Articles
Crypto Market Analysis

Coinbase Commerce page requests seed phrases, raising security concerns

User Image

Por Anônimo

Criado March 19, 2026|2 mins de leitura
Main Image

A Coinbase subdomain linked to its Commerce tool reportedly directed users to a withdrawal page asking to enter their seed phrases, raising concerns among security observers.

Security researchers have raised concerns about a Coinbase-associated Commerce page that appeared to prompt users to enter wallet recovery phrases, warning that such a flow could normalize behavior commonly exploited in phishing scams.

The page has circulated widely on social media after being flagged by the founder of the blockchain security platform SlowMist, Yu Xian, widely known as Cos.

“I’m really puzzled why Coinbase would have a page like this, directly asking users to input their plaintext mnemonic phrases for asset recovery,” Yu wrote in an X post on Wednesday, adding: “Such an insecure practice is simply unbelievable.”

Coinbase has yet to address the issue publicly. The company told Cointelegraph it was looking into the matter and did not provide additional information. Cointelegraph also approached Yu Xian for comment, but had not received a response by publication.

Recovery phrases give full control over a self-custody wallet and should never be shared with third parties, customer support agents or untrusted websites. They are normally used only in trusted wallet recovery or import flows.

According to blockchain sleuth ZachXBT, the page in question was referenced in a Coinbase Help guide related to its Commerce product.

The guide, now appearing to have been removed, reportedly outlined an option for users to recover funds by importing their seed phrase into a compatible wallet such as Coinbase Wallet or MetaMask. It also directed users to a withdrawal tool hosted at the same subdomain that has drawn scrutiny.

The help documentation also emphasizes that Commerce wallets are self-custodial, meaning Coinbase does not have access to users’ seed phrases and cannot recover funds if they are lost.

Related: OpenClaw devs targeted by phishing scam promising free ‘CLAW’ tokens

“So basically Coinbase has an official page live threat actors can use to target Coinbase users via seed phrase social engineering if they wanted?” ZachXBT wrote on X.

It remains unclear whether the page in question was the result of a technical error or another issue on Coinbase’s side.

In another guide, Coinbase strongly advised users to never paste seed phrases into any website.

On Tuesday, Coinbase warned that scammers are posing as customer support over the phone or online to steal login information and verification codes. The company said it will never reach out, directing users to its official channels on X and Reddit.

Magazine: Bitcoin’s ‘narrative vacuum,’ Ethereum now inevitable: Trade Secrets

Source: CoinTelegraph


Outros artigos publicados recentemente

Stablecoin market cap has shrunk by $10 billion since May, but analyst sees no reason to panic
Stablecoin market cap has shrunk by $10 billion since May, but analyst sees no reason to panic

Crypto Market Analysis

The market shrank by $7.7 billion in June alone, the largest dollar amount since May 2022's Terra-Lu...

Pakistan crypto chief seeks dialogue after scholar rules against crypto payments
Pakistan crypto chief seeks dialogue after scholar rules against crypto payments

Crypto Market Analysis

Pakistan’s virtual-assets regulator called for continued dialogue on the treatment of digital asse...

Ripple once weighed shutting down and handing XRP to shareholders, CEO says
Ripple once weighed shutting down and handing XRP to shareholders, CEO says

Crypto Market Analysis

Ripple's Brad Garlinghouse says he and co-founder Chris Larsen considered winding the company down a...

Bitcoin, ether little changed as U.S. launches fresh Iran strikes
Bitcoin, ether little changed as U.S. launches fresh Iran strikes

Bitcoin

The U.S. hit Iran for the third time this week and Tehran has reportedly closed the Strait of Hormuz...

Bitcoin is nearing a power law support line Fidelity has tracked since 2015
Bitcoin is nearing a power law support line Fidelity has tracked since 2015

Bitcoin

The group's Dir. of Global Macro Jurien Timmer calls it an accumulation zone but notes the lack of a...

Cambridge study puts Ethereum near the lower end of PoS energy intensity
Cambridge study puts Ethereum near the lower end of PoS energy intensity

Ethereum

Cambridge estimated that Ethereum consumes 7.87 GWh annually and has the second-lowest market-value-...