Coinbase Page Asks Users for Seed Phrases — Security Researchers Sound Alarm

Security researchers, including SlowMist's founder Evilcos and investigator ZachXBT, have raised serious concerns over a live Coinbase Commerce page that prompts users to enter their 12-word seed phrase in plain text for asset recovery. Researchers labeled this an "unsafe practice" that could be exploited by threat actors for social engineering scams targeting Coinbase users. This page is related to Coinbase's ongoing transition of Commerce services to Coinbase Business, which requires users to move funds by March 31, 2026. While Coinbase recommends using a dedicated commerce withdrawal tool, the alternative option allows users to import their seed phrase directly onto the Coinbase page, mirroring functionality found in compatible wallets like MetaMask or Coinbase Wallet. Coinbase has not yet commented on the security concerns raised.

(Source：BeInCrypto)