Coinbase Seed Phrase Recovery Page Removed After Social Engineering Warnings

Coinbase has taken down a recently flagged “legacy recovery” tool after on-chain investigators warned it could be used for Coinbase seed phrase social engineering. The issue began on March 18 when SlowMist founder Cos questioned why a Coinbase-hosted page asked users to type their 12-word recovery phrase (seed phrase) in plain text, including suggestions that users pull it from Google Drive backups. On-chain investigator ZachXBT then highlighted that the page—hosted on an official Coinbase domain—could be cloned and weaponized on lookalike sites to trick victims into submitting their Coinbase seed phrase. SlowMist’s team (including 23pds) pointed to technical/design weaknesses, such as the lack of a proper sitemap, which made cloning easier. Separately, security commentators stressed the behavioral risk: users are widely taught never to enter recovery phrases into a website, and official-looking prompts can make phishing more convincing. A Coinbase team member confirmed the tool was removed and said a new solution is under development. At the time of the report, the page displayed a service-unavailable message. Broader context: Nominis reported that crypto scam and exploit losses fell by about 87% in February, but attackers are increasingly targeting users via phishing and misleading prompts rather than exploiting code—making prompt-level security and user-facing design critical.