Coinbase Commerce Tool Sparks Outcry Over Seed Phrase Risks

• Coinbase Commerce raises security alarms with its withdrawal tool requesting seed phrases.
• Experts warn of phishing risks and regulatory scrutiny surrounding the controversial feature.

On March 19, 2026, Coinbase faced criticism after media reports highlighted a withdrawal tool on its Commerce platform that requests users to input their wallet seed phrases. This move has alarmed security professionals as it contradicts established cryptocurrency security principles.

The tool was introduced to facilitate fund migration ahead of Coinbase Commerce’s planned shutdown on March 31, 2026. While the platform offers a standard withdrawal method, the alternative tool asks users to enter their 12-word seed phrase on a webpage—a step that could undermine asset security. Reports also noted the webpage advises users to copy their seed phrase from Google Drive for convenience.

Security experts expressed serious concerns about this approach. A seed phrase, which grants full access to a wallet’s assets, should never be shared on websites or platforms. Coinbase has previously stressed this in its help documentation. The inclusion of such a feature on an official Coinbase page has drawn substantial criticism from researchers. While Coinbase reportedly told one outlet that the matter was being reviewed, a formal public statement was missing as of March 19.

The lack of immediate action has amplified fears of potential security breaches. Blockchain investigator ZachXBT voiced concerns about phishing risks, stating, “So basically Coinbase has an official page live threat actors can use to target Coinbase users via seed phrase social engineering if they wanted?” The ease of replicating this webpage could enable bad actors to deploy phishing attacks tailored to exploit unsuspecting users.

Legal and security experts have suggested this issue might lead to regulatory scrutiny. An official domain requesting seed phrases undermines fundamental security principles, leaving users vulnerable to fraud and theft. Additionally, the urgency created by Coinbase Commerce’s shutdown could prompt users to ignore critical warnings, exposing them to increased risks. Observers have noted that this development may prompt regulators to evaluate Coinbase’s security protocols and user protections.

The incident threatens broader trust in the cryptocurrency industry. Retail users, already navigating complex security issues, may lose confidence in service providers following incidents like this. Institutional investors may also reconsider their engagement with platforms perceived as lacking robust security measures, potentially complicating the industry's growth trajectory.

With Coinbase Commerce’s closure imminent on March 31, the situation underscores unresolved questions surrounding security, regulatory oversight, and user education in the cryptocurrency space.