Coinbase has taken down a recently flagged “legacy recovery” tool after on-chain investigators warned that it could be used to trick users into giving up their seed phrases. The episode reignited concerns about how design choices for platforms may clash with longstanding security practices. Shortly after, well-known on-chain investigator ZachXBT posted that the page could be used by attackers as a social engineering tool, given that it was hosted on an official Coinbase domain. “So basically Coinbase has an official page live threat actors can use to target Coinbase users via seed phrase social engineering if they wanted?” he asked.
Another member of the SlowMist team, 23pds, pointed out technical flaws on the page, saying that it didn’t have a proper sitemap and could be easily cloned. They added that attackers could copy the interface and use domains that look like it to trick people into giving them sensitive information. There were also concerns beyond the risk of cloning, with one X user, going by Kieran, arguing that the bigger problem was behavioral. They claimed that the tool went against one of the most widely taught safety rules in crypto, which is to never share or enter a recovery phrase into a website.
The existence of such requirements on official pages, according to them, could make phishing attempts more convincing. Alex, a team member at Coinbase, responded by stating that they had removed the tool and were actively developing a new solution. At the time of writing, a check on the page showed that it had indeed been taken down, with a simple message informing users that the service was unavailable and that they should try again later. The concerns raised by ZachXBT and the SlowMist team aren’t for nothing.
According to on-chain security company Nominis, in February, total losses related to cryptocurrency scams and exploits fell by nearly 87%. But more importantly, Nominis revealed that attackers are now more likely to target users instead of exploiting code. The firm noted that recent incidents had relied more heavily on phishing and misleading prompts instead of technical vulnerabilities. And with such schemes becoming more common, it’s vital to deny attackers the sort of advantage ZachXBT believes occurrences like the Coinbase recovery tool could have possibly given them.
Leave a Reply