TL;DR:
- Experts from SlowMist and researcher ZachXBT detected an official page requesting seed phrases in plain text.
- The tool, linked to Coinbase Commerce, will officially cease operations on March 31, 2026.
- Coinbase has confirmed it is investigating the incident, while the community warns of social engineering risks.
This Thursday, alarms were raised across the crypto market after blockchain security experts identified an official Coinbase page prompting users to enter their 12-word recovery phrases. This practice, described as “incredibly insecure” by SlowMist founder Yu Xian, could normalize behaviors that attackers commonly exploit in phishing campaigns and asset theft.
The controversy arises as the platform migrates its Commerce services to Coinbase Business. Technical reports indicate that the withdrawal flow requires users to paste their mnemonic keys into a web form to recover funds from self-custody wallets.
This methodology contradicts all standard security recommendations, which strictly prohibit sharing these keys with third parties or websites, regardless of their apparent legitimacy.
The Risk of Social Engineering on Official Platforms
The page in question was reported in official help guides which, according to recent reports, have already begun to be removed or modified. ZachXBT pointed out that these types of tools provide an infrastructure that can be easily replicated by malicious actors to scam Coinbase customers through social engineering tactics, simulating “official” recovery processes.
For its part, Coinbase has not yet issued a formal public statement, only reporting that they are “looking into” the situation. Nonetheless, company documentation continues to emphasize that Commerce wallets are self-custodial and that the user is solely responsible for the security of their funds—increasing confusion over why an online phrase entry system was implemented in the first place.
In summary, the crypto community strongly recommends that users avoid any tool requesting seed phrases outside of trusted wallet interfaces. With the legacy Commerce services set to close at the end of this month, extreme caution is vital to prevent asset draining through unorthodox recovery methods.
