Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Cryptocurrency exchange Coinbase has begun requesting seed phrases from users, according to SlowMist., 2026/03/19 12:18:34
The cryptocurrency exchange Coinbase is requesting users’ wallet seed phrases through one of its services to facilitate the integration of funds across various platforms. This was highlighted by Cosine, the founder of the blockchain security firm SlowMist.
According to him, a service has been launched on the exchange’s subdomain withdraw.commerce.coinbase.com, where users are prompted to enter their seed phrase to transfer funds from the outdated Coinbase Commerce platform to other wallets, including Coinbase Wallet and MetaMask, or to external addresses. Screenshots provided also indicate that the system allows for copying the secret phrase from Google Cloud Storage.
The expert pointed out that such a practice poses risks of wallet compromise. Initially, he suspected that it was a phishing site, but later concluded that the website is legitimate.
Blockchain researcher ZachXBT joined the discussion, noting that this page could be exploited in social engineering attacks. He assessed that malicious actors might encourage users to input their seed phrases, thereby gaining access to their funds.
Related Posts
Coinbase’s support documentation states that entering the seed phrase is necessary to merge wallets from the exchange and MetaMask. Without this, the consolidation of balances is not possible.
The exchange also announced that users must withdraw their funds from Coinbase Commerce by March 31, 2026. After this date, the withdrawal tool will be disabled, and access to funds may be lost.
In comments, cybersecurity experts analyzed the code of the withdraw.commerce.coinbase.com page and pointed out potential vulnerabilities. Specifically, they noted improper functioning of the sitemap, which could facilitate the copying of the interface using tools like ResourcesSaver and the creation of phishing replicas of the site on similar domains.
In December 2024, Coinbase experienced a data breach that became public knowledge in May 2025. As a result of the incident, data from approximately 69,000 users was compromised, and the costs for remediation exceeded $200 million. According to the investigation, the attackers bribed employees of the outsourcing company TaskUs, which provided customer support services to Coinbase.
