Gate News reports that on March 19, a subdomain page of a certain CEX Commerce displayed a prompt for users to input their wallet seed phrases, attracting the attention of security researchers. SlowMist’s Yu Xian stated that they cannot understand why the exchange would set up such a page, which directly asks users to enter seed phrases in plain text for asset recovery, considering it a serious security risk. On-chain analyst ZachXBT pointed out that this page was once referenced in a help document for a CEX Commerce product, which advised users to recover funds by importing seed phrases into a compatible wallet such as CEX Wallet or MetaMask, with a link to the withdrawal tool on that subdomain. The help document has since been removed. ZachXBT also noted that if malicious actors exploit this page, it could facilitate social engineering attacks on the exchange’s users.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
