Topic: Storing Cryptocurrency in Coinbase Vault Vs Hardware Wallet? - page 2. (Read 519 times)

I've commented in one of your threads related to this and it seems like you are not comfortable on using the Coinbase Vault as you have a lot of questions about it and you are worried about its safety and how it can be hacked by someone else. Maybe I can give you an alternative for your storage problems, if you don't want to buy a hardware wallet and you aren't comfortable with using a service like Coinbase Vault you can always create a cold storage of your own by using an old phone/laptop where you install Electrum and you keep that device offline meaning not connected to the internet at all, in this way you have a peace of mind about any hacks happening from your wallet as it is an offline device.

The whole censorship resistance angle of Bitcoin goes out the window when you're trusting a custodian, specifically a regulated one. Regulated entities answer to the state first and foremost. They will tell your government how much coins you have and give them the funds if they ask hard enough. A storage solution that doesn't even offer you the opportunity to defend against a governmental attacks is worthless.

You mean ''trusted'' custodian like Bitgo, or exchanges like MtGox for example?
Her son could be more trusted than some company, and they can even share control over Bitcoin with some multisig solution, so in case she lose keys her son can always recover the funds.
Why would she keep this away from her family when she is going to die at some point and probably leave coins to here son and family, and dealing with some custodian will only complicate all situation with inheritance.

Can you trust her to write down anything, store and remember codes for her credit cards or password for her email accounts and smartphone?
I don't see why learning about importance of controlling your own coins, keys and wealth would be a bad idea, and it's not really that complicated, except if she is senile and have alzheimer's.

For her sake, yes. For the sake of Bitcoin's existence and future, no way. We have to look at the long-term effects of those things and they are surely not positive if we end up recommending custodial and trusted wallets. Bitcoin wasn't made for us to become rich but for us to be financially free. By promoting and advertising companies that do against Bitcoin's fundamental ideas, we're supporting Bitcoin's enemies.

If the woman doesn't care about third parties, then it makes no sense first of all to purchase Bitcoins. There are options out there like Revolut and eToro that let you purchase just the value of BTC instead, but I think supporting them is just as bad even if it's just for speculation.

At that point... she is effectively just trading one set of risks (fiat depreciation, govt control etc) with another set of risks (volatility, lack of govt control, possibility of govt control in the future, trustworthiness of centralised service etc).

Given that they're basically indicating that they don't appear to care about the whole "financial freedom" part of the Bitcoin equation, I'd have to question why they want Bitcoin in the first place? It would seem they were just wanting the "Big Gains"™ that everyone talks about (which come with the "Big Risks"™). Given that they're "elderly"... that is probably not the proper risk profile if they want to guarantee that something is left for children/grandchildren


Also... define "trusted custodian"? Do you just mean "Big Name Exchange"™?

I'm sorry for hijacking this thread a bit but my question is still well within context so no need for another thread.

Would you guys ever recommend using trusted custodians when the situation seemingly calls for it?

Supposing the elderly mother of a friend suddenly gets curious about Bitcoin and after a few briefing on its risks and all, she has finally decided she wants a significant portion of her wealth converted into Bitcoin for long-term safekeeping, mainly against perpetual fiat depreciation, for her children and grandchildren. She wants to keep her decision from any of her family.

Supposing you cannot trust her about writing down and hiding away seed words since she even looks for her eyeglasses when she's wearing it. Supposing she doesn't care about anonymity, dealing with a third party like a bank, and her funds could easily fall within a crypto custodian's insurance limit.

Would you, then, recommend it?

It's an additional use-side security, which is always good don't get me wrong. But then again, like I said in my previous reply, user-side account security is pointless if it's their cold wallet that gets breached.

Think of it like your local bank and your online banking account. You can secure your online banking account as much as you want, but if the bank's vault itself that get's breached(and ends up going bankrupt), then you're screwed either way. (I know there's insurance and all that with banks, but you get the point)

So I heard not only with the coinbase vault, you could also whitelist addresses.  Opinion on this? 

Just to add for the beginners: ONLY DO THIS IF YOU KNOW WHAT YOU'RE DOING.

If you're going to use Electrum as your main long-term holding wallet and you think you're safe just because you have an anti-virus on your main personal computer, you're taking serious risk. For most people, using a reputable hardware wallet is simply the better and safest solution.

An Electrum wallet on an offline computer coupled with a master public key inserted in a computer connected to the internet is a good choice in terms of security. But if you have Electrum installed on a computer that is constantly connected to the internet and you use it daily for various things, you are better off with a decent hardware wallet. It's especially dangerous if your are into torrents, pirated software, porn, etc.

I don't need a hardware wallet to keep my Bitcoin safe. Electrum wallet is enough for me. If I am serious with security, I will use extended phrase or multi-signature wallet

I don't need any Vault on any exchange to keep my Bitcoin safe. Exchanges are never best places to store Bitcoin or cryptocurrency. "Not your keys, not your Bitcoins", "Not your keys, not your crypto"

https://notyourkeys.org/

You can store coins on exchanges for only one reason: you are a trader. You are constantly trading and paying taxes because some of the major exchanges are already helping users calculate their profit (or loss).
In other cases, it is better to store coins on a hardware wallet and trade them on decentralized exchanges where there are no KYC procedures

You have to understand what exactly you're storing. Essentially, you're locking your funds a chain of blocks that requires computational power to be secure for outsider attackers. In order for you to spend money, you have to provide a signature to the network's nodes as a proof that you're the owner of that specific output. They keep extending the chain and including your transactions to their successfully mined blocks. Hence, there is no third party. Only nodes that “obey” to the longest chain, which is distributed peer-to-peerly.

Now think that if you store your bitcoins on Coinbase, you ruining the entire purpose. It's quite ironic for a Bitcoiner that those so-called "secure" exchanges such as Coinbase or Gemini introduce their services as wallets to store your bitcoins.

As for their security: There are two types of exchanges. The ones that got hacked and the ones that will be.

After everything you have asked in the past few years and after hundreds and more than quality answers, you are asking a complete beginner question "is it safer to keep crypto on a crypto exchange or a hardware wallet?" So after all, you haven't (and I believe you never will) learn what a private key is and how important it is for everyone to be in complete control of their private keys.

Now it seems to me that you are a completely lost cause or that you are trolling us all to incredible limits here - so I would advise everyone to stop wasting time on someone who will ask the same questions in a few years without adopting at least 1% of all answers.

Sure, it's very secure. I mean what could possibly go wrong by storing your coins with a third party? The words MT. Gox come to my mind. Have you heard of it? It was a reputable exchange that facilitated 2/3 of all bitcoin transactions worldwide in its prime. It's estimated that 850.000 bitcoins were hacked and stolen from MT. Gox several years ago. So much for "pretty damn safe", eh?

You are screwed again!

And despite all that, you are considering keeping your coins in Coinbase? More precisely, you already sent coins their way to test out your Nano S theories.

Compared to unknown, low traffic exchanges, Coinbase and Gemini are "safer", but they are still not "safe". The term worth highlighting is exchange! It's a website where you move your coins to exchange them for other assets, and move them back into private wallets when you are done.

Since when is the easiest way the safest way?  Shouldn't you be concerned with the safety of your funds, and not what is easier and more convenient for you? It's even quicker if you send the coins to a random person on the Internet for him to store, but what do you think, is it safer than holding them yourself?   

There is no such thing as reputable and secure exchanges. There are only exchanges that have not yet mass scammed anyone or gotten hacked and became insolvent.

All the arguments about lack of security of storing your bitcoins with third parties aside this is not how bitcoin is supposed to be used. When using bitcoin you are supposed to be "your own bank" not go about using a bank again (or a bank-like service where you have no control). Why bother with volatile bitcoin if you are going to do that anyways?

2FA is only secure if the initial setup was done in a secure environment. Most TOTP requires the secret during the activation of the 2FA to be secure. Coinbase vault is only secure if you are able to keep all of the accounts involved in the authentication secure. I don't think the funds are insured if it gets compromised due to the user's incompetency either, CMIIW.

Of course, this also means that you'll inevitably lose a lot of privacy when you're relying on a third party for the security of your funds. Hardware wallets or any airgapped wallets would be far more secure than trusting a third party, insured or not. Being in the sole control of your own funds would be a far better idea either way. I find HW wallets easy enough to use unless you're absolutely illiterate when it comes to computers. I also find the 48 hours waiting period quite ridiculous.

1. These exchange giants are safe, until they're not. Some of the exchanges listed here were also deemed "secure enough" by people in the past, but yet.. : https://cryptosec.info/exchange-hacks

2. 2FA is great, but it only protects access to your exchange account. But if the exchange's cold wallets itself are what gets hacked? Your exchange account's security ends up being pointless.

3. Coinbase only insures 2% of all the crypto funds they're holding(hot wallets), and their customers' cash balances: https://help.coinbase.com/en/coinbase/other-topics/legal-policies/how-is-coinbase-insured

So if that is the case, why isn't storing your btc and other crypto on coinbase a good idea?  Yes I know people say don't store it in an exchange... but isn't coinbase or gemini as safe as you can get?  I read people say for the average retail investor, storing your coins on coinbase is the easiest way.  But if someone has huge amounts... say 50k or 6 figures... would that be safe?  For some reason, I can imagine tons of people who invest in crypto... let say they put 6 figures, they probably put it there and don't even bother with hardware wallet.  Would you say that is accurate or not?  I am talking about ppl that are not that crypto savy and just do things normally like they do with stocks etc.



Coinbase seem to insure up to 250k.  So if someone had that type of money, wouldn't it feel safe to still store it there assuming they don't want to store their own seed?  Since doing this, someone could make mistake writing seed, lose their seed, seed compromised etc.  I mean you don't need to know your seed... don't need to protect your seed.  And if you have issue you contact coinbase and send your verification documents to them again. 



But that coinbase vault.  Anyone have experience with it?  I read Vaults also go through a secure approval withdrawal process after creation.    That seems very secure but how is this process?  If that is the case, couldn't someone with like half a million dollars or more trust that vs storing it in their own hardware wallet... where they always need to make sure their seed phrase is protected?  I mean... I can't imagine someone like Elon Mush or Max Keiser or people with tons of crypto have their own seed to protect?  I heard its under custodial accounts... which is what coinbase and coinbase vault is right?  The idea of not having to protect your seed seems really appealing. 



Does gemini offer something like this as well?  I heard someone mentioned some sites offer services like this but they charge a lot for it?



I mean not having to have your seed protected... seems much better. 

So I created a few threads about where to store your seed for your wallet whether its a hardware wallet like nano ledger/trezor or software wallet like electrum.  Of course with every option, there is pros and cons of each. 



Now the more I think about it... if you keep it in an exchange but very reputable... think coinbase/gemini or maybe kraken/binance... isn't that pretty damn safe?  But when i checked coinbase, they also have this thing called coinbase vault which apparently makes it even safer?  I see that it seems to insure up to 250,000 usd?   Or is that just coinbase in general?



The thing is what does that protect you against?  I mean if someone hacks your account somehow because you didn't have two factor authorization, then you are screwed right?  But what if you have two factor authorization and someone does that sim swap i heard of?  What happens then?  Now what if you use google authenticator or authy as your two factor authorization?  Does that protect you or not?  I also heard cases of two factor authorization getting hacked which i thought was not possible.



I do know if you use your phone as your two factor authorization and you lose it or it broke, its a huge hassle contacting coinbase as i recall this a while back.  You had to reverify your documents if for example you lost your coinbase secret key right?  Because a while back my phone which was my two factor authorization... i forgot if i used authy or google authenticator but i know i didn't have my secret key.  Is that the coinbase key?  But after a while, they were able to confirm my account.