While the crypto market is evolving in a bullish rally<\/strong> context, a major controversy has hit Coinbase<\/a><\/strong>. As part of the migration between Coinbase Commerce and Coinbase Business, the exchange has put online a fund recovery page asking users to enter their 12-word seed phrase<\/strong>. A practice strictly prohibited in the Web3<\/strong> ecosystem.<\/p>\n\n\n\n The alert was raised by Evilcos<\/strong>, founder of SlowMist, who immediately suspected a site hack. Indeed, requesting a recovery phrase in plain text is typically associated with phishing<\/strong>. This discovery sent shockwaves through the community, as this practice goes against the most basic security rules.<\/p>\n\n\n\n The confusion is total. How can an actor as established as Coinbase expose its users to such risk? Even though the platform recommends using a secure automated tool, the presence of this manual option is enough to create a climate of FUD<\/strong> and undermine investor confidence.<\/p>\n\n\n\n