What “wallet” refers to
Coinbase (custodial) account: your account on coinbase.com. Coinbase holds the private keys; you access funds via login + 2FA. Good convenience, less responsibility.
Coinbase Wallet (self-custody mobile app): you control the seed phrase/private keys. More responsibility, more control (can connect to dApps, move assets across chains).
Hardware wallets (Ledger, Trezor): keep your private keys offline — recommended for large holdings.
Key Security Rules (must-follow)
Private keys / seed phrase = do not share. Ever.
API keys: grant minimal permissions (read-only if you only need data). Never enable withdrawals unless absolutely necessary, and use IP whitelisting.
Enable 2FA: use an authenticator app (Google Authenticator, Authy) — not SMS if possible.
Use hardware wallet for large amounts.
Back up seed phrase offline (metal plate or paper stored in a safe/deposit box).
Check URLs and official domains before logging in (coinbase.com, wallet.coinbase.com).
Rotate (regenerate) API keys periodically and revoke unused keys.
Watch email & on-account notifications for unknown device logins.
How to generate/find each (quick steps)
A — Generate a Coinbase Pro / Exchange API key
[Sign in to Coinbase Pro (or the exchange product that offers API).
](https://docs.cdp.coinbase.com/)
Go to Profile → API (or Settings → API).
Click Create API Key.
Choose permissions (e.g., view, trade, transfer/withdraw), set a passphrase, optionally whitelist IP addresses.
After creation you’ll see API key, API secret, and sometimes a passphrase. Save the secret immediately — it’s shown once.
B — ### Get your wallet address (to receive crypto)
In Coinbase (custodial): Log in → Portfolio → Select asset (e.g., BTC) → Receive → copy the receive address shown.
In Coinbase Wallet (non-custodial app): Open the wallet → select coin → Receive → copy address or show QR code.
C — Export private key / seed phrase (if using self-custody wallet)
In Coinbase Wallet app when you set up a wallet you receive the seed phrase. To view/backup later: Wallet settings → Backup Phrase / Reveal Seed (this will ask for PIN). Record offline only.
🚨 ### If something is compromised — immediate steps
API key leaked: Revoke/delete the key immediately in your account settings. Check account history and remove any IP whitelists you didn’t set.
Exchange account compromise: Change password, revoke sessions, enable/confirm 2FA, contact Coinbase support immediately, and report suspicious withdrawals to law enforcement.
Seed phrase / private key leak (self-custody): Move funds immediately to a new wallet with a newly generated seed stored securely. (If attacker already has keys, do it fast.)[https://docs.cdp.coinbase.com/](https://)
coinbase wallet
coinbase key
coinbase api key
coinbase private key
coinbase security key
coinbase wallet recovery
coinbase key management
coinbase key setup
coinbase key lost
coinbase key protection
coinbase security tips
crypto wallet safety
protect coinbase wallet
coinbase account recovery
coinbase scam awareness
coinbase fraud protection
coinbase customer support number
coinbase recovery phrase
secure coinbase login
two factor authentication coinbase
