A new disclosure from the SlowMist Chief Information Security Officer has exposed a serious issue with the security of the asset recovery page of Coinbase Commerce. It has been revealed that the page asks users to type their mnemonic phrase in plaintext, which is one of the most private pieces of information that must be kept secret.
The Risks of Exposing Mnemonic Phrases
It is very dangerous to disclose one’s mnemonic phrase. Only with this phrase is it possible for someone to open your crypto wallet and therefore steal your assets. Besides, Coinbase or any other exchange should never ask for such kind of info. Revealing mnemonic phrases may result in phishing and scams because the hackers will know how to steal the wallet. The Coinbase Commerce page has the line: “Sign in to Google Drive from the portal, copy the phrase and paste it in the text field below, ” which has confused many security experts.
Also Read: SlowMist Introduces Layered Web3 Security For Autonomous AI Agents
Security Measures Under Scrutiny
With encryption using AES-256, 2FA, and 98% of user funds being kept in cold storage, Coinbase had a very good record of security. But this event is a reminder of the importance of user awareness and the need for exchanges to put security first in every part of their services. People should always be careful and inform Coinbase Support if they see something fishy. This event has also made people wonder about security practices of Coinbase Commerce and what risks users may have.
Also Read: XRP Records Positive Net Inflows on Binance, Bybit
Best Practices for Protecting Sensitive Information
Users should follow some best security practices to protect their sensitive information. Apart from the obvious, never sharing your mnemonic phrase and private keys, one should also take steps to verify that the websites and services you give your sensitive information to are genuine.
Also Read: Polygon (POL) Price Faces Pressure Despite Polygon Integration
