Coinbase Wallet Seed-Phrase Phishing Scams
Criminals pose as Coinbase to steal users' Coinbase Wallet seed phrases, giving permanent access to all assets in the self-custody wallet. Coinbase's exchange service does not use seed phrases — but Coinbase Wallet does, and it should never be shared.
Part of: Seed Phrase Phishing
Last reviewed: 7 June 2026
Coinbase operates two distinct products: the Coinbase exchange (a custodial service where Coinbase holds assets on behalf of users) and Coinbase Wallet (a self-custody mobile wallet where users control their own private keys via a 12-word recovery phrase). The distinction matters critically in the context of seed-phrase phishing: the exchange has no seed phrase, but Coinbase Wallet does.
Scammers exploit user confusion between these two products. They send fake Coinbase communications claiming that users need to 'sync their Coinbase Wallet' or 'verify their wallet backup' as part of a new Coinbase security requirement, and direct victims to enter their Coinbase Wallet recovery phrase on a phishing page.
The Coinbase Wallet recovery phrase is the absolute master key to all assets held in that wallet. Coinbase itself does not have access to it — it is entirely user-controlled. No Coinbase process, email, or update will ever require a user to enter it anywhere other than the Coinbase Wallet app when restoring on a new device.
How this scam works on the Coinbase brand
An email with Coinbase's branding announces a 'mandatory wallet backup verification' required by a new security policy. It states that Coinbase Wallet users must confirm their recovery phrase through a provided link to maintain wallet access. The link leads to a page styled like Coinbase Wallet's onboarding flow, with a 12-word input form.
Another version is delivered through the Coinbase platform itself: a fake push notification or in-app banner (on a phishing site mimicking the app) claims the wallet needs to be 're-linked' to the user's Coinbase account by entering the recovery phrase. In reality, Coinbase Wallet and the Coinbase exchange are entirely separate applications — no linking process exists that requires the seed phrase.
Coinbase Wallet's recovery phrase is used only when importing the wallet into a new device or into the Coinbase Wallet app during its own setup flow. Any other context in which the phrase is requested is an attack.
Common red flags
- An email or notification claiming you must verify your Coinbase Wallet recovery phrase
- A request to 'link your Coinbase Wallet to your Coinbase account' by entering the recovery phrase
- A web form outside the Coinbase Wallet app asking for the 12-word recovery phrase
- An email suggesting your Coinbase Wallet will be suspended unless you verify the phrase
- A site at any domain other than coinbase.com prompting Coinbase Wallet seed entry
- A push notification about wallet backup verification from an unfamiliar source
How to protect yourself
- Treat any request for your Coinbase Wallet seed phrase outside the official app as an automatic fraud
- Understand that Coinbase Wallet and Coinbase exchange are separate — no genuine process links them via seed phrase
- Store the Coinbase Wallet recovery phrase offline only — never in cloud storage, screenshots, or email
- Keep the Coinbase Wallet app updated through the official App Store or Google Play only
- Report any phishing emails to [email protected] immediately
How to report it
- Forward phishing emails to [email protected]
- Report phishing sites to Google Safe Browsing
- Report to IC3.gov (US) or Action Fraud (UK)
- Report to your national data protection authority if a seed phrase was submitted to a scam site
Frequently asked questions
What is the difference between Coinbase and Coinbase Wallet?
Coinbase is a custodial exchange — Coinbase holds assets on behalf of users. Coinbase Wallet is a self-custody mobile wallet where users control their own private keys through a 12-word seed phrase. They are separate apps with different security models.
Can Coinbase support access my Coinbase Wallet?
No. Coinbase Wallet is self-custody. Coinbase does not have access to private keys or seed phrases. This is by design. No Coinbase support process requires or involves the Coinbase Wallet seed phrase.
I entered my Coinbase Wallet seed phrase on a site. What should I do?
Immediately open the official Coinbase Wallet app, create a completely new wallet with a new seed phrase, and transfer all assets to the new wallet before the attacker can drain it. Every second counts — attackers may sweep wallets automatically upon receiving a seed phrase.