The separate checking account earmarked for Bitcoin work appears on the same login so I can quickly transfer funds from my other accounts into and out of it using on-line banking. I cannot see a feasible exploit, and it seems that it would have saved the OP the trouble he describes.
Sure would be stupid to share username/password between Coinbase and one's on-line banking though. Just sayin'
Unrelatedly, if Coinbase is trying to recognize and take pro-active actions on attacks/failures of the nature described by the OP, then it makes some sense that they would have a tough job and some false positives. I'll bet that Coinbase has a bunch of customers who are senile 80 year old grandmothers with enterprising highschool aged relatives. I was delighted that I did not need to send Coinbase a high quality identity theft kit, but relying exclusively on checking account access has some inherent risks it seems to me.
This is exactly what I do.
I have a checkings and savings and buy/sell BTC with the savings and move it in seconds to my checking which is what I use to live.
However, my savings account was empty, but it's still a nightmare to have this happen..