Coinbase removed a controversial account recovery tool after security experts warned it could facilitate phishing attacks. On-chain investigators noted the page required users to enter their 12-word seed phrase in plain text, which contradicts fundamental security practices. The platform’s design choices faced scrutiny for potentially making social engineering scams more convincing.
Coinbase has taken down a “legacy recovery” tool after on-chain investigators raised security concerns. Experts warned the page could be weaponized to trick users into surrendering their seed phrases.
It began when Cos, founder of security firm SlowMist, questioned why an official Coinbase page asked for plain-text recovery phrases. He shared screenshots showing an interface prompting users to paste their mnemonic phrase.
Well-known investigator ZachXBT posted that the page could serve as a social engineering tool for attackers. “So basically Coinbase has an official page live threat actors can use to target Coinbase users via seed phrase social engineering if they wanted?” he asked.
A SlowMist team member, 23pds, pointed out the page lacked a proper sitemap and could be easily cloned. They stated attackers could copy the interface onto lookalike domains to steal sensitive information.
Another user, Kieran, argued the tool violated a core security rule to never enter a recovery phrase into a website. They claimed its existence on an official domain could make phishing attempts more effective.
Coinbase team member Alex stated the firm had removed the tool and was developing a new solution. “Appreciate you all raising this and holding us to the highest standards,” they added.
The page now displays a message stating the service is unavailable. This episode highlighted ongoing tensions between platform design and security practices.
Recent on-chain data indicates a shift in attack methods towards social engineering. Security firm Nominis reported cryptocurrency scam losses fell sharply in February.
However, the firm noted attackers are now more likely to target users directly through phishing. This trend makes the risks identified by investigators regarding official recovery tools particularly relevant.
