Security researchers have raised concerns over a Coinbase Commerce page that prompts users to enter wallet recovery phrases, a practice commonly exploited in phishing scams.
Founder of SlowMist, Yu Xian, flagged the issue, questioning why Coinbase would ask for such sensitive information. Coinbase responded by stating they were investigating but provided no further details.
Wallet recovery phrases should never be shared with third parties or entered on untrusted sites. Coinbase previously warned against pasting these phrases into any website. The company also recently warned users about scam attempts targeting login information and verification codes.
Coinbase advises against entering seed phrases on any site and emphasizes that Commerce wallets are self-custodial, meaning Coinbase does not have access to users' seed phrases.
Image sources: Coinbase Commerce, X (Twitter)