Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / M1n3rX /
Coinbase Under Fire for Asking Users to Enter Seed Phrases Amid Phishing Concerns

Coinbase Under Fire for Asking Users to Enter Seed Phrases Amid Phishing Concerns

Author:
M1n3rX
Published:
2026-03-20 07:13:01
10
3


Coinbase, one of the largest cryptocurrency exchanges, is facing backlash after security experts flagged a subdomain page that asks users to input their seed phrases in plain text to recover crypto assets. The page, part of Coinbase Commerce’s liquidation process before the March 31 deadline, has raised alarms for exposing users to social engineering attacks. Critics argue the design could easily be copied by phishing scammers, putting millions at risk. Here’s what you need to know.

Why Is Coinbase Being Criticized?

A Coinbase subdomain page has sparked outrage among blockchain security experts for requesting users to enter their mnemonic seed phrases directly—a practice widely condemned as unsafe. The page was publicly called out on March 19, 2026, by Yu Xian (aka Evilcos), founder of blockchain security firm SlowMist, who shared screenshots on X with the caption: "I’m baffled that Coinbase has a page like this, asking users to input seed phrases in plain text. This is unbelievable! I almost thought the subdomain was hacked."

The timing couldn’t be worse. Coinbase Commerce is winding down, forcing merchants to urgently recover funds before the March 31 deadline. This pressure creates a perfect storm for phishing scams, as rushed users may overlook security red flags. Ironically, Coinbase’s own help documentation states the company will never ask for recovery phrases—a policy this page blatantly contradicts.

How Could Attackers Exploit This?

Security researchers warn that the page’s design provides a blueprint for fraud. 23pds, SlowMist’s information security director, noted: "Even though the LINK is from Coinbase’s official site, directly asking users to submit seed phrases is reckless." He added that the flawed sitemap structure makes it easy for attackers to clone the page using tools like ResourcesSaver and deploy phishing sites with similar-looking domains.

Blockchain investigator ZachXBT, known for tracking crypto scams, was blunt: "So Coinbase basically has an active official page that criminals could use to socially engineer seed phrases from users." He urged Coinbase to remove the page immediately. As of publication, the exchange hasn’t commented or taken the page down.

Has Coinbase Faced Similar Issues Before?

This isn’t Coinbase’s first rodeo with social engineering threats. In February 2025, ZachXBT reported users lost over $65 million in just two months to scams where fraudsters posed as Coinbase support staff using cloned admin panels. Later that May, a data leak exposed personal information after overseas support agents were bribed by criminals. Coinbase fired involved staff, notified regulators, and set aside $180-$400 million for remediation—including a $20 million bounty for arrest leads.

Given this history, the Commerce page is a glaring vulnerability. Evilcos’ warning should prompt urgent action from Coinbase to prevent further exploitation. As one Reddit user quipped, "It’s like leaving your vault door open during a bank robbery."

What Should Users Do?

Never enter your seed phrase on any webpage—even if it looks official. Use hardware wallets for secure recovery, and enable multi-factor authentication. If you’re a Coinbase Commerce merchant, withdraw funds carefully and verify URLs. As the crypto community often says: "Not your keys, not your coins."

This incident highlights the fine line between user convenience and security in crypto. While deadlines pressure platforms to streamline processes, cutting corners on safety risks catastrophic losses. Hopefully, Coinbase learns fast—before attackers do.

FAQs

Why is Coinbase asking for seed phrases?

The page was part of Coinbase Commerce’s asset recovery process before its March 31 shutdown. However, security experts argue this method is dangerously vulnerable to phishing.

Has Coinbase fixed the issue?

As of March 20, 2026, the page remains active. Coinbase hasn’t issued a statement.

How can I protect myself?

Never share seed phrases online. Use cold wallets for storage and bookmark official exchange URLs to avoid phishing traps.

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2026 BTCC.com. All rights reserved

All articles reposted on this platform are sourced from public networks and are intended solely for the purpose of disseminating industry information. They do not represent any official stance of BTCC. All intellectual property rights belong to their original authors. If you believe any content infringes upon your rights or is suspected of copyright violation, please contact us at [email protected]. We will address the matter promptly and in accordance with applicable laws.BTCC makes no explicit or implied warranties regarding the accuracy, timeliness, or completeness of the republished information and assumes no direct or indirect liability for any consequences arising from reliance on such content. All materials are provided for industry research reference only and shall not be construed as investment, legal, or business advice. BTCC bears no legal responsibility for any actions taken based on the content provided herein.