Author: Penny, BlockBeats

Ethereum core developer and former Ethereum Foundation member Eric Conner recently expressed his dissatisfaction with the unusual locking of Coinbase Wallet on Twitter. He bluntly stated, "I want to send ETH to a friend, and a random question about my transaction pops up in the user interface. Obviously, my answer didn't pass, so I have to reset my password, and my account is locked??? Is this a joke?"

Perhaps suffering from Coinbase for a long time, users began to vent their frustrations in response to Eric's tweet. Nansen CEO Alex Svanevik commented, "Welcome to the hell of Coinbase." Management consultant and Ethereum investor "DCinvestor.eth" suggested, "I recommend not sending funds to addresses that don't belong to you through Coinbase. Just send them to your on-chain wallet first, then send them anywhere you want."

As a non-custodial wallet that claims users "have complete control over their private keys," Coinbase Wallet should possess a high degree of decentralization. However, this incident exposed the contradictions in the platform's underlying logic: while emphasizing user autonomy, it still relies on centralized servers to implement risk control strategies and directly locks accounts when users fail verification. This move undoubtedly sparked widespread attention and discussion in the crypto community—Is Coinbase over-regulating, or is the current industry environment forcing trading platforms to strengthen security measures?

One-size-fits-all security measures, account management has long been controversial

Coinbase's aggressive security strategy has not been without controversy. In January 2025, a former Coinbase employee publicly accused the company of freezing his account without reason for two months, preventing him from paying for his wedding. He stated that the account had long been used to receive salary and conduct crypto transactions, and there had been no unusual activity prior. However, Coinbase refused to provide specific reasons for the freeze, citing "user protection," and did not offer effective channels for appeal. This incident quickly escalated, further amplifying market skepticism about Coinbase's account management mechanisms.

In recent years, Coinbase has adopted a cautious risk control strategy for user account management. While such strict measures can indeed reduce the risk of the exchange being hacked to some extent, the over-reliance on automated risk control systems and lack of operational transparency have left many innocent users troubled. Especially in an environment where Web3 emphasizes decentralization and self-control, the rationality of such centralized risk control methods has been heavily criticized.

Third-party service vulnerabilities may become weak links in the security chain

Despite Coinbase and other trading platforms continuously strengthening their internal risk control mechanisms, external dependencies may still become the biggest vulnerabilities in the security chain. A typical case is the recent security incident involving Binance.

On February 25, a post accusing hackers of transferring assets through red envelopes was widely shared on Twitter. The tweet explained that the user's Binance account, email, and Google Authenticator had all been hacked. Although the hacker could not normally withdraw funds and had to wait 24 hours to withdraw after changing the password, Binance's red envelope feature was still functional, acting like a bug that allowed the hacker to transfer assets immediately.

The image shows the red envelope transfer records of the stolen user's Binance account.

Even more concerning, just a day later, security company SlowMist's CISO 23pd warned on Twitter that users had received "forged Binance official text messages," which appeared in the same conversation thread as previous official notifications from Binance. This precise imitation attack method suggests that hackers may have infiltrated part of the third-party SMS service supply chain, thereby increasing the concealment and success rate of the attacks.

In contrast, while Coinbase has not reported similar attack incidents, its recent cryptocurrency lending service has experienced delays and performance issues, indicating potential risks in the platform's technical architecture. For exchanges, in addition to strengthening their own system defenses, they also need to enhance their security monitoring capabilities for third-party services (such as email, SMS, authenticators, etc.) to prevent external links from becoming gaps for hackers to exploit.

As of the first quarter of 2025, Coinbase's global user base has surpassed 56 million. However, with the rapid expansion of the user base, the platform's shortcomings in customer support and account management have gradually become apparent.

For a long time, Coinbase has been criticized for its opaque token review standards, and this extreme caution regarding compliance seems to be reflected in account management, leading many users to struggle to obtain clear explanations after their accounts are suspended. In the former employee's account freeze incident, the user claimed that Coinbase "provided no effective support for two months," further highlighting the issue of inadequate customer service response.

On the other hand, Binance, in response to hacking attacks, only suggested that users enable biometric login without proactively taking large-scale inspection measures. This indicates that the current mainstream exchanges' security strategies still lean towards passive defense rather than active monitoring and risk warning. For users, this means that when encountering account anomalies, they often have to rely on the platform's "goodwill" rather than a clear and predictable resolution mechanism.

Whether it is the Coinbase account locking incident or the case of Binance users suffering phishing attacks, both expose the dilemma faced by current exchanges: excessive risk control can lead to innocent users being affected, impacting the trading experience; overly lenient security strategies may leave opportunities for hackers. In the context of rapid industry development, trading platforms not only need to establish a more robust risk control system but also need to continuously optimize transparency, user experience, and customer service response capabilities. Otherwise, when security incidents become frequent and user trust declines, even the strictest risk control measures will not be able to recover lost users.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。