Cos(余弦)😶🌫️|Mar 26, 2026 14:40
The issue reported earlier has been addressed—Coinbase took down the relevant page. But just now, @liszechung found a similar page that collects plaintext seed phrases:
https://keys.(coinbase.com)/recover-passkey
As shown in the screenshot, this is honestly so ironic…
cc @zachxbt @tayvano_ @im23pds
Why is this a risk worth paying attention to? For wallets, the security model of online web pages is inherently very weak, far inferior to extensions or apps. Moreover, the practice of collecting plaintext seed phrases on web pages can easily be mimicked by phishing sites, and it’s already a common phishing tactic. Lastly, as a well-known wallet provider, Coinbase should take responsibility for its users and avoid actions that significantly lower the security model of wallets.
Coinbase should proactively eliminate such risks instead of waiting for people to discover them one by one.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink