Coinbase security and compromises – an overview

There are many online wallets available for Bitcoin but the leaders in the online wallet sector are undoubtedly, Blockchain.info and coinbase. Both of these companies have received a huge chunk of investments which have provided them the  best possible base to reach out to many users. In fact, blockchain.info has a staggering 2,766,318 users making it the worlds most popular bitcoin wallet. Though it doesn’t have an option to buy and sell bitcoins, it is the most poplar wallet. Coinbase, on the other hand, is not far away with 2.1 consumer million wallets as stated by their website. It also has a feature wherein the user can buy an sell bitcoins, depending on his geographical location which is limited to the United States and 18 other European countries.

coinbase bitcoin wallet security

Coinbase stats

 

Have you ever wondered about how does coinbase secure its funds? Well, they have top notch security and interesting, systematic ways to make their funds secure. In today’s post, we will be covering the security at coinbase, recent hacks and some implementations to keep you secure.

Coinbase:

About coinbase:

Coinbase is one of the leading bitcoin exchanges and wallet services headed by Brian Armstrong, also the co-founder of the company. The company offers its bitcoin buying and selling services in 19 countries and charges a fee of 1%.

It also offers merchant services, and it offers zero fees for the first $1 million transacted and from then on, it charges a 1% fee to convert the bitcoins into fiat currency. They also have a variety of apps which use the coinbase API.

coinvase security overview

Coinbase wallet

 Security:

According to this post on coinbase’s official blog, coinbase shed some light on the fact that they have an insurance from Aon, one of the worlds leading insurance brokers. It is interesting to note that they didn’t disclose it when they obtained the insurance which was in 2013. This insurance might as well be the showstopper due to which more and more people start embracing coinbase. The insurance covers various aspects for bitcoin loss, such as loss of bitcoins due to security bugs, attacks, employee theft etc. But it is important to note that that they wont be refunding bitcoins lost due to negligence of a user, or the users login credentials being compromised. There have been many reports in which few users wallets were hacked. The verge published a post here stating that a coinbase user, Jeff lost 10.6 Bitcoins which were refunded. But he experienced the same issue again and this time, he found out that a new order of $7000 worth of bitcoins had been made and been cleared. He responded to this by taking strong measures to move the funds to a safe offline wallet, but he lost the money refunded earlier when he was first hacked.

Similar hacks were reported by two other users who lost $15000 and $6000 respectively. The first user was refunded as the hack was not caused by his negligence while the other user was not refunded his money because he hadn’t enabled proper security measures such as two-factor authentication.

Regarding the storage of the funds, they store up to 97% of their funds stored in various vaults and deposit boxes spread all over the world. One more engaging feature is that they also distribute paper backups along with the funds. They also have an intriguing feature, the vault, which was released during early july, 2014. It has additional security for outgoing funds such as multi signature technology, delayed withdrawals though which you can delay a withdrawal if anyone initiates it within a specific time frame. This was implemented to facilitate large scale institutions and people who want to store a lot of bitcoins. Though there have been no reports of vaults getting hacked, it is yet to be seen how this feature turns out to be because its just been 6 months since its release. I gave it a shot ans setup a simple vault, with two approvers. It is important to note that we still have no information regarding the security of vaults, hence we will not go into the depths of this. The vault has a delayed withdrawal time of 48 hours which cannot be removed even in times of emergency, and the transaction needs to be approved by a set of people which you need to select while making the vault., and notifications will be sent to your phone and emails. To know more about this, please visit the vault FAQ

coinbase vault

Moving on, the company is very keen on protecting their consumers passwords, and to ensure that they have a good experience, and hence, they leave no stone unturned  by encrypting the wallets, private keys and data with AES-256 standard.

Coinbase only hires employees who have passed a criminal background check to prevent insider thefts. After being employed, it is mandatory for them to have their hard drives and other storage drives encrypted and they must also use screen locking to prevent unwanted access to their workstations. They also have security audits by expert outsiders in addition to the Coinbase bug bounty program, which rewards security researches handsomely(minimum $1000) if they find vulnerabilities in the coinbase ecosystem. Lastly, The passwords of user accounts located in the database are hashed and stored.

Overall, coinbase seems to be a secure wallet provided that the user implements strong security measures such as two factor authentication, a keyword scrambler on their workstation and most importantly use the vault for storing large amounts(otherwise, dont store large volumes of funds) etc. They do give out refunds but if there is a error from the users side, they won’t be refunding. Hence we strongly recommend you to instead, use something much safer for storing funds such as cold storage, paper wallet or a hardware wallet where you can live care free. Otherwise, the buy/sell feature is very easy for everyone, right from the newbie to the pro. Moreover, you need to make sure that you disable your API key if you aren’t using it because it was due to the API key that many hackers have been able to steal bitcoins from users coinbase wallet.

If you already have granted access to any apps, you can revoke it from here. It is highly recommended to also make sure the emails you get from coinbase are secure because if your email gets hacked, you may have to face dire consequences. If you liked this article follow us on twitter @btc_feed

 

 

 

Image(s): Shutterstock.com