It's not that there are never security issues on non-cloud systems, but the risk of cloud is severely underappreciated. I don't know how anyone can claim otherwise in a post-Specre world. At least on non-cloud, you don't have to worry about the CPU stabbing you in the back.
Spectre can read data out of memory at hundreds of kilobytes per second. That's plenty fast to get interesting data out of Coinbase even if they're "rapidly cycling" their instances. And really that just means you just have to camp out and wait for them to come to you, rather than trying really hard to get on the same instance as them, which would probably be harder. You just have to know what region + az they're in (not secret), and you can probably guesstimate some other stuff and end up on a similar hardware class, and then I am sure that after not-too-long they'll join your host.
And sure, Spectre is now "mitigated" as far as we know, but it wasn't until recently, so we don't know who could've done this, and it's not like that's the only VM isolation breaker out there. There are certainly more conventional bugs that are readily exploited. There are also other non-technical attack vectors on a provider like AWS, like Amazon employees.
I may be more understanding if there was some important reason to take these kinds of risks, but honestly it's ridiculous that people cling to the cloud so desperately. Hardware is not that scary and a lot of hardware jockeys are pretty friendly. Is software really so age-discriminatory that no one remembers a life before cloud servers? It wasn't that bad!
Call your local hardware vendor and they'd be ecstatic to set you up with a rack running VMWare or Xen or whatever "private cloud", giving you the convenience of a hypervisor without the risk profile of sharing a CPU with every Tom Dick or Harry on the internet.
And the real kicker? It'll be 10x cheaper than the annual AWS bill for comparable resources.
