Monahan said Coinbase was warned about major exploits for months, but its leadership still prioritizes user onboarding over fixing vulnerabilities.
Crypto security researcher Taylor Monahan has publicly condemned Coinbase CEO Brian Armstrong and accused the exchange’s leadership of prioritizing growth over user security.
Security flaws associated with Coinbase Commerce resurfaced as Armstrong unveiled the company’s 2026 roadmap.
Old wounds, new road map
In response to Armstrong’s tweet about Coinbase’s top priorities for 2026, which focused on expanding a global “everything exchange,” scaling stablecoins and payments, and bringing the world on-chain through Base, Monahan argued that user protection remains noticeably absent. She wrote,
“Brian still doesn’t see user security as a priority for Coinbase. It cost them >$350 million in 2025. It could have been prevented.”
Monahan claimed that Coinbase had been warned about serious security issues for “months and months and months.” Her frustration can be traced back to findings published in December 2024 by on-chain researcher ZachXBT, which detailed a suspected exploit with Coinbase Commerce.
According to the investigation, a Coinbase Commerce contract saw more than $15.9 million in suspicious USDC outflows on Polygon over a 16-hour period in April 2024, with funds later bridged to Ethereum, converted to ETH and distributed across multiple wallets.
A threat actor using the alias ‘Excite’ is said to have flaunted control of the stolen funds in Telegram chats and on social media, while some of the assets were later routed through mixers and gambling platforms in an attempt to obscure their origins. The case raised questions about why Coinbase’s AML and transaction monitoring systems failed to flag the activity in real time, despite the size, speed and pattern of the outflow.
Monahan had amplified these concerns at the time, criticizing the platform’s inability to address the problem. Now, over a year later, the blockchain researcher says nothing fundamental has changed. In response to Armstrong’s latest roadmap, she accused the exchange’s leadership of pushing for more users without first fixing known vulnerabilities.
You might also like:
“Literally over a year later. And the priority is still ‘bring more lambs to my slaughterhouse please.'”
Handling security incidents
For example, ZachXBT had repeatedly criticized Coinbase for account lockouts and an undisclosed data breach that he said led to user losses. Last year, he alleged that Coinbase locked him out of his account twice within a month without explanation and failed to clearly inform users of a breach that exposed customer data.
The pseudonymous researcher had also said that he cannot recommend the platform due to ongoing transparency and security issues. His comments add to previous criticism, including claims that weak responses to scams and impersonation attacks contributed to tens of millions of dollars in losses between late 2024 and early 2025.
SECRET PARTNERSHIP BONUS for CryptoPotato readers: Use this link to register and unlock $1,500 in exclusive BingX Exchange rewards (limited time offer).
#Bring #Lambs #Researcher #Slams #Brian #Armstrong #Coinbase #Security #Flaws