I'm speechless, getting banned for transferring funds from Coinbase to on-chain?

Ethereum core developer and former Ethereum Foundation member Eric Conner recently took to Twitter to publicly criticize the abnormal lockup of Coinbase Wallet, expressing his dissatisfaction bluntly. He stated: "I tried to send ETH to a friend, got a random question about my transaction in the UI, my answer apparently didn't pass, so I had to reset my password, and now my account is locked??? Are you kidding me?"

Having seemingly endured Coinbase's woes for a long time, users flocked to Eric's tweet to unleash their complaints. Nansen CEO Alex Svanevik commented: "Welcome to Coinbase's hell." Management consultant and Ethereum investor 'DCinvestor.eth' said: "I suggest not sending funds to an address that doesn't belong to you via Coinbase, just send it to your on-chain wallet first, then send it wherever you want."

As a wallet that claims to give users "full control of their private keys," Coinbase Wallet should inherently possess a high level of decentralization. However, this incident has exposed a contradiction in the platform's underlying logic: while emphasizing user sovereignty, it still relies on centralized servers to enforce risk management policies and directly locks accounts when users fail to pass verification. This move has undoubtedly sparked widespread attention and discussion in the crypto community—whether Coinbase is overdoing risk management or if the current industry environment is pushing exchanges to enhance security measures.

Blanket Security Measures Spark Controversy in Account Management

Coinbase's aggressive security strategy is not the first to cause controversy. In January 2025, a former Coinbase employee publicly accused the platform of unjustly freezing his account for two months, preventing him from paying for his wedding. He stated that the account had long been used to receive wages and conduct crypto transactions, with no prior abnormal activity. However, Coinbase cited "user protection" as the reason for refusing to provide specific details on the freeze and did not offer a viable appeals process. This incident quickly escalated, further amplifying market doubts about Coinbase's account management mechanism.

Over the years, Coinbase has adopted a cautious risk management strategy in user account management. While such stringent measures can indeed reduce the risk of exchange hacks to some extent, an overreliance on automated risk control systems and an opaque operational model have also caused trouble for many innocent users. Especially in an environment where Web3 emphasizes decentralization and autonomous control, the legitimacy of such centralized risk control measures is highly criticized.

Third-Party Service Vulnerabilities as a Weak Link in Security Chain

While Coinbase and other exchanges continue to strengthen their internal risk control mechanisms, external reliance points can still become the most significant vulnerability in the security chain. A typical example is the recent security incident involving Binance.

On February 25, a post accusing a hacker of transferring assets via red packets was widely shared on Twitter. The post explained that the user's Binance account, email, and Google Authenticator were all compromised by the hacker. Despite the hacker's inability to withdraw funds normally and the requirement to wait 24 hours even after changing the password to withdraw, Binance's red packet feature could still be used normally. This presence of a bug allowed the hacker to immediately transfer assets via red packets.

Screenshot of the stolen user's Binance account red packet transfer record

What is even more concerning is that just one day later, the security company SlowMist's CISO 23pd warned on Twitter that some users had received "fake Binance official SMS messages." These messages appeared in the same conversation thread as previous official notifications from Binance. This precise impersonation attack method indicates that the hacker may have infiltrated part of the third-party SMS service supply chain, thereby increasing the stealthiness and success rate of the attack.

In comparison, while Coinbase has not experienced similar attack events, its recent cryptocurrency loan service has encountered delays and performance degradation issues, indicating potential risks in the platform's technical architecture. For exchanges, in addition to strengthening their own system defenses, they also need to enhance their security monitoring capabilities for third-party services (such as email, SMS, authenticators, etc.) to prevent external dependencies from becoming entry points for hackers.

As of the first quarter of 2025, Coinbase's global user base has exceeded 56 million. However, with the rapid expansion of user scale, the platform's shortcomings in customer support and account management have gradually been exposed.

For a long time, Coinbase has been criticized for its opaque token listing standards, and this extremely cautious attitude towards compliance also seems to be reflected in its account management, making it difficult for many users to obtain clear explanations after being banned. In the case of former employee account freezes, users claimed that Coinbase had provided "no effective support for two months," further highlighting the inadequacy of customer service response.

On the other hand, when dealing with a hacker attack, Binance only suggested that users enable biometric login, rather than proactively taking extensive investigation measures. This indicates that the current security strategies of mainstream exchanges still lean towards passive defense rather than proactive monitoring and risk alerting. For users, this means that when faced with account anomalies, they often have to rely on the platform's "goodwill" rather than a clear and foreseeable resolution mechanism.

Whether it's the Coinbase account lockdown incident or cases of Binance users falling victim to phishing attacks, they both expose the dilemma that exchanges currently face: excessive risk control can cause innocent users to be implicated, affecting the trading experience; security strategies that are too lenient may leave opportunities for hackers to exploit. Against the backdrop of rapid industry development, exchanges not only need to establish a more robust risk control system but also continuously optimize transparency, user experience, and customer service responsiveness. Otherwise, when security incidents occur frequently and user trust declines, even the strictest risk control measures will not be able to recover the loss of users.