I see no need for DO to shut down accounts and active long established nodes for a fraud check. Disable the offending node, disable making new ones, and limit editing existing ones to off/on controls.

Regardless of this example of a false positive, locking whole accounts over that is unwise.