Coinbase Removes Web Page That Asked Users for Plaintext Seed Phrases

Coinbase removed a recovery page that requested plaintext mnemonic phrases after security concerns highlighted how standard web pages can be more easily imitated by phishing sites.

37d ago

Summary

Coinbase removed a web page that had asked users to enter plaintext mnemonic phrases for asset recovery. On March 26, SlowMist founder Cosine said web security is weaker than browser extensions or mobile apps and warned that such a design is easy for phishing sites to copy. The issue centers on the risks of requesting highly sensitive wallet recovery credentials through a standard web interface.

Terms & Concepts

mnemonic phrases: A set of recovery words used to restore access to a crypto wallet; anyone with the phrase can typically control the associated assets.
phishing: A scam technique in which attackers imitate legitimate sites or services to steal sensitive information such as wallet credentials.
asset recovery: The process of restoring access to digital assets, often by using wallet backup credentials such as a seed or mnemonic phrase.