Comment by whoopdedo

And dumb-dumb me just realized how trivial that would be to break. Social engineer someone into sending/receiving money to/from your wallet then pretend to be them requesting an account recovery.

Coinbase would have to make you sign a challenge ahead of time that would mark the wallet as the authorized public key for your account.