Coinbase is facing scrutiny after a page linked to its Commerce product appeared to ask users to input plaintext wallet recovery phrases. Yu Xian, founder of blockchain security platform SlowMist, flagged the issue on X, calling the practice insecure and puzzling given the risks involved.
Recovery phrases grant full control over self-custody wallets and should never be shared with third parties or entered on untrusted sites. Blockchain investigator ZachXBT noted the page was referenced in a Coinbase Help guide, which has since reportedly been removed, and questioned whether threat actors could exploit it for social engineering attacks.
Coinbase told Cointelegraph it was looking into the matter but offered no further details. Separately, the company has warned users that scammers are impersonating its customer support staff by phone and online to steal login credentials.
Originally reported by CoinTelegraph.
