Topic: Is Coinbase noncustododial wallet recommendable? (Read 277 times)

I beg to disagree here. A beginner who doesn't understand Bitcoin should first take lessons and build their knowledge before owning any at all. The purpose of owning a wallet is to send and receive bitcoins, and someone who does not understand how it works should not be doing that.
Choosing to get into Bitcoin means you've foregone your convenience and decided to be your own bank, this comes with a level of responsibility.

Point in case.

With step by step guidance, it would be possible for anyone to actually understand how it works. You don't have to grasp the still concept of how wallets work and how the keys are generated;
• How to back up your seed phrase (Fairly easy to do)
• Broadcasting transaction (With guidance, possible to do)
• Customize fee (You ideally should get to do this in whichever wallet you choose, and it's easy to do with guidance)

The Coinbase wallet we are emphasizing about is a noncustododial wallet but which should not be recommended as Coinbase is misleading people.

For beginner bitcoin user, I do not think if a reputable wallet like Electrum is hard to use, just that beginners can not understand all its features unlike an advanced users. But to generate a wallet, backup seed phrase, send and receive coins with customizing fee are not hard to understand.

A single glance at their "learn" section presented on their website and especially at the section about wallets is sufficient to never ever trust them with your funds. When comparing the security that different types of wallets provide, they come to the conclusion that the safest type is a CUSTODIAL wallet where users have no control over keys. Why? Because in the case of custodial wallets (Coinbase call them "hosted" for some reason) users are "protected" by a third party, and they can request a forgotten password in case they lose their backup. The only "drawback" of using custodial wallets, which they mentioned, is that users "can’t access everything crypto has to offer.“ I don't know what that means, though. I only know that this is hardly the only drawback. Non-custodial wallets (which they call "self-custody" to perhaps scare off users by emphasizing that they have to be responsible for their own keys while not stressing the fact that there is no party who controls the funds, which would sound more impartial for Coinbase.) are less safe than custodial ones because if you lose your private keys, there is no way to access your funds, and no company in this world will be able to help you in recovery. What do you think, according to Coinbase, is the least secure method of holding keys? Right, hardware wallets that, again according to Coinbase, "most people don’t use" because of complexity and cost, that are very "inconvenient to use compared to a software wallet, and they can cost upwards of $100 to buy."

Everything in life have two sides, pros and cons. For beginners, who don't know how Bitcoin works, it's not too bad for them to begin with centralized wallets or custodial wallets. It is good enough if we consider it in terms of convenience and early gates for them to expose to and get access to Bitcoin. The convenient use helps them to get very first experience which will be important to keep them staying or leaving.

Points are, what will they do after first experience with centralized exchanges or custodial wallets ? Only few of them will be exposed to good resources on DEX, non-custodial wallets and reasons why they should use such ones.

It's not too good to expose newbies with complicated things that possibly barriers for their access to Bitcoin. As old Bitcoin users, I feel it is easy (and I believe you feel the same) to use non-custodial wallets, from creation to backup, recovery, broadcast transaction, customize fee, etc. but I do know how complicated it looks like at beginning.

Another concern people should always have when it comes to light wallets (which in this case is at the bottom of the list due to more serious issues) is the server they are using. Doubly so if they are closed source. In this case you may have control over your keys but you may not be the only one with access, the company could also have all your keys!

The only case I could see Coinbase being useful is their custodial wallet (the account you create on their website) for the absolute beginners who have a hard time grasping how bitcoin works. They can give up their privacy, control, security,... for the convenience that Coinbase provides and the ability to easily buy bitcoin. They can always learn more in the future and move away.
But if someone has gotten over that hump, there is no reason to use anything that Coinbase creates! Including what they claim to be non-custodial.

I don't know why a centralized exchange like coinbase give a wrong perspective on their true representation, they've got to understand why many users have preferred the use of non custodial wallet and think they can derive a means to convince them that they can as well get a non custodial wallet from their reputable exchange brand name (coinbase) just because they generates seeds phrase, and one thing I've observed they aimed at is to have their main targets on the newbie users because they might not easily get to understand their logic here except the experienced users.


I've heard of about two different attacks on centralized exchanges like coinbase and metamask within the space of last two weeks and threads were created about them on the forum, but i hardly hear i case scenario of how a decentralized exchange got attacked, personally I don't like centralized exchanges and I advise people to take heed because of the vulnerability to attacks like these and now this time, they are bringing up their web wallet in disguise as a non custodial wallet for people to fall in, coinbase is purely centralized 100% and there's nothing they can do about it in deceiving users because their bubbles will always get bursted here on bitcointalk.


A true non custodial wallet which is also open source, like open source hardware wallet or airgapped cold wallet on electrum are more secured already and i see no need to the use of fingerprint, because they might thought of user preference in this regards but we are not talking about fashion in dealing with security here.

Not forgetting that they have some terms of service and privacy policy you have to agree to right before you create your new wallet.



When you look at their privacy policy. They actually collect your data. So if you are a person who uses a noncustodial wallet with the hope of having some privacy. it's not possible with coinbase wallet. They collect all your data, IP addresses etc

https://wallet.coinbase.com/privacy-policy

If you read the OP messages the wallet was downloaded as an experiment and to be reassured on what was discussed in this thread.
I am sure no privacy enthusiast will like how Coinbase operates ever since the US sec has set certain rules and regulations for Cryptocurrency exchanges that operate in the US.

Coinbase has a slot of shady things going on lately and I believe your friend was unable to sell the coins because Coinbase makes a profit through your friend's coins. This is the reason why it is not advisable to save coins on an exchange site.

I have just done this now because I remember I can decide to do later backup



Although, there is a warning there, but it would have been better with the warning and no later backup. I noticed this also on close wallets like Coinomi before I stopped using it. I also noticed this on Atomic wallet while also being close source.

I doubt they would do this as I can't see the incentive to. If they do not care about user privacy or value it, then they would not want users to get more autonomy.

There's also the fee which is charged when transferring Bitcoin out of their platform. It is claimed to be estimated based on the current transaction fee rate, but is usually "adjusted" to prevent delays, they very well could be earning through that means as well

Slight tangent, but can we call closed source wallets non-custodial? We have no idea what is going on behind the scenes, we have no idea if the seed phrase is pre-generated by Coinbase or is sent to Coinbase for "storage", we have no idea if anyone else has access to your private keys, and so on. Although you can export your seed phrase, it doesn't necessarily mean that you are the only person with control over you coins. So is it truly non-custodial?

In terms of the back up, last time I discussed this wallet it emerged that it is entirely possible to create, fund, and use a wallet without ever even looking at the seed phrase, and then losing all your coins if something goes wrong. Has this changed?

But no, I wouldn't recommend it. Closed source, poor security, no privacy, lacking many features, owned and operated by one of the least moral and scummiest companies in the crypto world. There is no good reason to use it.

Why use coinbase wallet when I cant even use its exchange, I dont like Coinbase and its services for different reasons, a friend in the USA was unable to sell some coins at ATH because coinbase won't just let him and after the coin dropped in value things start working again.

That's the impression I get, I think I mentioned it recently that I believe exchanges would gain a little more respect if they ditched the option of long term holding on their websites altogether, and while not forcing users to lose their money if they don't remove it, but I think by encouraging users to move it to a non custodial wallet, they'd automatically in my mind become a little more respectable, since they're actively encouraging their users to follow good security practices.

Although, what Coinbase has done it seems is leverage that to try, and promote that sort of idea, without actually providing better security since of certain implementations such as the fingerprint, also the fact it isn't open source, and I also don't like the idea that they do push the user to use their exchange. So, ultimately to me this just looks like giving the illusion to users that its more secure, when it likely isn't.

I personally would never have used a coinbase platform and as such would not have recommended it at all.

With the evidence provided in your thread, I definitely would not recommend it, the non custodian wallet seems like a way to make users who are somewhat bothered about their privacy and custody to feel in control while using their service, more like a marketing strategy against the: Not your keys; Not your coins campaign.

There are lots of efficient non custodian, open source wallet options out there, one doesn't have to settle for a web wallet.
Newbies might be tempted to go for this, in search of convenience; I've many times suggested electrum to new Bitcoin enthusiasts, and many of them were stressed out about how (presumably) complicated it was, and many of them eventually fell back to centralized platforms like coinbase.

No, when you compare it to other alternatives, then no for the reasons you've already kind of touched upon. They recommend poor security implementations, which is reason enough for me to stay clear, and not recommend others to use it.

Other than that, I don't trust Coinbase with my information, and due to its closed source nature, you don't know exactly what they're collecting, even if they've claimed to not collect anything invasive.

At the end of the day, the biggest factor for me is there's already wallets that do the job good enough, and are open source, and verifiable. Plus, also aren't branded, so aren't pushing a certain usage. There's a very limited usage of a wallet like this, and that's new users who aren't quite familiar with how Bitcoin works, and therefore the integration with their exchange might actually benefit that type of user, although to be honest I still wouldn't recommend that, and would prefer education how proper storage, and usage.

Because of this thread, I downloaded Coinbase wallet again for review, never mind I have reviews about the negative aspect of it.

Note: Coinbase.com is the custodial wallet with exchange feature
           Coinbase wallet is the noncustodial wallet that generate BIP39 seed phrase
           Coinbase Pro, not related to this write-up but worthy to know that it is Coinbase exchange (custodial exchange)

Coinbase wallet supports more than bitcoin, it supports as many as possible altcoins but this is about bitcoin and a reason to decide either to use it or not.

---

I decided to download Coinbase wallet app again which is a noncustododial wallet and also generate BIP39 seed phrase with native segwit (p2wpkh) and legacy (p2wpkh) derivation path. I remembered the first time I downloaded it, it was because I wanted to be certain if it uses BIP39 seed phrase and follow the correct BIP44 (legacy) and BIP84 (native segwit) derivation path which are m/44'/0'/0'/0/0 and m/84'/0'/0'/0/0 respectively, it was actually the case. But these are what I noticed about the Coinbase noncustododial wallet:


No change address support (correct me if wrong)
What I noticed during that time when I first downloaded Coinbase wallet and also this time was that and is that I can not change my address on the wallet, only one segwit and one legacy address was given. I do not and I can never send bitcoin to any of the address generated by the wallet because the wallet is close source and I do not know if the address will change if I send coin to the address but I doubt that. A close source wallet is not recommendable.






From the image above, only two addresses are given, no way to change the two addresses to other addresses. Another option of payment which is through username would be in a way any of the two addresses would be funded as it is a noncustododial wallet, but this suggests how the wallet is not even a mobile wallet but a web wallet which is the most vulnerable amoong online wallets. I clicked on the settings icon at the bottom right side of the GUI and I scrolled down to see 'sign out', this more points to that, definitely it is a web wallet.






Fingerprint recommendation, oh no
One of the worst feature a wallet should recommend is fingerprint or other biometric means of access, Coinbase wallet suggest users to use fingerprint means to access the wallet which is not recommendable at all, the best is to just go for pin. I wonder how it would be easy for an attacker to eaily use Coinbase wallet owner's fingerprint to access the mobile device and also access the wallet to steal coins. Remember you can be living with an attacker, fingerprint will make the work much easier to steal your coinns.



Backup on drive, like Google drive
What is Google drive? A cloud-based storage solution. Coinbase wallet recommend backups on online cloud. We see recently how someone using metamask lost such much as online attackers gained access to his iCloud, this is a very wrong idea. There is nothing better than to have offline backup like on paper or steel sheet and have the backups in two or three different locations.

Hackers steal $655K after picking MetaMask seed from iCloud backup






Encouraging people to connect Coinbase.com to their Coinbase wallet
Governments do not want privacy to be possible, they want noncustododial wallet addresses to be connected to the custodial exchanges or custodial wallets people are using, this will later be a simple means to link noncustododial wallet with someone's custodial wallet. Some wallets like Coinbase are making this even eaily possible even without the government and regulatory bodies while people are falling for it.