SlowMist Cos: Coinbase Commerce's withdrawal page exhibits extremely insecure behavior, directly prompting users to enter a mnemonic phrase in plaintext for asset recovery. This is utterly baffling. The page states: "Log in to Google Drive from the portal, copy the mnemonic phrase, and paste it into the text box below." ZachXBT: Malicious attackers could exploit this Coinbase page to socially engineer attacks using the mnemonic phrase. SlowMist also points out that attackers can easily use tools like ResourcesSaver to download the front-end code and deploy similar phishing websites.