Coinbase Commerce page requires users to enter a seed phrase, raising security risks.

According to a report by Cointelegraph, a subdomain page of Coinbase Commerce prompts users to enter their wallet seed phrase, raising concerns among security researchers. SlowMist's Yu Xian stated that he cannot understand why Coinbase would create such a page, directly requiring users to enter seed phrase in plain text for asset recovery, believing this poses a serious security risk. On-chain analyst ZachXBT pointed out that this page was previously cited in a Coinbase Commerce product help document, which recommended that users recover funds by importing seed phrase into compatible wallets such as Coinbase Wallet or MetaMask, and included a link to the subdomain's withdrawal tool. This help document has since been removed. ZachXBT also pointed out that if this page were exploited by malicious actors, it could be used to launch seed phrase social engineering attacks against Coinbase users.