Coinbase has come under the public scanner over a suspicious commerce portal that many complain mimics a phishing attempt. Yu Xian, the founder of blockchain security firm SlowMist, is among those who have flagged this page on social media.
The page under question shows Coinbase asking users to punch-in their secret wallet recovery phrases. It reads, “when setting up your Commerce account, you were given a 12-word recovery phrase for your Commerce platform. Enter your recovery phase or private key.”
Anybody who engages with crypto wallets would know that ones wallet security phase of private key are never supposed to be shared.
Its the one cardinal rule for those saving their assets on web-connected hot wallets. So when this page under the Coinbase name started to surface, suspicions of a potential phishing attempt started to make rounds on social media.
Flagging the page Xian said, “I’m really puzzled why Coinbase would have a page like this, directly asking users to input their plaintext mnemonic phrases for asset recovery? Such an insecure practice is simply unbelievable…@coinbase. I almost thought the subdomain had been hacked.”
Xian also shared screenshots of the page as part of this tweet.
Popular Web3 scam investigator who goes by the username @ZachXBT also joined the conversation on X questioning Coinbase.
Source: X/ @zachxbt
Coinbase is yet to respond to these ongoing complaints.
SlowMist-linked researcher who operates from the @im23pds handle on X has pointed out that the page is definitely linked to the official Coinbase website, however, the website linked to the page has a flawed sitemap that could let cyber threat actors to download the front-end code and deploy a similar website and execute a phishing attack.
An explanation from Coinbase on the matter remains awaited for now.
As per Chainalysis, over $14 billion was wired to addresses linked to scammers and fraudsters in 2025 who commonly restored to deploying phishing attacks on unsuspecting crypto investors.