Topic: Safer to RECEIVE multiple Bitcoin transactions on Coinbase or Ledger? (Read 328 times)

Yeah? You don't need to validate anything.

This is a case of not listening to everything you read on the internet and maybe read a few of the comments. It's reddit, they can take jokes on the bitcoin section, (personal favourite):

ref

I was quite sure that I have seen some news about it and here's the link. I have just checked and I can receive Bitcoin to my unverified account. It is mentioned at the bottom of the Coinbase FAQ.

https://support.coinbase.com/customer/en/portal/articles/2932046-limits-faq

No.

You don't have to verify your identity to send and receive Bitcoins, just to buy and sell them on their site.

The fixed fee you mentioned was correct, that's quite rediculous from them also as it's a few btc that is unnecessary. It used to be nice when they paid the fee out of their own pocket (I used them for a reason then)...

Doesn't Coinbase force its customers to pass through ID verification if they want to send and receive Bitcoin? Not to mention that it is a web wallet so you don't have a control over your private keys. I would consider using a software wallet (Electrum tutorial here) or a hardware wallet. It might take some time for a hardware wallet to sign your transaction but only if you have dozens of inputs. Also, web wallets usually have fixed fees - enjoy overpaid transactions.

I think is safer to receive multiple transaction on coin base, most of my friends use it and I haven't heard them complain about it before. So I urge you to try coinbase

The thing is: Ledger doesn't have the control over your funds. Only the person with access to the mnemonic seed (which should only be the owner of the nano s) can sign transactions (at any time with any software).
If ledger does show wrong information (either because they turn evil or because of network issues) you can always import your mnemonic seed into another wallet and access your funds there.




The 'second source of information' is not only useful, but completely negates any kind of such an attack. This is only the case with a hardware wallet. Not with coinbase 'wallet'.
Just because most people do not know how to stay safe, this doesn't mean that you can't stay safe.

Ledgers hardware wallet does give you the possibility to receive, validate and sign transactions completely independent from any company/service/etc..
Coinbase does not. They receive your coins and show you some numbers they have stored in their database. You are completely relying on them.

Those two approaches to 'only receive transactions' are in no way comparable in terms of safety, security and reliability.

My argument hinges on the fact that with server side validation, most people wouldn't bother to check the transaction on any other sources. I wasn't talking about how Coinbase or Ledger works. The attack would be viable for people receiving transactions (and thus the client forging and providing inaccurate information) and that seems to be the main thing that OP is concerned about.

Of course, Ledger is better in general. But when you're trying to receive transactions, the risk is there.
That's why I'm implying that they are somewhat similar in terms of this. If Ledger shows you the wrong information, I would say that they wouldn't let you withdraw anything.


Yes. Its mostly interpreted by the community as the same thing, could do better on my phrasing though.

---

---

I fully agree that Ledger/hardware wallets are better than Coinbase/Online wallets by far, as a whole. I am only focusing on the discussion on the safety of only when receiving a transactions. Assuming Ledger's web app and Coinbase, both are equally susceptible to server-side validation attack for which the host could modify information that is being displayed inside of the client. While I do agree that having a second source of information is useful, most people blindly trusts what the client says as correct.

Nice. Glad to see you're supporting your community.

Yes, that's true.
Also, ledger gives you a seed so you can put it on an air gapoed computer in electrum and then erase all the data that gets saved on that air gapped device once you have transferred the funds where you want, IE another ledger, a trezor...

If you use electrum with your hardware wallet then ledger can't alter the information you see as electrum takes over.

That's not completely true.
Ledger application does use their server to show information about incoming/outgoing transactions and balance.

But you always can verify yourself whether a specific transaction has arrived (i.e. block explorer).
This does not apply on coinbase. You are given deposit addresses and receive a 'balance' in their database. Since you don't own the corresponding private keys, you don't own the bitcoins.
You can't validate anything. You just rely on their database being intact to credit you the correct amount of BTC when you want to withdraw them.

With ledger, (only) you have the control over the private keys. Therefore you can always validate transactions/balance without needing to trust someone.




This means that ledger could show you wrong information inside their application.
This also means that coinbase could show you whatever they want and still don't let you withdraw anything.




Wallets do not delete addresses because they don't exist on a technical level.
The only thing you eventually could delete is a private key. But since the majority of wallets nowadays are HD wallets (which do not rely on storing private keys; they are being derived) thats mostly not an issue anymore.

If you're strictly asking about the security of receiving transactions, then possibly more on the Ledger. To be fair, Coinbase and Ledger utilise server side validation which requires them to be trustworthy. This means that they can modify the things that they can show you since they have full control over it. In terms of privacy, Coinbase is pretty bad on that. Coinbase has suspended accounts over deposits coming in from questionable sources.

Its common for wallets to display a new address for every transaction. Address reuse has never been encouraged. Wallets do not delete addresses without you doing it.

There is no doubt that hardware wallet is far more secure solution then online wallet, so if you just need to receive BTC and ETH it is better to use Ledger Nano S. On the other hand if you want to trade your coins (convert to fiat), then it makes sense to use Coinbase. There is also question of privacy, so if there is some larger amounts of coins you are receiving in some point service like Coinbase can easily freeze your account and ask for additional explanations on the origin of money.

I would rather trust a hardware wallet that are available 24 hours a day, than sites like Conbase, which is buggy at the worst times. We saw what happens when the price hits a ATH in the previous years.

Conbase also have strict KYC/AML regulations, so they strip you of your pseudo anonymity. 

It is definetely safer to receive transactions directly to your hardware wallet.
Receiving them to an online wallet first only creates additional attack vectors. There is no downside when directly receiving to your ledger nano.

Technically you are NOT in control of your BTC if you have stored them on coinbase.




Ledger generates a new receiving address for each transaction. This is purely done for privacy reasons.
You can receive as much transaction as you want to one single address. Your addresses will stay 'valid'. They do not expire.

You only have to start the application when you want to spend your funds.
No wallet/application has to be opened to receive transactions.

There are new addresses that get generated, the addresses don't change themselves. They're still there, just for privacy reasons, a new address gets generated after each transaction. I have multiple transactions that go to one address on an app and they are still there. As long as you have your seed backed up then send all to ledger.

You might also want to consolidate these inputs at some point by sending a trandsaction including all the amounts that you have recieved to one address to reduce the fees when you have to send (as you can make that transaction with a low fee as you won't be in a rush while just consolidaing your transactions).

Don't use coinbase if you can help it. It's an exchange it's not so secure.

Which way would be safer to receive ongoing BTC and ETH through multiple transactions? To display your Coinbase BTC and ETH addresses and then transfer them all at once to my ledger Nano S?

Or to simply display the BTC and ETH addresses from the ledger?

I am asking because i am not sure how receiving BTC and ETH on the ledger will be because i read that they change addresses everytime and that you need to have the chrome app running for each wallet.

Your help is really appreciated! Thank you