Cos(余弦)😶‍🌫️
Cos(余弦)😶‍🌫️|Mar 26, 2026 14:40
The issue reported earlier has been addressed—Coinbase took down the relevant page. But just now, @liszechung found a similar page that collects plaintext seed phrases: https://keys.(coinbase.com)/recover-passkey As shown in the screenshot, this is honestly so ironic… cc @zachxbt @tayvano_ @im23pds Why is this a risk worth paying attention to? For wallets, the security model of online web pages is inherently very weak, far inferior to extensions or apps. Moreover, the practice of collecting plaintext seed phrases on web pages can easily be mimicked by phishing sites, and it’s already a common phishing tactic. Lastly, as a well-known wallet provider, Coinbase should take responsibility for its users and avoid actions that significantly lower the security model of wallets. Coinbase should proactively eliminate such risks instead of waiting for people to discover them one by one.
+6
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads