on Twitter, and expressed his dissatisfaction bluntly. He said: "I'm going to send ETH to a friend, and random questions about my transaction pop up in the user interface. Obviously my answer didn't pass, so I had to reset my password and my account was locked??? Is this kidding?"

Perhaps it's hard for Coinbase for a long time, and users have started complaining under eric's tweets. Nansen CEO Alex Svanevik commented: "Welcome to the hell of Coinbase." Management consultant and Ethereum investor "DCinvestor.eth" said: "I recommend not sending funds through Coinbase to addresses that do not belong to you. Just send them to your on-chain wallet first and then anywhere you want."

As a non-custodial wallet that claims that users "full control over private keys", Coinbase Wallet should have high decentralization attributes. However, this incident exposed the contradictions of the platform's underlying logic: although user dominance is emphasized, it still relies on the centralized server to execute risk control policies and directly lock the account if the user fails to pass the verification. This move has undoubtedly aroused widespread attention and discussion in the crypto community - is it Coinbase's excessive risk control, or is the current industry environment forcing trading platforms to strengthen security measures?

Security measures are one-size-fits-all, and account management has long

been controversial

Coinbase’s aggressive security strategy is not the first time it has caused controversy. In January 2025, a former Coinbase employee publicly accused his account of being frozen for two months without reason, leaving him unable to pay for his wedding. He said the account was used for long-term wages and crypto transactions, and had no abnormal activities before. However, Coinbase refused to provide specific reasons for freezing on the grounds of "protecting users", nor did it provide effective channels for appeal. This incident fermented rapidly, further amplifying the market's doubts about the Coinbase account management mechanism.

Coinbase has adopted a prudent risk control strategy in user account management in recent years. This strict measure can indeed reduce the risk of hacking on exchanges to a certain extent, but over-reliance on automated risk control systems and lack of transparency in operation models has also caused trouble for many innocent users. Especially in the environment where Web3 emphasizes decentralization and autonomous control, the rationality of such centralized risk control methods has been criticized.

Third-party service loopholes may become weak links in the security chain

Although Coinbase and other trading platforms continue to strengthen internal risk control mechanisms, external dependencies may still become the biggest loophole in the security chain. A typical case is Binance's recent security incident.

On February 25, a post accusing the hacker of transferring assets through red envelopes was reposted on Twitter. The tweet explained that the user's Binance account, email address, and Google Verifier were all hacked. Although the hacker could not withdraw money normally, he had to wait 24 hours to withdraw money even if he changed his password, but Binance's red envelope function can be used normally, like a bug, allowing hackers to transfer assets through red envelopes immediately.

The picture shows the red envelope transfer record of the stolen user Binance account

What is even more worrying is that just one day later, security company Slow Fog CISO 23pd warned on Twitter that users had received a "fake official Binance text message" and that the text message appeared in the same conversation thread as Binance's previous official notification. This precise counterfeit attack method means that hackers may have penetrated some third-party SMS service supply chains, thereby improving the obscureness and success rate of the attack.

In contrast, although Coinbase has not exposed similar attacks, its recent cryptocurrency loan services have experienced delays and performance degradation, indicating that the platform's technical architecture may have potential risks. For exchanges, in addition to strengthening their own system defense, they also need to improve their security monitoring capabilities for third-party services (such as email, SMS, Verifiers, etc.) to prevent external links from becoming a gap for hackers to break through.

As of the first quarter of 2025, Coinbase's global user base has exceeded 56 million. However, with the rapid expansion of user scale, the platform's shortcomings in customer service support and account management have gradually been exposed.

Coinbase has long been criticized for its opaque token review standards. This extreme cautious attitude towards compliance also seems to be reflected in account management, making it difficult for many users to obtain a clear explanation after being blocked. During the freezing of former employee accounts, users claimed that Coinbase "had not provided effective support for two months", which further highlighted the problem of insufficient customer service response.

On the other hand, when responding to hackers, Binance only recommended that users turn on biometric login, and did not take large-scale investigation measures. This shows that the current security strategies of mainstream exchanges are still biased towards passive defense rather than active monitoring and risk warning. For users, this means that when encountering account exceptions, they often can only rely on the platform's "good intention" rather than a clear and foreseeable solution mechanism.

Whether it is the Coinbase account locking incident or the case of Binance users being phished attacks, it exposes the dilemma currently facing the exchange: excessive risk control will lead to innocent users being implicated and affect the trading experience; excessively loose security strategies may leave opportunities for hackers to take advantage of. Against the backdrop of rapid development of the industry, trading platforms not only need to establish a more sound risk control system, but also need to continuously optimize transparency, user experience and customer service response capabilities. Otherwise, when security incidents occur frequently and user trust decreases, even stricter risk control measures cannot recover the loss of users.