Parts of the email can be used as password (password: example123 can be used for the account example123@adsfsa.com), this makes passwords easy to guess if you have the email.

Weak passwords from common password lists are not blocked.

You should add a CAPTCHA after too many failed password attempts, not locking users out for 30 minutes. This is annoying if you have many passwords and are trying to get the right one.

The entire top banner is ugly. At least find a nice font and make a logo with the text tool in MSpaint. And use the regular Bitcoin graphics, your coins have blurry edges.