A significant security concern has been identified with Coinbase Commerce‘s asset recovery page, which reportedly asks users to input their plaintext mnemonic phrase. Security experts warn that sharing this phrase grants full access to a cryptocurrency wallet, putting assets at serious risk. The incident has raised questions about security protocols at a major exchange, highlighting the critical need for user vigilance.
The Chief Information Security Officer of SlowMist disclosed a serious security issue on the asset recovery page for Coinbase Commerce. The page was found to ask users to enter their plaintext mnemonic phrase, a highly sensitive piece of information that must always be kept secret.
Sharing a mnemonic phrase can grant unauthorized access to a user’s entire cryptocurrency wallet. “The page displays: ‘Sign in to Google Drive from the portal, copy the phrase and paste it in the text field below,’” which security experts found baffling and dangerous.
This incident highlights the importance of user vigilance and the need for exchanges to prioritize security in all service aspects. Users should never share mnemonic phrases or private keys with anyone, including exchanges.
Coinbase has historically maintained strong security measures, including AES-256 encryption and cold storage for funds. The event, however, has prompted scrutiny of Coinbase Commerce‘s specific security practices and the potential risks to users.
