Coinbase’s Security Paradox: Migration Instructions Mirror Phishing Tactics

In a concerning development for institutional cryptocurrency users, Coinbase is currently instructing merchants to manually handle their 12-word seed phrases during a wallet migration process—directly contradicting its own established security protocols. This guidance, issued ahead of the March 31, 2026 shutdown of legacy Commerce wallets, alarmingly replicates the exact methods employed by phishing attackers to drain digital assets from unsuspecting victims. The exchange's official documentation specifically warns merchants holding Bitcoin and other cryptocurrencies that they must extract and input their recovery phrases to transfer funds before the deadline, despite Coinbase's longstanding security recommendations against such manual seed phrase handling. This contradictory approach has raised significant security concerns within the professional cryptocurrency community, as it creates confusion and potentially exposes institutional funds to unnecessary risk. The timing is particularly sensitive given the increasing sophistication of phishing campaigns targeting cryptocurrency exchanges and their users. Security experts note that legitimate platforms typically avoid asking users to manually enter complete seed phrases, especially via web interfaces, as this practice dramatically increases vulnerability to keylogging attacks, clipboard monitoring, and social engineering exploits. Coinbase's Commerce platform, designed for business and merchant transactions, holds substantial institutional funds, making this security contradiction even more troubling. As the March 31, 2026 deadline approaches, merchants face the dilemma of either following potentially risky migration instructions or risking loss of access to their funds. This situation highlights the ongoing challenges in balancing user education, migration necessities, and uncompromising security standards within the rapidly evolving cryptocurrency custody landscape. The incident serves as a reminder that even established exchanges must maintain consistent security messaging, particularly when handling the sensitive recovery mechanisms that protect institutional digital assets.

Coinbase's Contradictory Seed Phrase Instructions Raise Security Concerns

Coinbase is advising Commerce wallet users to manually extract and input their 12-word seed phrases during a migration process—a practice that directly contradicts its own security guidelines. The exchange's withdrawal instructions for legacy Commerce wallets before the March 31, 2026 shutdown mirror the exact techniques used by phishing scammers to drain funds.

The platform specifically warns merchants holding Bitcoin or other UTXO-based assets to follow this risky procedure, claiming balances might otherwise become inaccessible. This creates a glaring contradiction: Coinbase's standard documentation explicitly states users should never share recovery phrases, paste them into websites, or expect the company to request them.

Security experts recognize seed phrases as the master key to self-custody wallets. The current migration guidance effectively compromises the fundamental principle of non-custodial security—that recovery phrases should remain entirely offline. For a platform processing billions in crypto transactions, this procedural anomaly raises serious questions about risk management protocols.

Coinbase Expands Derivatives Offering with 24/7 Stock Futures for Non-US Traders

Coinbase has launched stock perpetual futures for eligible non-US traders, enabling margin trading and cash settlement on major US stocks and indices like Apple (AAPL) and Nvidia (NVDA). The move aligns with the exchange's strategy to unify crypto, equities, and prediction markets on a single platform.

Retail users can access the contracts on Coinbase's main platform, while institutions trade via Coinbase International Exchange. Leverage caps at 10x for single stocks and 20x for ETF products, with USDC as the settlement currency—simplifying cross-margining between futures and spot positions.

The expansion follows Coinbase's recent derivatives push in Europe, where crypto futures are now available across 26 countries under MiFID regulations. Plans are underway to extend stock perpetual futures to additional regions, reinforcing the exchange's 2026 growth roadmap.