News

New Security Recommendations by Coinbase Raise Concerns

0 Comments

In a new and rather surprising piece of news, Coinbase has released a blog post advising their customers to backup their private keys onto their personal cloud services.

The worry over the years is that users may lose their own personal passcodes, and it is better for them to back them up to a place where they can’t be “misplaced”, like the cloud. Google Drive or iCloud would both allow for encrypted options that could only be accessed with the user’s password. This is being advised as an alternative to traditional mobile/desktop wallets or hardware wallets, which are considered to be much more secure.

What’s Wrong with This?

The private keys that are generated and stored on a user’s mobile device are the only way to access funds, and this is a bottleneck or security issue in itself. However, there are several reasons why this is an alarming perspective for leadership to take.

Right away, many users jumped in to point out that cloud hacks occur all the time, and this would technically create a honeypot for thieves to target. Jessie Powell, the CEO of trading exchange Kraken, pointed out:

I am not a fan of training users on bad security. Cloud storage, while convenient, is constantly compromised, especially with all the SIM porting. 99% chance the people who would unwittingly use this do not have passwords strong enough to withstand professional cracking.

The next point of criticism is that this is the least decentralized recommendation you can make. It is one thing that Coinbase is a centralized exchange, but now they are calling their users to store information on a centralized platform? Google and Apple’s data management leaves much to be desired, and as pointed out above, it is increasingly possible they get hacked. Taking action to move your private keys onto the cloud rather than retaining ownership of the keys yourself is the least decentralized thing a user can do.

One final implication I’d like to analyze is the liability with this recommendation. Often times, wealth advisors can make bad recommendations that cost them their career. If the most trusted company in the crypto space makes this poor recommendation and funds are stolen, will users hold them liable for the loss of funds? It seems like a short-sighted recommendation when the security of Google or Apple is so questionable.

Coinbase’s Strategic Significance

In a way, this can be viewed as targeting a certain niche of customer that doesn’t have or want the technical know how to safely store their private keys on their own. Just like a large subset of crypto enthusiasts might only want to buy Bitcoin using a pension fund or ETF, some may be willing to compromise security in order to have increased ease-of-use. Only the most hardcore “idealists” will go through the trouble to properly store their private keys themselves.

These recommendations shortly follow the news that QuadrigaCX has lost upwards of $145 million due to poor private key management, so this is definitely a hot issue. But that doesn’t mean that security should be compromised along the way. Managing your own private keys may be the safest way to do things, in which case, Coinbase is definitely not making the best recommendation here.

The worry of users losing their device or misplacing their private keys is a very real one, and a better solution may be to use their own methods and technology to backup private keys. Forcing unsophisticated users to take security measures into their own hands will likely lead to a compromise of that data. However, by providing a more secure option managed by Coinbase, at least users won’t be as vulnerable to their own poor choices with passwords and other data security measures.

Leave a Reply

avatar
  Subscribe  
Notify of
close-link

Risk Warning: Investing in digital currencies, stocks, shares and other securities, commodities, currencies and other derivative investment products (e.g. contracts for difference (“CFDs”) is speculative and carries a high level of risk. Each investment is unique and involves unique risks.

CFDs and other derivatives are complex instruments and come with a high risk of losing money rapidly due to leverage. You should consider whether you understand how an investment works and whether you can afford to take the high risk of losing your money.

Cryptocurrencies can fluctuate widely in prices and are, therefore, not appropriate for all investors. Trading cryptocurrencies is not supervised by any EU regulatory framework. Past performance does not guarantee future results. Any trading history presented is less than 5 years old unless otherwise stated and may not suffice as a basis for investment decisions. Your capital is at risk.

When trading in stocks your capital is at risk.

Past performance is not an indication of future results. Trading history presented is less than 5 years old unless otherwise stated and may not suffice as a basis for investment decisions. Prices may go down as well as up, prices can fluctuate widely, you may be exposed to currency exchange rate fluctuations and you may lose all of or more than the amount you invest. Investing is not suitable for everyone; ensure that you have fully understood the risks and legalities involved. If you are unsure, seek independent financial, legal, tax and/or accounting advice. This website does not provide investment, financial, legal, tax or accounting advice. Some links are affiliate links. For more information please read our full risk warning and disclaimer.