Author

Topic: Do I need a Coinbase Wallet, as well as the Coinbase account? (Read 275 times)

legendary
Activity: 2380
Merit: 5213
I just read about the open-source Exodus wallet.
ONLY on a desktop (not mobile), but Desktop is what I want anyway.
Any reason to Not go with Exodus?
As far as I know, exodus isn't open source. Both desktop and mobile versions are close source.
I have used exodus before (only for holding some altcoins in short term) and honestly never experienced any problem. Also, I haven't ever heard of any security issue with exodus till now. But since it's close source, I still wouldn't trust it, especially for long-term holding.

For ethereum, you can also try metamask.
newbie
Activity: 15
Merit: 6
Right, Hoss, cannot use Electrum, because I need ETH.
OK, I'll Trust that...  wherever I get a wallet from, They won't save the seed-phrase.
My paranoia is probably overkill.

Do not yet want to spend $ for the Hardware wallet. 
Hopefully, I'll soon get Big$, and Then I'll get one of those.

I just read about the open-source Exodus wallet.
ONLY on a desktop (not mobile), but Desktop is what I want anyway.
Any reason to Not go with Exodus?
legendary
Activity: 2380
Merit: 5213
I need ETH, 'cause I plan to sell NFTs on Opensea, earning ETH.
For ethereum, you need to use another wallet.
The best is to buy a hardware wallet like Trezor. It's open source and can provide the maximum security.

There are also many multi-currencies wallets. But the problem is they are close source.


May I instead create my own seed-phrase, like
ThisIsMySecretPhraseThatNobodyButMeKnowsBecauseIMadeItUpAllByMyself
Technically, it's possible to force electrum to do so. But since that's not a standard seed phrase and you won't be able to generate a same wallet using other wallets, that's not recommended at all.
If you want to have a valid seed phrase with your selected words, you must select 11 words from BIP39 wordlist and brute-force the 12th word.
Of course, it's not a recommended method and you should let the seed phrase to be generated by electrum. Humans are not good at generating random data.


Are there Any ETH wallets that would allow me to do that?
For ethereum I don't think there's any.
Again, it's not recommended to have a seed phrase with your selected words, even if it's possible.
newbie
Activity: 15
Merit: 6
Crap.  I looked at Electrum, and it deals only with BTC.
I need ETH, 'cause I plan to sell NFTs on Opensea, earning ETH.
Crap.

Regardless, this is quite Interesting and Educational.  I'm in.
Re: Electrum, I'd download the Installer to my Online machine, copy it to my Offline machine, then run it offline.
That Installer includes the 2048 words to choose from.

May I instead create my own seed-phrase, like
ThisIsMySecretPhraseThatNobodyButMeKnowsBecauseIMadeItUpAllByMyself
Are there Any ETH wallets that would allow me to do that?
legendary
Activity: 2380
Merit: 5213
* actually a checksum is also made (and Electrum adds its own version info too) so at least the last word may not be exactly random, still the explanation can be seen as a simplification, not too far from reality.
In an electrum's seed phrase, all words (all 132 bits) are generated randomly.
Electrum's seed doesn't have a checksum same as a BIP39 seed in which the last 4 bits are checksum.
Electrum only checks the first 8 bits of the hash of the seed phrase to see if it can be a valid seed phrase.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
NeuroticFish, thanks for that link.  
That explains the process almost as clearly as You just did, but still...  
When ORIGINATING / CREATING a non-custodial wallet (for the intended Offline machine),
that machine MUST go momentarily online for that creation process.  Correct?
Or am I still missing something?

Aahhh...  I just read the reply from Jerome...
With Electrum, I can create my own 12-word-seed-phrase (or any other text?).
Now, THERE's the answer for paranoids like me.
Nobody except ME will initially see that source seed-phrase.

Am I clear, now?    Roll Eyes

At creation, a new random seed is generated. Basically a random set* of 12 words from this list is picked: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt
It's not your own list of words, but you can add custom words though to it if you want.
It's ... random. For generating random numbers (or lists) a computer doesn't need to go online.


* actually a checksum is also made (and Electrum adds its own version info too) so at least the last word may not be exactly random, still the explanation can be seen as a simplification, not too far from reality.
legendary
Activity: 2380
Merit: 5213
that machine MUST go momentarily online for that creation process.  Correct?
No.
It's not that the seed phrase is generated by a third party and is given to you.

Any seed phrase is only a representative of a large random number.
For generating the seed phrase from that random number (which can be generated by your operating system), you need to use a tool like electrum. You can even do it yourself, if you have enough mathematical skills.
Electrum doesn't do anything more than this when creating a wallet and doesn't have to be online.
All the process of generating the seed phrase can be done offline and developers don't have any control over your seed phrase, your wallet file, your transactions, etc.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
Aahhh...  I just read the reply from Jerome...
With Electrum, I can create my own 12-word-seed-phrase (or any other text?).
Now, THERE's the answer for paranoids like me.
Nobody except ME will initially see that source seed-phrase.

Am I clear, now?    Roll Eyes

Electrum can be used to generate a 12 word seed phrase even if the machine is not connected online. This could be donr many times you want offline. If you want to receive bitcoins, you can also leave it offline and use other machine to go online and send the wallet address ti receive. It's up to you to keep that 12 word seed safe and the password.
newbie
Activity: 15
Merit: 6
NeuroticFish, thanks for that link. 
That explains the process almost as clearly as You just did, but still... 
When ORIGINATING / CREATING a non-custodial wallet (for the intended Offline machine),
that machine MUST go momentarily online for that creation process.  Correct?
Or am I still missing something?

Aahhh...  I just read the reply from Jerome...
With Electrum, I can create my own 12-word-seed-phrase (or any other text?).
Now, THERE's the answer for paranoids like me.
Nobody except ME will initially see that source seed-phrase.

Am I clear, now?    Roll Eyes
legendary
Activity: 2338
Merit: 1261
Heisenberg
I MUST go online to Receive the seed-phrase in the first place,
and that seed-phrase is sent to me along with the wallet number.  Correct?

Thus, THEY (the wallet vendor) have (or had) all relevant details.  Correct?
Good wallets like Electrum can let you generate a seed phrase even without you being connected to the internet. You can't do this with a wallet like coinbase wallet you were talking about.

Quote
So, to be Really Safe, we must get only open-source wallets.  Correct?
Open source wallets are usually transparent. You get to know if there is malicious code in the source code or not. With close sourced wallets, you are not sure what they do with your seeds, let say when you try to import your account.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
When originating a non-custodial wallet (that will be forever offline / cold / air-gapped),
I MUST go online to Receive the seed-phrase in the first place,
and that seed-phrase is sent to me along with the wallet number.  Correct?

A cold wallet NEVER has to go online. You said it. then why would you still go online with it for whatever reason?
You've missed something.

When a wallet is created, a HD wallet, a random seed is generated for it and the private keys and addresses are generated based on that forever. No need for anything online.
If you want to properly use a cold wallet, you need a companion watch only wallet on another device, online.
The link between the two is made through master public key.

The online wallet has all the info to create transactions, but cannot sign them because no private keys available.
The unsigned transactions are transferred to the cold wallet, you sign them there, transfer back to the online wallet and broadcast them.

As you see, the cold wallet remains offline. Its only use is to sign transactions. It won't have up-to-date balance info, for example. But the watch only, online wallet, will have the correct balance and that's good enough.

More details here: https://electrum.readthedocs.io/en/latest/coldstorage.html
newbie
Activity: 15
Merit: 6
Apologies if I'm beating this subject to death, but...  many years ago,
I was programming Assembler language on IBM mainframes...  I'm detail-oriented.

I've read and understood all of the replies.

When originating a non-custodial wallet (that will be forever offline / cold / air-gapped),
I MUST go online to Receive the seed-phrase in the first place,
and that seed-phrase is sent to me along with the wallet number.  Correct?

Thus, THEY (the wallet vendor) have (or had) all relevant details.  Correct?

So, to be Really Safe, we must get only open-source wallets.  Correct?

Hosseinimr93 and Findingnemo, how is Electrum different from that scenario?

Smartvirus, you're assuming that I did delete that photo. 
Similarly, I'm assuming and Trusting that the wallet creator / vendor Did Delete (or never saved) the seed phrase. 
Hey,...  if the vendor (i.e. Coinomi) is stupid or crooked, crap could happen. 

Cool.  I don't understand Why (I'm only Asking questions, not Answering), but some people gave Me merits. 
Thanks.  I gave one to Jerome, but his count remained the same.  ?  Ah, well.

Thanks very much for your expertise, people.
legendary
Activity: 1554
Merit: 1139
And another question:
If that 12-word-seed-phrase COMES FROM Coinbase, then How can they say that they don't KNOW that phrase?
THEY Created it !
I'm just playing devil's advocate here, thinking of Possibilities.
I'll put it simple in this scenario.

Supposing you did take a photo with your cell phone, you send or paste it on any media and then, you delete it from your device. Now, you have the photo on that site, platform or media but now, you don't have it on the source media, neither do you have a way of regenerating that same photo.

It's almost the same thing with seed phrases and private keys. In order to ensure its that discrete and to maintain a high level of privacy and transparency, the seed phrases or private keys comes without any backup. This is why your always warned to write it down, keep it private and ensure it never goes missing. To ensure you took a means to follow up on there instructions, your given the chance to verify by a first time usage before getting to access the wallet proper.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
Sheenshane, I think I do understand the difference. 

The question remains... 
Regardless of where the non-custodial wallet comes from (Coinbase, or anywhere else),
THEY create that seed-phrase and send it to me,
so therefore They have (or had at one time) knowledge of that seed-phrase. 
I hafta' Trust that they didn't Save that seed-phrase somewhere.  Correct?

.


First of all Electrum is not creating our private keys, its generated by our OS and it picks the random words depends on what kind of wallet we are creating, and its different for legacy,segwit and 2FA as far as I know so you can trust that only you know the keys and that's why you have to keep it safe and never let it go online.
legendary
Activity: 2380
Merit: 5213
A programmer can see the Open-source code,
to hopefully determine if they are saving that seed-phrase.  Correct?
Exactly.
For example, when you use electrum, you can be sure that you are the only one who has access to the seed phrase. (Of course, there's still the chance of getting hacked, if you generate the wallet or store the wallet file on an online computer).

A good example showing why you shouldn't trust close-source wallets is coinomi.  
They were sending users seed phrase to google servers. (Click here to see how the vulnerability caused a user to lose his fund)
Coinomi has solved the issue, but we still can't be sure that users seed phrases aren't stored on any server. This applies to all other close-source wallets as well.
legendary
Activity: 1526
Merit: 1359
The question remains...  
Regardless of where the non-custodial wallet comes from (Coinbase, or anywhere else),
THEY create that seed-phrase and send it to me,
so therefore They have (or had at one time) knowledge of that seed-phrase.  
I hafta' Trust that they didn't Save that seed-phrase somewhere.  Correct?

No, I do not think so. There are no "THEY" in non-custodial wallets, just software. The software generates a seed phrase and, if the software is legit, no one else has access to it except you.

Hosseinimr93, THAT's where the Open-or-closed-source attribute comes in.
A programmer can see the Open-source code,
to hopefully determine if they are saving that seed-phrase.  Correct?

Of course. You can look at it that way. I personally do not like closed source (proprietary) wallets, but you know you can run software on an offline (air-gapped) machine as well? Even if you do not trust the creator of the software, your seed cannot leak from a computer that never goes online.
newbie
Activity: 15
Merit: 6
Sheenshane, I think I do understand the difference. 
The Coinbase.com wallet that I now have is Custodial, wherein THEY host it
and have control of it, and there is no seed-phrase for it. 

When I create a Non-custodial wallet (from Coinbase, or from anywhere else),
I'll get a seed-phrase, and I'll control that. 

The question remains... 
Regardless of where the non-custodial wallet comes from (Coinbase, or anywhere else),
THEY create that seed-phrase and send it to me,
so therefore They have (or had at one time) knowledge of that seed-phrase. 
I hafta' Trust that they didn't Save that seed-phrase somewhere.  Correct?

Hosseinimr93, THAT's where the Open-or-closed-source attribute comes in.
A programmer can see the Open-source code,
to hopefully determine if they are saving that seed-phrase.  Correct?

Thanks for the discussion, people.
legendary
Activity: 2380
Merit: 5213
..........I have a custodial wallet and i don't know where it is stored......
Custodial wallets work in a completely different way than a HD wallet. So when it comes to a custodial wallet, there is no seed phrase at all it doesn't make sense to say where the seed phrase is stored.
Whenever you send a fund to a custodial wallet or an exchange, you actually send the fund to an address owned by them, not your own (HD) wallet.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
I would suggest you to use a noncustodial wallet to keep your coins like coinbase wallet, though you can still store them in the coinbase account alone, but it's not safe since you don't own the private keys.
I do not recommend Coinbase to people because instead to download the non-custodial Coinbase wallet they always download the custodial Coinbase wallet. And as you have implied, if not their keys, it is not there coins.

I will better prefer people to use the ones that can not confuse newbies, I recommend Electrum for bitcoin which is online wallet but can still also be used on airgapped devices. For multiple coins (bitcoin and altcoins) better secure wallets are hardware wallets.
hero member
Activity: 1778
Merit: 709
[Nope]No hype delivers more than hope
If that 12-word-seed-phrase COMES FROM Coinbase, then How can they say that they don't KNOW that phrase?
THEY Created it !

I think it belongs to a Coinbase (exchange) account because you said email and password to access, more precisely it is a backup of seed phrases to restore authenticator. Just found information that coinbase once had a 2fa regenerate feature to seed phrases, but it has been disabled for now. (Source)
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
EXCELLENT, Jerome,...  you apparently understood my questions, and you answered very clearly and completely.
Thanks Very Much.
SO...  I see "Merit" under our names... I assume that's like a "reputation"?  How do I add to yours?

And another question:
If that 12-word-seed-phrase COMES FROM Coinbase, then How can they say that they don't KNOW that phrase?
THEY Created it !
I'm just playing devil's advocate here, thinking of Possibilities.
They do not create the wallet but generated using their software and the question is where it will be store?. I have a custodial wallet and i don't know where it is stored so, I made another wallet like electrum, trust wallet and imtoken which those that I mentioned id you keep the mnemonic phrase safely. What I mean is the 12 words. Do a research what is the advantages and disadvantages of custodial wallet and non custodial wallet.
legendary
Activity: 2380
Merit: 5213
There's no way to know because you are using a custodial wallet which they only know about your seed,
There are two different coinbase wallets. One of them is custodial and the other one is non-custodial.
In the case of using coinbase custodial wallet, you are right. You won't have any seed phrase. But in the case you use their non-custodial wallet, it gives you the seed phrase.
legendary
Activity: 2492
Merit: 1232
And another question:
If that 12-word-seed-phrase COMES FROM Coinbase, then How can they say that they don't KNOW that phrase?
THEY Created it !
I'm just playing devil's advocate here, thinking of Possibilities.
Understand the noncustodial and custodial wallets first before asking this question.  There's no way to know because you are using a custodial wallet which they only know about your seed, the best thing is Coinbase generates different addresses after making a transaction. 

If you will ask the private to them they may be refuse it to give because they are a;
Quote
"Coinbase is a hosted wallet service, which means we manage your private keys for you, securing your funds with a password, device confirmation and 2-factor authentication. We take security very seriously at Coinbase and utilize our secure cold-storage technology to protect our customer's funds".
Source
legendary
Activity: 2380
Merit: 5213
SO...  I see "Merit" under our names... I assume that's like a "reputation"?  How do I add to yours?
You can't send any merit. Because you don't have any smerit.
For more information, visit the link below.
Merit & new rank requirements


If that 12-word-seed-phrase COMES FROM Coinbase, then How can they say that they don't KNOW that phrase?
Since the wallet in question is close-source, there is no way to know whether the seed phrase is stored on their server or not.
For more security, you need to use an open-source wallet.
newbie
Activity: 15
Merit: 6
EXCELLENT, Jerome,...  you apparently understood my questions, and you answered very clearly and completely.
Thanks Very Much.
SO...  I see "Merit" under our names... I assume that's like a "reputation"?  How do I add to yours?

And another question:
If that 12-word-seed-phrase COMES FROM Coinbase, then How can they say that they don't KNOW that phrase?
THEY Created it !
I'm just playing devil's advocate here, thinking of Possibilities.
legendary
Activity: 2338
Merit: 1261
Heisenberg
I have a Coinbase.com account which needs only an Email and Password to sign in, but I haven't used it in over three years.
Back then, I bought $20 worth of ETH (which I traded for Privatix -PRIX- which went to $0),
so I do now still have the 42-character ETH wallet ID, but that's the only "secret" number that I have. 
(Coinbase does show me the Value of that ETH ID number, at $0.)
I do not have any 12-word-seed-phrase for that. 
Did I ever have a 12-word-seed-phrase for that (that I've now lost)?  Is That my Wallet?
Coinbase.com is a custodial wallet, which means you don't own the private keys. They only way of accessing it is through email address and password
The 12-word-seed-phrase is not available for this type of wallet

OR does that 12-word-seed-phrase Only come with a Wallet, which is a different thing?
Coinbase has 2 products that can act as a wallet
coinbase.com, which is custodial
and coinbase wallet (https://wallet.coinbase.com) which is noncustodial. The latter lets you back up the 12 word seed phrase, but I am pretty sure the type of the account you have is from the custodial coinbase wallet.


Now, to get back into crypto trading, do I need to also get a Coinbase Wallet, in addition to the Coinbase account?
I would suggest you to use a noncustodial wallet to keep your coins like coinbase wallet, though you can still store them in the coinbase account alone, but it's not safe since you don't own the private keys.

Not your keys, not your money
newbie
Activity: 15
Merit: 6
I have a Coinbase.com account which needs only an Email and Password to sign in, but I haven't used it in over three years.
Back then, I bought $20 worth of ETH (which I traded for Privatix -PRIX- which went to $0),
so I do now still have the 42-character ETH wallet ID, but that's the only "secret" number that I have. 
(Coinbase does show me the Value of that ETH ID number, at $0.)
I do not have any 12-word-seed-phrase for that. 
Did I ever have a 12-word-seed-phrase for that (that I've now lost)?  Is That my Wallet?

OR does that 12-word-seed-phrase Only come with a Wallet, which is a different thing?

Gee, I hope that's not too confusing.

Now, to get back into crypto trading, do I need to also get a Coinbase Wallet, in addition to the Coinbase account?

Thanks very much, people.
Mark228
Jump to: