Coinbase Page Flags Security Risk Over Seed Phrase Entry
The post Coinbase Page Flags Security Risk Over Seed Phrase Entry appeared on BitcoinEthereumNews.com.
ZachXBT flags Coinbase Commerce recovery page asking users to enter their 12-word seed phrase, raising phishing and social engineering concerns. A live page on Coinbase’s official domain is drawing security alarm from researchers. The page, hosted at withdraw.commerce.coinbase.com, asks users to enter a 12-word seed phrase as part of an asset recovery process tied to Coinbase Commerce. The exchange has not pulled the page down. On-chain investigator ZachXBT raised the alarm on X, questioning whether Coinbase had thought through what a page like this could enable. “So basically Coinbase has an official page live threat actors can use to target Coinbase users via seed phrase social engineering if they wanted?” ZachXBT wrote. The post drew thousands of interactions almost immediately. When an Official Page Becomes the Weapon Security researcher evilcos flagged the same page earlier on X, saying the practice of asking users to input plaintext mnemonic phrases was simply hard to believe from a major exchange. The researcher said the subdomain initially looked like it had been compromised. It had not. The page is official. The Coinbase Commerce help documentation, visible on the recovery page, explains the process. It tells merchants their funds may be spread across hundreds or even thousands of wallet addresses because Commerce generated a new address for every payment received. Importing the seed phrase into a standard wallet, it says, may not show the full balance. Standard wallets typically scan only the first 20 unused addresses. For Bitcoin and other UTXO-based assets, Coinbase directed users toward the withdrawal tool before March 31, 2026. The documentation also instructs users on how to retrieve a seed phrase backed up to Google Drive, then enter it at the withdrawal tool. This is where researchers say the risk sits. Two Separate Problems, One Very Dangerous Page Security researcher im23pds…
Filed under: News - @ March 19, 2026 11:24 pm