Speechless, my account was suspended for transferring from Coinbase to the blockchain
In the Web3 environment that emphasizes decentralization and autonomous control, the rationality of centralized risk control measures is heavily criticized.Author: Penny, BlockBeats
Ethereum core developer and former Ethereum Foundation member Eric Conner recently vented on Twitter about the unusual locking of Coinbase Wallet, expressing his dissatisfaction bluntly. He stated, "I want to send ETH to a friend, and a random question about my transaction pops up in the user interface. Obviously, my answer didn't pass, so I have to reset my password, and my account is locked??? Is this a joke?"
Having suffered from Coinbase for a long time, users began to vent their frustrations in response to Eric's tweet. Nansen CEO Alex Svanevik commented, "Welcome to the hell of Coinbase." Management consultant and Ethereum investor "DCinvestor.eth" suggested, "I recommend not sending funds to addresses that don't belong to you via Coinbase. Just send them to your on-chain wallet first, then send them anywhere you want."
Coinbase Wallet, as a non-custodial wallet that claims users "have complete control over their private keys," should possess a high degree of decentralization. However, this incident has exposed contradictions in the underlying logic of the platform: while emphasizing user autonomy, it still relies on centralized servers to implement risk control strategies and directly locks accounts when users fail verification. This move has undoubtedly sparked widespread attention and discussion in the crypto community—whether Coinbase is over-regulating or if the current industry environment is forcing trading platforms to enhance security measures.
One-size-fits-all security measures, account management has long been controversial
Coinbase's aggressive security strategy has not been without controversy. In January 2025, a former Coinbase employee publicly accused the company of freezing his account without reason for two months, preventing him from paying for his wedding. He stated that the account had long been used for receiving salary and conducting crypto transactions, and there had been no unusual activity prior. However, Coinbase refused to provide specific reasons for the freeze, citing "user protection," and did not offer effective channels for appeal. This incident quickly escalated, further amplifying market skepticism about Coinbase's account management mechanisms.
In recent years, Coinbase has adopted a cautious risk control strategy for user account management. While such strict measures can indeed reduce the risk of the exchange being hacked to some extent, the over-reliance on automated risk control systems and the lack of transparency in operational models have left many innocent users troubled. Especially in an environment where Web3 emphasizes decentralization and self-control, the rationality of such centralized risk control methods has been heavily criticized.
Third-party service vulnerabilities may become weak links in the security chain
Despite Coinbase and other trading platforms continuously strengthening their internal risk control mechanisms, external dependencies may still pose the biggest vulnerabilities in the security chain. A typical case is the recent security incident involving Binance.
On February 25, a post accusing hackers of transferring assets through red envelopes was widely shared on Twitter. The tweet explained that the user's Binance account, email, and Google Authenticator had all been hacked. Although the hacker could not normally withdraw funds and had to wait 24 hours to withdraw after changing the password, Binance's red envelope feature was still functional, acting like a bug that allowed the hacker to transfer assets immediately.
The image shows the red envelope transfer records of the stolen user's Binance account.
Even more concerning, just one day later, security company SlowMist's CISO 23pd warned on Twitter that users had received "forged Binance official text messages," which appeared in the same conversation thread as previous official notifications from Binance. This precise imitation attack method suggests that hackers may have infiltrated part of the third-party SMS service supply chain, thereby increasing the stealth and success rate of the attacks.
In contrast, while Coinbase has not reported similar attack incidents, its recent cryptocurrency lending service has experienced delays and performance issues, indicating potential risks in the platform's technical architecture. For exchanges, in addition to strengthening their own system defenses, they also need to enhance their security monitoring capabilities for third-party services (such as email, SMS, authenticators, etc.) to prevent external dependencies from becoming loopholes for hackers.
As of the first quarter of 2025, Coinbase's global user base has surpassed 56 million. However, with the rapid expansion of the user base, the platform's shortcomings in customer support and account management have gradually become apparent.
For a long time, Coinbase has been criticized for its opaque token review standards. This extreme caution regarding compliance seems to be reflected in account management as well, leading many users to struggle to obtain clear explanations after their accounts are banned. In the former employee's account freeze incident, the user claimed that Coinbase "provided no effective support for two months," further highlighting the issue of inadequate customer service response.
On the other hand, Binance, when responding to hacking attacks, only suggested users enable biometric login without proactively taking large-scale investigation measures. This indicates that the current security strategies of mainstream exchanges still lean towards passive defense rather than active monitoring and risk warning. For users, this means that when encountering account anomalies, they often have to rely on the platform's "goodwill" rather than a clear and foreseeable resolution mechanism.
Whether it is the Coinbase account locking incident or the case of Binance users suffering phishing attacks, both expose the dilemma faced by current exchanges: excessive risk control can lead to innocent users being affected, impacting the trading experience; overly lenient security strategies may leave opportunities for hackers. In the context of rapid industry development, trading platforms not only need to establish a more robust risk control system but also need to continuously optimize transparency, user experience, and customer service response capabilities. Otherwise, when security incidents become frequent and user trust declines, even the strictest risk control measures will not be able to recover lost users.
