‘Bring More Lambs:’ Researcher Slams Brian Armstrong Over Coinbase’s Security Failure

Monahan said Coinbase was warned months before the big exploit, yet management still prioritized users on board over fixing the vulnerability.

Crypto security researcher Taylor Monahan has publicly criticized Coinbase CEO Brian Armstrong and accused the exchange’s leadership of prioritizing growth over user safety.

Security failures tied to Coinbase Commerce resurfaced as Armstrong outlined the company’s 2026 roadmap.

Old Wounds, New Road Map

Responding to Armstrong’s tweet about Coinbase’s priorities for 2026, which focus on expanding “universal exchange,” scaling stablecoins and payments, and bringing the world on-chain through Base, Monahan argued that user protection remains notably lacking. He wrote,

“Brian still doesn’t see user safety as a priority for Coinbase. It cost them >$350m by 2025. It could have been prevented.”

Monahan said Coinbase had been warned “for months and months and months” about serious security issues. His frustration goes back to the findings of on-chain investigator ZachXBT in December 2024, who described an alleged exploit involving Coinbase Commerce.

According to the investigation, the Coinbase Commerce contract saw more than $15.9 million in suspicious USDC outflows from Polygon in a 16-hour period in April 2024, and the funds were later deposited into Ethereum, converted to ETH, and split between multiple wallets.

A threat actor using the name “Excite” allegedly flaunted control of the stolen funds in Telegram chats and social media, while part of the assets were later moved by racketeers and gambling platforms in an attempt to hide their origin. The case raised questions about why Coinbase’s AML and transaction monitoring systems failed to flag the transaction in real time, despite the size, speed, and pattern of the outflows.

Monahan raised those concerns at the time, criticizing the speaker’s failure to address the issue. Now, more than a year later, a blockchain researcher says nothing fundamental has changed. Responding to Armstrong’s latest roadmap, he accused the exchange’s leadership of pushing more users without fixing known vulnerabilities.

You may also like:

“Actually a year later, and the priority is still to bring more lambs to my slaughterhouse pls.

Security Incident Management

ZachXBT, for one, has repeatedly criticized Coinbase for account locks and undisclosed data breaches that he says led to user losses. Last year, he said Coinbase locked him out of his account twice a month without explanation and failed to clearly inform users about a breach that exposed customer data.

The anonymous investigator also said he could not recommend the platform due to ongoing transparency and security issues. His comments add to past criticism, including allegations that weak responses to scams and phishing attacks contributed to tens of millions of dollars in losses between late 2024 and early 2025.