Coinbase instructs users to follow the same ‘foolish’ steps scammers use to withdraw funds from wallets
Coinbase is directing Commerce wallet users to reveal their seed phrase for migration, a process security experts deem dangerously similar to common scam tactics.Summary
Coinbase is instructing users of legacy Commerce wallets to withdraw funds before a March 31, 2026 deadline. For users who backed up their wallet to Google Drive, the process requires them to reveal their 12-word seed phrase on an official Coinbase-hosted withdrawal tool.
Security researchers, including SlowMist founder Yu Xian and investigator ZachXBT, heavily criticized this workflow, calling it "extremely foolish" because it mirrors the exact steps scammers use in phishing attacks. They argue that normalizing seed phrase entry on an official page provides a template for attackers to mimic, potentially increasing social engineering scams, which already cost Coinbase users over $300 million annually.
The criticism is amplified by Coinbase's history with security incidents, including a 2025 breach involving bribed support agents and a 2021 incident where stolen credentials led to exploited account recovery processes. Security experts warn that this official procedure undermines years of user education against sharing seed phrases.
(Source:CryptoSlate)