Pages:
Author

Topic: Coinbase Wallet - Is my $ lost because I pressed this one button (dangerous)? - page 2. (Read 506 times)

legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
-snip-
It is really not possible to confirm the user has backed up the seed-phrase beyond forcing the user to check a box saying they have done so. A user could screenshot a seed, or copy it into a notepad document to help them "confirm" their seed is backed up.
I have tested a lot of wallet and those types usually have a "confirmation page" next to the window where the seed phrase is displayed.
There, the user will have to paste some words (2-4) in random positions to confirm that the user did backup the phrase and to check if the backup is correct.

For the trouble of backing up, forcing people to backup IMO has more advantages than disadvantages; people familiar with non-custodial wallets will surely back it up regardless whether it's forced or not, then people who have no idea of a seed phrase will be forced create a backup before they can create a wallet, the issue in the OP wouldn't have happened if this was the case.
Educating the user is good but not all people read what's written in the notes, if the backup procedure is "forced" and they can't proceed, they may as well read what's written in the warnings.

For "testing purposes", I'll just copy paste it to a txt file for easy access, it's not too much of a hassle.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
Based on your story, I don't think your beef is with Coinbase, I think your beef is with either apple or with Uniswap.
The thing that's wrong in their implementation of a "non-custodial" wallet is to let the user create and use a wallet without backing-up the seed phase.
After creating the wallet you'll have the option to select "later" on those important matters like "backup recovery phrase".
Other mobile/online wallets do this but it's usually tied with an account username and password to access the encrypted copy in their server even if the seed phrase wasn't backed-up.
"Good wallets" wont even let the user create the wallet without copying the phrase and confirming the backup.

It is really not possible to confirm the user has backed up the seed-phrase beyond forcing the user to check a box saying they have done so. A user could screenshot a seed, or copy it into a notepad document to help them "confirm" their seed is backed up.

While I do agree that user should backup their seeds before using their wallet to hold any substantial amounts of coin, I am not in favor of forcing people to do anything. IMO it would be superior for a wallet to educate users as to the importance of backups and let them make their own decisions. I'm sure there are lots of situations in which people will 'test' wallet software with smaller amounts of coin to see how they like the UI, and might not be inclined to make a serious effort of backing up their seed. Allowing for the "later" option for when a seed will be backed up (along with a stern warning) might result in some additional wallets being backed up.
newbie
Activity: 6
Merit: 20
Thanks all for taking the time read this.  Sincerely.  And I appreciate the feedback and insight.

I have recently been able to get back into my Wallet and connect it to my Coinbase account, and scroll through coins, and see my values etc...but the Seed phrase still won't show.  It is unclickable.   And the Wallet times out with transactions (even to my Coinbase account which it lets me link to with 2FA) so something is still off.  And in the end, the Seed phrase has yet to have ever been provided to me.  And if that is the one and only fail safe for a product that seems like it knows ahead of time it will lose your private keys on your device, then it must be better executed.

Trust Wallet does a good job.  I checked that out.  It makes Coinbase look like a con job.  In fact, the more research I have done the more negligent and dangerous I find the Coinbase product to be.  I believe they even slapped their brand name on someone else's Toshi Wallet which is always a sign.

I too would like to make very shitty products and then blame the customer for his stupidity and ignorance, but this isn't a microwave.  This is potentially people's financial lives.  Why not just make absolutely sure you actually give the buyer the key and he has them in his hand before you ride off into the sunset.  Don't leave it in the grass and motion to it.  Don't mumble.  If he knew they were there and he was going to get locked out, don't you think he would take them???  Physically show it like other companies do.  Produce it in reality rather than wishful thinking.  Is that too much to ask?  It is common sense and required in every other industry.  And if you really want to get a gold star do what the other companies do and have them re-arrange the Seed or something just to be extra sure he saw it.  But to never ever show it.  To bury it in the backend and then have it grayed out?   It is not a question of the consumer being "too" eager to use a product.  Maybe I was but people aren't going to change.  The shitty app design is what needs to change.

In the end, I think Coinbase is the eager and careless party rushing a reckless product that lacks common sense and is below industry standards.  With any financial service product comes great responsibility and the "blame the customer" model is a poor business trajectory.  Especially when so solvable.

Coinbase never showed the Seed phrase and therefore never provided it before the app crashed.  That is a problem.
HCP
legendary
Activity: 2086
Merit: 4363
Ouch. It was painful to read that... Undecided

Sadly, a not uncommon occurrence... users skipping through setups, eager to play with their bitcoins (perhaps a little too eager?)... not reading everything perhaps as well as they should... perhaps not taking the time to understand exactly what it is they're doing... or how the wallet/app works Undecided

Roll forward a little bit and some unforeseen event occurs (hardware failure, OS update, lost phone etc)... and suddenly, they're looking for information that they skipped over Undecided


Being your own bank affords some great freedoms... but also demands some great responsibilties... Crypto can be really unforgiving of "minor" mistakes.
legendary
Activity: 2730
Merit: 7065
It's a sad story, and although I agree with what you and nc50lc said about the possibility of saving the seed for later, ultimately, it was you who was careless and didn't take proper care of your sensitive information. You went with convenience instead of security. The secure way to do it would be to make multiple copies of your recovery phrase and store them in different locations. After that, you could have tried to restore your wallet to see if you wrote down the seed correctly and it's recovering the correct addresses.

The fact that Coinbase can't help you to recover your seed is exactly how the system is set up to be. Imagine if customer support representatives had access to seeds, what would be the point of Bitcoin and a non-custodial wallet?

I hope you will find a way to recover your money and never make shortcuts like you did with the seed phrase.  Undecided 
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
Based on your story, I don't think your beef is with Coinbase, I think your beef is with either apple or with Uniswap.
The thing that's wrong in their implementation of a "non-custodial" wallet is to let the user create and use a wallet without backing-up the seed phase.
After creating the wallet you'll have the option to select "later" on those important matters like "backup recovery phrase".
Other mobile/online wallets do this but it's usually tied with an account username and password to access the encrypted copy in their server even if the seed phrase wasn't backed-up.
"Good wallets" wont even let the user create the wallet without copying the phrase and confirming the backup.

So I confidently tried Coinbase Wallet... and it loaded..for a moment...before flashing an error message:  "Failed to retrieve keys, please sign in again (Error Code -25300).  Two buttons overlayed above my account that show values updating in real time: Sign Out or Retry.  I have "Retried" a hundred times but it just flashes the same message.
Some restored files in your phone must be corrupted and it's a common thing in file recovery.
It's a non-custodial wallet so the corruption might have affected your keys that were saved in the device.

I don't use iPhone but try to contact your "friend" if he can make a backup of your phone, some keys may still be somewhere in the app's data, the problem is finding out where to find them.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
You may be able to access your old keys/seed if if you can access your old backups from your iCloud account.

Based on your story, I don't think your beef is with Coinbase, I think your beef is with either apple or with Uniswap.
newbie
Activity: 6
Merit: 20
I have been a user of Coinbase and Coinbase Pro for years, so when I decided to try a Wallet with them I think my gravest error was perhaps being too comfortable with the brand and services -- and it cost me $15,000...and growing...

It began with excitement to try Uniswap.  I looked at the wallets that could link and there I saw one by Coinbase.  Great.  They have been my loyal crypto bank for years.  So I excitedly downloaded the App and created a wallet.  It asked me to create a user ID, a pin, plus another thing I could "Save for Later."  I plowed ahead and the wallet worked well.  It used my biometrics to open and close and transfers happened almost instantaneously between my CB acct and the Wallet, like Coinbase Pro does.  It seemed like another great product that linked my accts together and I was in good hands.  So I transferred more funds into it.  And then I transferred more funds...

Until one day after my iPhone auto-updated, when I tried to open my Wallet it asked me to create a new Wallet or use a back up.  Back up?  I touched my thumb to the pad again. Why isn't it opening like usual?  My stomach started to sink.  Is this Keys and Back Up thing they now want, could that possibly be, the seemingly random action that I was able to click past and "Save for Later" when first setting up my account?  I think you know where this is going.

I am not totally unfamiliar with Seed Keys.  I had a Nano Ledger in the day and that product made you very aware of your Seeds.  It was impossible to even begin to use the product without them.  I used Trust Wallet and it made me go through an entire process of re-arranging the Seed words before I could even proceed with the account, all helping me as a consumer understand the significance and importance of the process and making sure I did not proceed carelessly.

Upon realizing that Coinbase was not one of the aforementioned quality providers of Seeds, I started to have a panic attack and after convo with tech friend decided to restore my iPhone to before the update.  (Note: While restoring iPhone I had to "Save for Later" about a half dozen actions like Siri, Apple Wallet, other add-ons and extras like we often see).  Once updated, I waited for the apps to load.  Then I held my breath and first tried Coinbase main app.  It opened automatically with my fingerprint.  Bingo.  Then I tried Coinbase Pro.  It also opened with my fingerprint.  I was feeling hopeful!  So I confidently tried Coinbase Wallet... and it loaded..for a moment...before flashing an error message:  "Failed to retrieve keys, please sign in again (Error Code -25300).  Two buttons overlayed above my account that show values updating in real time: Sign Out or Retry.  I have "Retried" a hundred times but it just flashes the same message. 

I can't get past the error message yet I can see my coins in the wallet, the values updating in real time, as a reminder of how much I failed my family and myself, and about how much Coinbase failed me.  In trying to protect the sacred Keys from some villain in a virtual world, they failed to protect me, the long-standing customer, an average person prone to digital overload in the real world.

I wrote Coinbase promptly and they kindly told me they would transfer me to a Specialist.  After several days I got a copy and pasted email of the same canned fine print from the website about how the Seed Keys are my sole responsibility and essentially that my funds are gone.  What Seed Keys, I said?  You never showed them to me.  Literally.  I don't know where they resided in the app.  I submit that is a problem.  As I long time customer of Coinbase, I am very disappointed and believe that my trust in the company is partially what emboldened me to press "Save for Later."  It was like buying a trusted name brand.  It is why I chose their wallet in the first place.  I know we can point fingers and say, welcome to crypto, dummy!  Or...you are an idiot!  Trust me, I know!  But I can't help but think how easily Coinbase could have and should have protected people like me with better processes that are at least up to industry standard.

One problem is I sincerely don't believe Coinbase cares about me or my business.  If they did, they would have put more than five seconds into making sure this cannot happen so willy-nilly.  As an example, even when you delete an account from Google Authenticator it says it is holding onto it securely for 48 hr hours.  And I can't even proceed into some exchanges without setting up 2FA and authenticating all my credentials simultaneously.  Yet CB allowed me to unknowingly hand over the keys (excuse me, throw away the keys) by pressing "Save for Later" and an auto-Apple Update... while providing the illusion through a pin and biometrics that I was secure.

Long story short (too late)...Is there any possible way to retrieve the keys or do a workaround since my phone pretty much opens it up but just can't get past the error message?  Is there any action at all to take?

Moreover, I want Coinbase to make sure they fix this issue by adopting industry standards with protocols for Seed Key distribution so it never happens again to anyone else.

Any ideas toward any of these is very welcome!

"Save for Later"



Pages:
Jump to: