Coinbase Core Developer Eric Conner Calls Out the Unusual Locking of Coinbase Wallet

Ethereum core developer and former Ethereum Foundation member Eric Conner recently vented on Twitter about the unusual locking of Coinbase Wallet

"I want to send ETH to a friend, and a random question about my transaction pops up in the user interface. Obviously, my answer didn't pass, so I have to reset my password, and my account is locked??? Is this a joke?"

Ethereum core developer and former Ethereum Foundation member Eric Conner recently expressed his dissatisfaction with Coinbase Wallet's lockout in a tweet, sparking discussion among crypto enthusiasts.

After encountering difficulties withdrawing funds from Coinbase, one user commented, "I feel like I've been a victim of Coinbase for a long time."

Nansen CEO Alex Svanevik chimed in, "Welcome to the hell of Coinbase."

Management consultant and Ethereum investor "DCinvestor.eth" suggested, "I recommend not sending funds to addresses that don't belong to you via Coinbase. Just send them to your on-chain wallet first, then send them anywhere you want."

Coinbase Wallet, a non-custodial wallet that claims users "have complete control over their private keys," should ideally possess a high degree of decentralization. However, this incident has exposed contradictions in the platform's underlying logic: while emphasizing user autonomy, it still relies on centralized servers to implement risk control strategies and directly locks accounts when users fail verification.

This move has undoubtedly sparked widespread attention and discussion in the crypto community—has Coinbase gone too far with its regulations, or is the current industry environment forcing trading platforms to adopt stricter security measures?

One-size-fits-all security measures and account management have long been a subject of contention.

Coinbase's aggressive security strategy has been a subject of discussion. In January 2025, a former Coinbase employee publicly accused the company of freezing his account without any reason for two months, preventing him from paying for his wedding.

He stated that the account had long been used for receiving salary and conducting crypto transactions, and there had been no unusual activity prior. However, Coinbase refused to provide specific reasons for the freeze, citing "user protection," and did not offer effective channels for appeal. This incident quickly escalated, further amplifying market skepticism about Coinbase's account management mechanisms.

In recent years, Coinbase has adopted a cautious risk control strategy for user account management. While such strict measures can indeed reduce the risk of the exchange being hacked to some extent, the over-reliance on automated risk control systems and the lack of transparency in operational models have left many innocent users troubled.

Especially in an environment where Web3 emphasizes decentralization and self-control, the rationality of such centralized risk control methods has been heavily criticized.

Third-party service vulnerabilities may become weak links in the security chain.

Despite Coinbase and other trading platforms continuously strengthening their internal risk control mechanisms, external dependencies may still pose the biggest vulnerabilities in the security chain. A typical case is the recent security incident involving Binance.

On February 25, a post accusing hackers of transferring assets through red envelopes was widely shared on Twitter. The tweet explained that the user's Binance account, email, and Google Authenticator had all been hacked. Although the hacker could not normally withdraw funds and had to wait 24 hours to withdraw after changing the password, Binance's red envelope feature was still functional, acting like a bug that allowed the hacker to transfer assets immediately.

The image shows the red envelope transfer records of the stolen user's Binance account.

Even more concerning, just one day later, security company SlowMist's CISO 23pd warned on Twitter that users had received "forged Binance official text messages," which appeared in the same conversation thread as previous official notifications from Binance. This precise imitation attack method suggests that hackers may have infiltrated part of the third-party SMS service supply chain, thereby increasing the stealth and success rate of the attacks.

In contrast, while Coinbase has not reported similar attack incidents, its recent cryptocurrency lending service has experienced delays and performance issues, indicating potential risks in the platform's technical architecture. For exchanges, in addition to strengthening their own system defenses, they also need to enhance their security monitoring capabilities for third-party services (such as email, SMS, authenticators, etc.) to prevent external dependencies from becoming loopholes for hackers.

As of the first quarter of 2025, Coinbase's global user base has surpassed 56 million. However, with the rapid expansion of the user base, the platform's shortcomings in customer support and account management have gradually become apparent.

For a long time, Coinbase has been criticized for its opaque token review standards. This extreme caution regarding compliance seems to be reflected in account management as well, leading many users to struggle to obtain clear explanations after their accounts are banned. In the former employee's account freeze incident, the user claimed that Coinbase "provided no effective support for two months," further highlighting the issue of inadequate customer service response.

On the other hand, Binance, when responding to hacking attacks, only suggested users enable biometric login without proactively taking large-scale investigation measures. This indicates that the current