This is costing Coinbase $400M. They are well incentivized to prevent this.
In formal logic we would call this kind of argument a "post hoc justification". Any company who does anything payments-related is going to be primarily motivated to allow the most amount of transactions possible (including risky ones), everything else is a secondary consideration (including data security). I mean think about it, even if your company has a data breech, it's primarily brand reputation that's on the line, at that point your money has already been made. Of course, now that damage has been done there is a motivation to prevent it from happening in the future, but for companies like Coinbase who operate in emerging markets with little regulatory oversight, it's extremely hard to argue that they have are motivated to do anything besides grow and make money. After all, the mantra has always been "move fast and break things".