Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / D3C3ntr4l /
Coinbase Under Fire for Seed Phrase Page Amid Phishing Concerns – A Security Nightmare?

Coinbase Under Fire for Seed Phrase Page Amid Phishing Concerns – A Security Nightmare?

Author:
D3C3ntr4l
Published:
2026-03-20 09:39:02
16
1


Coinbase, one of the world’s largest cryptocurrency exchanges, is facing intense backlash after security experts flagged a subdomain page that asks users to input their seed phrases in plain text. The page, part of Coinbase Commerce’s shutdown process, has been criticized for exposing users to social engineering attacks. With the March 31 deadline looming, thousands of merchants rushing to recover funds could fall victim to phishing scams. Here’s a deep dive into the controversy, past security lapses, and why this could be a goldmine for fraudsters.

Why Is Coinbase Asking Users for Their Seed Phrases?

Security researchers were stunned when a Coinbase subdomain page surfaced, directly prompting users to enter their mnemonic phrases—essentially the keys to their crypto wallets—to recover assets. Blockchain security firm SlowMist’s founder, Yu Xian (aka Evilcos), publicly called out the page on March 19, 2026, sharing screenshots and questioning Coinbase’s judgment. "I can’t believe Coinbase has a page like this," he wrote. "Asking users to input seed phrases in plain text is unthinkably reckless."

The page was created as part of Coinbase Commerce’s wind-down process, forcing merchants to retrieve funds before the March 31 cutoff. But security experts argue that the design is a phishing blueprint. 23pds, SlowMist’s Director of Information Security, warned that attackers could clone the page and deploy fake domains to trick users—especially under time pressure.

How Could This Be Exploited by Attackers?

The risks go beyond Coinbase’s own handling of the data. The page’s structure makes it easy for scammers to replicate. "Even though the LINK is official, requesting seed phrases outright is dangerously irresponsible," 23pds noted. ZachXBT, an on-chain investigator, was blunt: "So Coinbase has an active page that malicious actors can use to phish users? Great job."

Given Coinbase’s history with social engineering attacks—including a $65 million theft in early 2025—this latest oversight is alarming. Fraudsters previously posed as support agents, using cloned admin panels to drain wallets in real time. Now, with a ready-made template, phishing campaigns could skyrocket.

Has Coinbase Been Hacked Before?

Unfortunately, yes. In February 2025, ZachXBT reported $65 million in losses from impersonation scams targeting Coinbase users. Months later, a data breach exposed personal details after overseas support agents were bribed. The exchange fired the employees, notified regulators, and set aside up to $400 million for reparations—but the damage was done.

This latest incident adds fuel to the fire. With Commerce users scrambling to meet deadlines, the page is a sitting duck for exploitation. Coinbase’s own help docs state they’ll never ask for recovery phrases, making this contradiction even more baffling.

What Should Users Do Now?

If you’re a Coinbase Commerce user, proceed with extreme caution. Never enter your seed phrase on any webpage—even if it looks official. Use hardware wallets for storage, and enable multi-factor authentication. As for Coinbase, the clock is ticking. Will they pull the page before criminals capitalize on it?

FAQs

Why is Coinbase asking for seed phrases?

The page was intended for asset recovery during Coinbase Commerce’s shutdown, but security experts say it’s a major phishing risk.

Has Coinbase had security issues before?

Yes, including a $65M social engineering scam in 2025 and a data breach from bribed support agents.

What’s the safest way to recover funds?

Avoid entering seed phrases online. Use official support channels and hardware wallets.

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2026 BTCC.com. All rights reserved

All articles reposted on this platform are sourced from public networks and are intended solely for the purpose of disseminating industry information. They do not represent any official stance of BTCC. All intellectual property rights belong to their original authors. If you believe any content infringes upon your rights or is suspected of copyright violation, please contact us at [email protected]. We will address the matter promptly and in accordance with applicable laws.BTCC makes no explicit or implied warranties regarding the accuracy, timeliness, or completeness of the republished information and assumes no direct or indirect liability for any consequences arising from reliance on such content. All materials are provided for industry research reference only and shall not be construed as investment, legal, or business advice. BTCC bears no legal responsibility for any actions taken based on the content provided herein.