Cryip
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events
No Result
View All Result
Cryip
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events
No Result
View All Result
Cryip
No Result
View All Result
Home News Market Updates

Coinbase Commerce Security Issue Raises Concerns Over Seed Phrase Exposure

Security researchers warn that a Coinbase Commerce page asking users to enter seed phrases in plain text could expose wallets to serious hacking risks.

Saravana Kumar Mahendran by Saravana Kumar Mahendran
March 19, 2026
in Market Updates
0 0
Share on FacebookShare on Twitter
MakeCryipCryippreferred onGoogle

In a surprising development that has sent shockwaves through the crypto community, security experts have flagged a Coinbase Commerce page for serious security concerns. The official withdraw page reportedly asks users to type their 12 word mnemonic phrase, also known as seed phrase or recovery phrase, directly in plain text. Experts are calling this extremely dangerous and potentially exploitable by hackers.

The issue first gained attention after blockchain investigator ZachXBT posted a warning on X, formerly Twitter. He shared a screenshot of the page and questioned whether Coinbase had an official page that threat actors could use to target users through seed phrase social engineering. This comes alongside alerts from SlowMist, a well known blockchain security firm. Its founder, known as Evilcos, said he was very puzzled why Coinbase would have such a page that directly asks users to enter their mnemonic phrase in plain text to recover assets. He described the practice as unsafe and unbelievable, even suspecting the subdomain might have been hacked.

Coinbase Commerce Security Issue
Coinbase Commerce Security Issue

What exactly is happening on the Coinbase Commerce page

According to reports and screenshots circulating online, when users try to withdraw funds or recover assets through Coinbase Commerce, the interface prompts them to enter their full mnemonic phrase. This phrase usually contains 12 or 24 secret words that control the entire wallet. The page even suggests copying the phrase from Google Drive and pasting it directly. Everything is entered in plain text and not hidden or encrypted. Reports claim this is not a fake or third party site but an official Coinbase subdomain.

Coinbase-Commerce seed-phrase
Coinbase-Commerce seed-phrase

Why this is extremely dangerous explained simply

A mnemonic phrase (seed phrase) is like the master key to your crypto wallet. Think of it this way:

  • Your bank account has a password.
  • Your crypto wallet has this one single set of 12-24 words.
  • If anyone gets these words, they can access all your funds instantly including Bitcoin, Ethereum, USDT and everything else, and transfer them away forever. There is no password reset and no recovery possible.

Crypto security rule #1 that every expert repeats

Never type your seed phrase online. Never share it. Never paste it anywhere except on your own offline device.

By asking users to enter it in plaintext on a web page (and even suggesting Google Drive), the page breaks this golden rule. Hackers or scammers can:

Related Story

Paul Grewal to Step Down as Coinbase Chief Legal Officer Ahead of CLARITY Act Debate

Coinbase CLO Paul Grewal to Step Down Ahead of CLARITY Act Vote

July 10, 2026
AscendEX Shutdown Puts Withdrawal Delays Under Fresh Scrutiny

AscendEX Shutdown Puts Withdrawal Delays Under Fresh Scrutiny

July 9, 2026
  • Use social engineering tricks (fake messages, urgent calls, fake support) to send users to this page.
  • Steal the phrase the moment it’s typed.
  • Drain wallets in seconds.

ZachXBT specifically warned that this setup gives “threat actors” an easy tool to target Coinbase users.

Coinbase response so far: As of March 19, 2026, Coinbase has not issued any official statement, fix, or clarification. Their main account and support channels have not posted any updates. There has been no blog post or security advisory released yet.

What users should do immediately

Security experts and the crypto community are giving one clear message:

  • Never enter your seed phrase on any website, app, or page even if it looks official
  • If you see any page asking for it, close it immediately and report it
  • Always use hardware wallets like Ledger or Trezor for large amounts since they never expose the seed online
  • If you already entered your phrase anywhere suspicious, move your funds to a new wallet immediately
  • Double check every URL before typing anything sensitive

This incident is a strong reminder: In crypto, you are your own bank. One wrong click or paste can cost everything.This comes amid growing security concerns across the crypto space. A recent Bitrefill incident exposed around 18,500 customer records, highlighting how even established platforms are not immune to cyberattacks.

Disclaimer: Cryip is an independent media and research outlet providing news, data, and analysis on the cryptocurrency industry. Content is for informational and research purposes only and does not constitute financial, legal, tax, or investment advice. Cryptocurrency markets are volatile and past performance is not indicative of future results. References to specific assets, platforms, or incidents are for journalistic purposes only and do not imply endorsement, and readers assume full responsibility for their decisions.
Tags: CoinbaseSlowmistZachXBT

Related Posts

Paul Grewal to Step Down as Coinbase Chief Legal Officer Ahead of CLARITY Act Debate
Market Updates

Coinbase CLO Paul Grewal to Step Down Ahead of CLARITY Act Vote

by Sathish Kumar Kaliraj
July 10, 2026

Coinbase Chief Legal Officer Paul Grewal will step down from his role on July 31, 2026, marking the end of...

Read moreDetails
AscendEX Shutdown Puts Withdrawal Delays Under Fresh Scrutiny

AscendEX Shutdown Puts Withdrawal Delays Under Fresh Scrutiny

July 9, 2026
Coinbase Secures UK MiFID License to Expand Into Equities and Derivatives

Coinbase Secures UK MiFID License to Expand Into Equities and Derivatives

July 7, 2026
ZachXBT Sells Unsolicited Meme Coins, Donates $41K to Charity

ZachXBT Sells Unsolicited Meme Coins, Donates $41K to Charity

July 6, 2026
BlackRock, Visa and Coinbase Rally Behind Open USD as Stablecoin Competition Enters a New Phase

BlackRock, Visa and Coinbase Rally Behind Open USD as Stablecoin Competition Enters a New Phase

July 1, 2026
KuCoin Faces Scrutiny After ZachXBT Alleges Legal Threat Over $250K Atomic Stealer Theft Case

ZachXBT Alleges KuCoin Threatened Legal Action Over $250K Theft

June 30, 2026
ZachXBT Flags AscendEX Withdrawal Delays as Thin Hot Wallet Reserves Raise Liquidity Concerns

ZachXBT Flags AscendEX Withdrawal Delays as Thin Hot Wallet Reserves Raise Liquidity Concerns

June 26, 2026
Next Post
Crypto.com Cuts 12% Workforce to Accelerate AI, CEO Warns to Adapt or Fall Behind

Crypto.com Cuts 12% Workforce to Accelerate AI, CEO Warns to Adapt or Fall Behind

OpenClaw Scam

Hackers Use OpenClaw's Name to Steal Developers' Crypto Wallets

Recommended

  • All
  • News
Former Meta Engineer Says Quantum Computing and Miner Incentives Are Bitcoin's Biggest Long-Term Risks

Former Meta Engineer Says Quantum Computing and Miner Incentives Are Bitcoin’s Biggest Long-Term Risks

July 11, 2026
Vitalik Buterin Urges Elon Musk to Transform X Into a Platform for AI Governance

Vitalik Buterin Urges Elon Musk to Transform X Into a Platform for AI Governance

July 11, 2026
Ethereum Uses Just 7.87 GWh of Electricity Annually After The Merge, Cambridge Study Finds

Ethereum Uses Just 7.87 GWh of Electricity Annually After The Merge, Cambridge Study Finds

July 11, 2026
DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

July 11, 2026
DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

July 11, 2026
AI Agents Now Have a New Internet Court to Settle Disputes

AI Agents Now Have a New Internet Court to Settle Disputes

July 10, 2026
Ledger Researchers Disclose Tangem Card Flaw

Ledger Researchers Reveal Laser Flaw in Tangem Cards as Firm Downplays User Risk

July 10, 2026
Circle Receives Final OCC Approval to Launch National Trust Bank

Circle Wins Federal Approval to Launch Regulated Digital Asset Trust Bank

July 10, 2026

Cryip focuses on crypto research and on-chain analysis, supported by coverage of markets, regulation, security events, and blockchain ecosystems.

Recent Posts

  • BingX launches the BingX Visa Debit Card, bridging digital assets and everyday payments
  • Bonzo Lend Oracle Exploit Triggers Cross-Chain Fund Transfers on Hedera
  • Former Meta Engineer Says Quantum Computing and Miner Incentives Are Bitcoin’s Biggest Long-Term Risks

Categories

  • AI × Crypto
  • Data & Dashboards
  • DeFi Basics
  • Investing Basics
  • Market & Price
  • Market Updates
  • On-Chain Analysis
  • OpSec
  • Policy & Regulation
  • Post Mortems
  • Press Release
  • Reports
  • Scams & Fraud
  • Security & Hacks
  • Stablecoins
  • Tokenomics
  • VC & Funding
  • Wallets & Custody

Company

  • About Us
  • Contact Us
  • Editorial Standards & Integrity
  • Our Team
  • Privacy Policy
  • Review Methodology
  • Terms and Conditions
  • Trust, Disclosures & Independence

© 2026 Cryip - Research-Driven Crypto Analysis & News by Hashlays.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events

© 2026 Cryip - Research-Driven Crypto Analysis & News by Hashlays.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.