
Announcing Ethereum and Litecoin vaults - mcone
https://blog.coinbase.com/announcing-ethereum-litecoin-vaults-b10c3250cbe6
======
elorm
For those who might be a bit confused......

This feature will not make your coins more secure or prevent coinbase from
being hacked. However your coins will most likely be moved to "Cold storage"
which will make your coins extremely difficult to steal in the event that
either coinbase or your account is breached.

As far as cryptocurrency exchanges go, Coinbase is among the most secure,
practicing what they call "Paranoid Security".

Brian has written about it in the past. [https://engineering.coinbase.com/how-
coinbase-builds-secure-...](https://engineering.coinbase.com/how-coinbase-
builds-secure-infrastructure-to-store-bitcoin-in-the-cloud-30a6504e40ba)

~~~
bhouston
What happens if cold storage burns down.

~~~
robtaylor
it becomes quite warm storage

~~~
anaganisk
ok that brokw the Ice :D

------
androng
Wow, at first I was impressed because I have used Coinbase's multi-sig BTC
vaults in the past and those were the real deal. As in, they allowed for
security and convenience. One key with Coinbase, one key with user, and the
third key in your bank vault or somewhere hard to reach. All generated client-
side. It protected against Coinbase being hacked, but still offered
convenience.

This product is the opposite! One-key. Same security (in terms of Coinbase
being hacked) and less convenience than the regular wallet! In fact they even
took the multi-sig BTC wallet away. You used to be able to create more than
one multi-sig BTC wallet in your Coinbase account. Now I only have one and I
don't see an option to create another.

Maybe in practice, the risk of people getting phished is much higher than the
risk of Coinbase getting hacked.

~~~
sputknick
They have MFA at the account level. Serious question: is what you described
more secure than that? These vaults mean they take coins offline, so it
becomes a physical security task to secure them.

~~~
androng
Yes, a multi-sig wallet is more secure. With the multi-sig wallets, even if
someone infiltrated Coinbase's offline coins, the hacker STILL would not be
able to steal the coins. With these new "multi-email" wallets, the hacker
would. This is all assuming that the user can manage his two keys better than
two email accounts.

In fact, the multi-sig wallets were nice too because you could retrieve your
coins even in the case where Coinbase went away completely. e.g. if they
pulled a Cryptsy or a BTCe

------
dom96
So this almost made me register for a Coinbase account to finally buy some
Bitcoins. That is until I got to the ID verification section. Am I wrong to be
worried about uploading a picture of my passport to a US company?

~~~
sayurichick
I wouldn't use Coinbase to buy BTC. The IRS already tried to obtain all
customer data before, and they conceded with "only customers who spend over
$20,000".

Even outside of privacy issues, Coinbase goes down during critical periods
often. Price crashing and you want to buy/sell quick? The site will likely be
down.

Outside of accessibility issues, Having Bitcoin on coinbase is more like an
I-O-U and defeats the purpose of cryptocurrency imo, which is having the
private keys to your funds which only you control.

I recommend this guide to set a multisignature wallet through CoPay and
Glidera. And managing your keys with a password manager like Enpass.

[https://gist.github.com/paOol/d6c78c339cc5c4df6dd745d3bc2cc5...](https://gist.github.com/paOol/d6c78c339cc5c4df6dd745d3bc2cc522)

~~~
egypturnash
Out of curiosity, where _do_ you recommend buying BTC?

~~~
mplewis
I switched from Coinbase to Gemini. Their verification process is very quick
and their customer service is too. Coinbase never responded to my ticket when
I asked them why my purchase was pending for over a week.

------
LordOfRiverRun
Isn't this just security theater? Does moving coins to one of their "vaults"
actually do anything in the event coinbase is hacked?

~~~
IkmoIkmo
When they say vaults, they're actually vaults. 98%, according to them, of
their funds are stored offline.

The only attack vectors are cryptographically, which you can pretty much rule
out (safe for human error), and some kind of human attack. (blackmail, social
engineering etc) But there's procedures in place there, too. The offline keys
are multi-signature, requiring multiple executives in multiple locations to
clear industry security protocols, then come together and commit a crime.

The remaining 2% of online funds are insured.

If anything goes wrong, it's extremely likely to be on the customer side. They
offer the usual secure connections, multisig etc, and the vault adds an extra
48h withdrawal period ontop.

If you know the basics of bitcoin's cryptography, it's pretty trivial to store
bitcoins on private keys that never saw the light of day, using a bunch of
dice and an offline open source bit of software. But if you have to use a
service, I'd say Coinbase is pretty damn secure. Just make sure your side's
clean. Accessing secure systems from compromised phones/laptops is a losing
battle, and as there's no real recourse with bitcoin, that's usually where
things go wrong even when using secure services.

~~~
gst
There are a lot of things outside of technical issues that can go wrong -
here's an example:
[https://www.reddit.com/r/CoinBase/comments/6hcu0n/coinbase_c...](https://www.reddit.com/r/CoinBase/comments/6hcu0n/coinbase_cuba_lawsuit/)

If you have control over your own keys (such as in the case of the "old"
Coinbase vault) those things are a non-issue. But with the way how the new
vault works a hardware wallet looks like a better solution.

------
d23
Just to warn folks, if they for whatever reason do something that makes want
to get your money out, like not supporting a fork, the withdrawal delay on
vaults can hinder your ability to get your funds out in time. Make sure if you
do this that you stay on top of any future time-sensitive announcements they
make so you can withdraw in time.

~~~
cvsh
It's a tough catch-22.

Cryptocurrencies are so volatile that there's a non-negligible risk that
locking away a large sum for 48 hours could potentially cost you nearly all of
it.

And they're so hackable that _not_ putting a time delay on withdrawals could
also potentially cost you all of it.

~~~
QAPereo
Is there some reason that a bank safety deposit box isn’t the gold standard?

~~~
bastawhiz
Safety deposit boxes are subject to many problems, most notably human error.
Death certificate fraud is far more common that you'd imagine. I would bet
that far more has been stolen from safety deposit boxes through social
engineering and fraud than from hacking cold storage systems.

------
dream42
Our coins will be not more secure with their "vaults"

------
tommoor
Love that the example screenshot has $125k in funds knocking about on
coinbase.

~~~
gobengo
If you had bought $5k worth of Ethereum last August, it would be worth $135k
right now. So yeah, sounds about right.

~~~
tommoor
I'm comparing to the marketing you see for the majority of financial products.
Most Americans don't even have 5k in savings, never mind crypto.

------
Cshelton
Well until CoinBase is hacked and there is nothing left FOR you to withdraw.

Just as with fiat USD, depositing it into any third party that is not FDIC is
silly. Same here, however there is no FDIC like entity to return your money,
so the only true secure way is to only hold them yourself.

Of course that makes mass adoption much more difficult...

Until Gov. Treasuries and central banks really jump into the game...

~~~
reefoctopus
[https://support.coinbase.com/customer/portal/articles/166237...](https://support.coinbase.com/customer/portal/articles/1662379-how-
is-coinbase-insured-)

~~~
Cshelton
Yes, because that is always a guarantee... And that's a big maybe and
eventually...

