Author

Topic: [2019-02-15]Coinbase Users Can Now Backup Private Keys (Read 234 times)

hero member
Activity: 1680
Merit: 655
-snip-
How many users do you reckon would use the same password for their email and their Coinbase wallet (and everything else, for that matter)?
I'm not saying that they do have the same password for their email and Coinbase account. But storing it in a cloud which has the same log-in credentials as your email is something to be a concern of, so nobody will focus on looking for what your password for Coinbase is as they will have easy access for your private keys in your cloud storage. I don't know how they will store your private keys in the cloud storage but I do think it's much safer if they use a private cloud storage of their own.
legendary
Activity: 2170
Merit: 1427
When was the last time you heard of a bank losing hundreds of millions of dollars of customers' money? Plus in most developed countries banks are insured against such losses anyway.

To say you don't trust banks, which are incredibly secure and insured, to hold your money, but you do trust anonymous, uninsured and often unsecured crypto exchanges is absolute madness to me.

Exactly! The only thing that makes me fear about the money I have in my bank account is related to governmental instability, and not the bank itself.

I remember a local case where an old lady was phish'ed off her funds, and while it was actually her fault, mainly due to ignorance, the bank refunded her in full. This doesn't seem like an evil bank trying to rob you off your money, or does it? This is why people will always want to use banks, they offer you peace of mind.

Crypto has a long way to go. Eventually banks will dig into this market and launch their own trading desks, and some are already working on it.
legendary
Activity: 3024
Merit: 2148
So should we congratulate Coinbase for finally giving out private keys and actually allowing their users control of their own funds?
Not quite. This cloud backup mechanism is for users of Coinbase Wallet, which is an Android and Apple mobile app they have released, which functions pretty much the same as any other mobile wallet with the added functionality of dApp support. You still can't access your private keys for a Coinbase exchange account, which to be fair I can understand - processing individual deposits and withdrawals would become a nightmare if they can't batch everyone's funds together in to a handful of addresses.


What’s the difference between Coinbase.com and Coinbase Wallet?

Coinbase.com a.k.a Coinbase Consumer is a digital currency brokerage - you use it to buy or sell cryptocurrency in exchange for fiat currency (i.e. USD or your local currency). Coinbase Consumer can also act as a custodian, storing your digital currency for you after you purchase it. Coinbase Consumer is available in 32 countries.

Wallet is a user-custodied digital currency wallet and DApp browser. This means that with Wallet, the private keys (that represent ownership of the cryptocurrency) are stored directly on your device and not with a centralized exchange like Coinbase Consumer. You do not need a Coinbase Consumer account to use Wallet and you can download Wallet from anywhere in the world.

And that makes this whole cloud backup idea really bad. Wallets, unless they hold only small amounts for daily spending, should be ideally kept cold, and backups have to be physical - USB sticks, seeds written on paper, keys etched in metal, etc. Storing critical data on cloud in plaintext is insane, storing it encrypted is not a great idea either, because if someone will get it, they'll have all the time they need to try to crack the encryption.
legendary
Activity: 2268
Merit: 18711
The only positive thing about coinbase is that they are insured
Only their hot wallet, which account for <2% of their total holdings. Their cold wallets aren't insured. Source: https://support.coinbase.com/customer/portal/articles/1662379-how-is-coinbase-insured

Obviously, hacking a cold wallet is a much more difficult task, but isn't outwith the realms of possibility, nor is a coordinated employee theft. The insurance also does nothing to protect against individual account hacks, only against larger attacks on Coinbase itself.


-snip-
How many users do you reckon would use the same password for their email and their Coinbase wallet (and everything else, for that matter)?
hero member
Activity: 1680
Merit: 655
In terms of convenience in mind Coinbase did make it easier to obtain the Private Keys, but the problem is it made it easier for other unintended people to get your private keys. Both Google and Apple cloud storages are connected to your email and emails are the most vulnerable to hacks so depending how smart the hacker is he/she may know where to look for those private keys. Of course chances will increase after them seeing your emails that you do have a Coinbase account or any kind of financial account for that matter as they will know where to look out from the start.
legendary
Activity: 2814
Merit: 1192
Not your keys = not your bitcoins!
If you keep money on exchange it doesn't matter if it's a cold storage or a google drive. You don't own your coins anymore.
The only positive thing about coinbase is that they are insured so in case of a MtGox scenario there won't be such a shitstorm but you will get your money back. At least we can hope it will work like that because with coinbase everything is possible. BCH owners had to wait for months before getting their SV and you still can't trade SV for Bitcoin. Not to mention the shit with BTG which Bitcoin owners still did not receive. I heard people are planning to sue coinbase for holding their BTG.
legendary
Activity: 2268
Merit: 18711
The security can be rock solid, but what happens when the host start to block some accounts ?  It has happened before and it will happen again.
The thing is, we won't even know if the encryption is rock solid because I doubt very much Coinbase will make their process public or open source. What's to say they don't build a backdoor in to the encryption itself so the feds can actually confiscate your coins rather than just freeze your accounts. Or even more simply than that, since you have to provide them the password to be used to encrypt your keys, how do we know they are securely storing the passwords? Some of the biggest online services on the planet, including Twitter and Instagram, have been caught storing passwords in plaintext. Are you willing to bet your crypto that Coinbase is 100% secure, because that's what it comes down to.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
They offer convenience, but giving user false sense of security. There's chance they use weak encryption or vulnerability within their encryption method.

I don't think it is. Why don't they educate people and encourage them to make an offline backup? Google Drive and iCloud is not safe enough to store something like private key even if you've encrypted it.

Because it's not user friendly (something that can be done only with few clicks)

Agreed. I see a lot of comments about people saying that the level of encryption being used on iCloud and Google Drive are very high and that they had no reports of any cloud storage that was compromised in the past.

The problem with these services are the centralized management and decision making of these services. The security can be rock solid, but what happens when the host start to block some accounts ?  It has happened before and it will happen again.

Not your private key, not your coins.  Roll Eyes
legendary
Activity: 2268
Merit: 18711
People hate banks, but trust crypto exchanges, lol. I have way more confidence in banks than vice versa. Cheesy
Agreed. As much as I hate government interference and regulation, when it comes to banks, it's a good thing. Just look at all the exchanges which were hacked because of their awful security or exited scammed. And not just small, two-bit exchanges - several major exchanges very recently such as Quadriga and Cryptopia have lost very significant amount of users' funds. When was the last time you heard of a bank losing hundreds of millions of dollars of customers' money? Plus in most developed countries banks are insured against such losses anyway.

To say you don't trust banks, which are incredibly secure and insured, to hold your money, but you do trust anonymous, uninsured and often unsecured crypto exchanges is absolute madness to me. On the rare occasions I do need to use an exchange, my funds are on, exchanged and off again as quickly as possible.
legendary
Activity: 2170
Merit: 1427
They offer convenience, but giving user false sense of security. There's chance they use weak encryption or vulnerability within their encryption method.

People have been warned over and over again not to allow whatever entity take care of the custody aspect, and they continue to ignore everything.

If something happens, people have only themselves to blame for, and at the end of the day, more coins getting hacked means less direct availability of coin supply. If Coinbase at one point loses all its keys, and thus the +800,000BTC they hold in custody, they have done an exceptional job making sure that a significant portion of the total supply is taken off the market for ever.

People hate banks, but trust crypto exchanges, lol. I have way more confidence in banks than vice versa. Cheesy
legendary
Activity: 2268
Merit: 18711
So should we congratulate Coinbase for finally giving out private keys and actually allowing their users control of their own funds?
Not quite. This cloud backup mechanism is for users of Coinbase Wallet, which is an Android and Apple mobile app they have released, which functions pretty much the same as any other mobile wallet with the added functionality of dApp support. You still can't access your private keys for a Coinbase exchange account, which to be fair I can understand - processing individual deposits and withdrawals would become a nightmare if they can't batch everyone's funds together in to a handful of addresses.


What’s the difference between Coinbase.com and Coinbase Wallet?

Coinbase.com a.k.a Coinbase Consumer is a digital currency brokerage - you use it to buy or sell cryptocurrency in exchange for fiat currency (i.e. USD or your local currency). Coinbase Consumer can also act as a custodian, storing your digital currency for you after you purchase it. Coinbase Consumer is available in 32 countries.

Wallet is a user-custodied digital currency wallet and DApp browser. This means that with Wallet, the private keys (that represent ownership of the cryptocurrency) are stored directly on your device and not with a centralized exchange like Coinbase Consumer. You do not need a Coinbase Consumer account to use Wallet and you can download Wallet from anywhere in the world.
legendary
Activity: 2968
Merit: 3684
Join the world-leading crypto sportsbook NOW!
Cloud storage isn't safe enough to store anything, in my opinion. They have shown repeatedly that security is poor, accounts and servers are regularly hacked, and personal data is frequently accessed and distributed. By using this service, you are reducing the security of your wallet from a private key or a mnemonic seed to a user generated password. Anyone who can brute force your password can access your coins. And we all know how terrible humans are at creating passwords.

This will also give a false sense of security to users who don't understand any better, and encourage people to leave their coins in the hands of Coinbase.

Yeah, really not sure what to make out of this news. In fact, I completely missed out on the news that Coinbase now gives you control of private keys, because as recently as last year I asked a Coinbase user and he had no idea how to retrieve it. In fact, their entry on support still says this incredibly stupid excuse for not giving private keys:

"it's not feasible to provide the private keys to individual wallet addresses; doing so would prevent us from taking advantage of our secure cold-storage technology to protect your funds".

So should we congratulate Coinbase for finally giving out private keys and actually allowing their users control of their own funds?
legendary
Activity: 2268
Merit: 18711
Cloud storage isn't safe enough to store anything, in my opinion. They have shown repeatedly that security is poor, accounts and servers are regularly hacked, and personal data is frequently accessed and distributed. By using this service, you are reducing the security of your wallet from a private key or a mnemonic seed to a user generated password. Anyone who can brute force your password can access your coins. And we all know how terrible humans are at creating passwords.

This will also give a false sense of security to users who don't understand any better, and encourage people to leave their coins in the hands of Coinbase.
legendary
Activity: 2170
Merit: 1789
Is this supposed to be a piece of good news?
I don't think it is. Why don't they educate people and encourage them to make an offline backup? Google Drive and iCloud is not safe enough to store something like private key even if you've encrypted it.
sr. member
Activity: 966
Merit: 264
The famous cryptocurrency exchange Coinbase, based in the US, has officially announced encrypted storage support for their official Coinbase Wallet seed or private keys on iCloud and Google Drive. The announcement was made on Tue Feb 12.

According to a statement, the cryptocurrency exchange indicated that enabling its customers to upload their private keys to cloud strongly averts the loss of keys, which are very hard to find.

Read the details in the article of Coinidol dot com, the world blockchain news outlet: https://coinidol.com/backup-private-keys/

Jump to: