Security researchers raised concerns about a Coinbase page that prompted users to enter their recovery phrases, warning that it could be easily copied and misused on fake websites due to the absence of a proper sitemap.
Coinbase has since removed the “legacy recovery” tool after blockchain investigators highlighted the risk that it could be exploited to trick users into revealing their seed phrases.
The situation has renewed debate about how certain platform design decisions may conflict with established crypto security practices.
Concerns Surround Coinbase Recovery Page
The issue came to light on March 18 when Cos, founder of SlowMist, questioned why a Coinbase hosted page was asking users to input their 12 word recovery phrases in plain text. Screenshots shared showed a Coinbase Commercial withdrawal interface instructing users to paste their mnemonic phrase and even suggesting retrieving it from Google Drive backups.
Soon after, on chain investigator ZachXBT warned that the page could be leveraged by attackers as a social engineering tool, especially since it was hosted on an official Coinbase domain.
He raised concerns that threat actors could use the page to target Coinbase users by exploiting trust in the platform.
Another member of the SlowMist team, 23pds, pointed out technical weaknesses, noting that the page lacked a proper sitemap and could be easily duplicated. According to them, attackers could replicate the interface and deploy it on lookalike domains to trick users into sharing sensitive information.
Additional concerns focused on user behavior. A user known as Kieran argued that the tool contradicted one of the most fundamental rules in crypto security, which is to never share or enter a recovery phrase on any website. They warned that having such a feature on an official page could make phishing attempts appear more legitimate.
A Coinbase team member named Alex confirmed that the tool had been removed and said the company is working on a safer alternative. They also acknowledged the feedback and emphasized their commitment to maintaining high security standards.
At the time of reporting, the page had been taken down and replaced with a message indicating that the service was unavailable.
Rising Risk of Social Engineering Attacks
The concerns raised by ZachXBT and the SlowMist team reflect broader trends in crypto security.
Data from Nominis shows that in February, total losses from cryptocurrency scams and exploits dropped by nearly 87 percent. However, the report also highlights a shift in tactics, with attackers increasingly targeting individuals rather than focusing on technical vulnerabilities.
According to the firm, recent attacks rely more on phishing schemes and deceptive prompts than on flaws in code. As these methods become more common, reducing opportunities for manipulation remains critical, especially in cases where platform features could unintentionally make such attacks easier to execute.#crypto#cryptonews https://coinsignals.net https://t.me/coinsignalpublic
