Slow Fog CISO: The Coinbase Commerce asset recovery page sitemap also has flaws, posing a phishing attack risk

After Slow Mist founder Yu Xian disclosed that the Coinbase Commerce asset recovery page directly requires users to enter plaintext mnemonic phrases, Slow Mist's Chief Information Security Officer 23pds added that the sitemap of that page also has flaws, allowing malicious attackers to easily use tools like ResourcesSaver to download the frontend code and deploy similar websites.

If combined with similar domain names like Coinbase for phishing attacks, users can easily fall victim.