
How much damage could a bad internal actor at Coinbase cause? - jonthepirate
I&#x27;m trying to work out how much risk I&#x27;m willing to accept by using Coinbase. If one of their programmers intentionally wanted to become a bad actor (say for example they catch wind that they are going to be fired), could a Coinbase developer easily cause billions of dollars in damage by somehow transferring coins out of the client accounts?
======
quickthrower2
Any money/btc you have in coinbase should be money you are happy to lose. It
is an IOU note from coinbase to you, but without the strong guarantees you'd
get with a bank. With bitcoin especially it is possiblef or someone (State,
Criminal, Software Bug) to run off with all their money and leave them
bankrupt in a matter of seconds. It could happen in the next 10 seconds. This
is unlike conventional business!

So I'd think of it like this. Say you want to buy $10000 of BTC. You are only
'happy' to lose $1000.

Transfer $1000 in to Coinbase. Get BTC. Transfer that to your own offline
wallet. Once confirmed, transfer the next $1000 in to Coinbase.

I say this as someone who has lost some Etherium in BTC-e, which I transferred
6 hours before they were seized. Luckily I got the lions share of it back
(about 80%) from Wex but that was just lucky. If it is in an exchange it can
be lost.

Finally only keep in Bitcoin money you are happy to lose. I won't go into why
but it should be obvious you cannot guarantee 100% you will remain in
"control" of your address (due to hackers, amnesia, tech failure and
untrustworthy friends/family), although you could get to 99.999% by taking
precautions.

~~~
Mouse47
One of the posters below pointed out that coinbase is FDIC insured (fiat) and
insured in general (crypto). What's your take?

~~~
quickthrower2
I don't know how good those insurances are. I assume FDIC is good. Although
you'd have less of a 'reason' to keep fiat on an exchange unless you are
trading.

For the crypto - well it depends on the insurance I can't really say how
effective it would be. I'd worry it would pay out in fiat what the coin was
worth at the time, which could be disappointing during a rally, plus you have
to wait for the payout, plus it might be a taxable event? And of course the
insurance may just not pay out. What if they decide it was your fault your
coins were lost?

------
abcdefghijklm
Coinbase fully insures all digital currency against losses resulting from a
breach of Coinbase’s physical security, cyber security, or by employee theft.

If you're in the US, fiat deposits are covered by the FDIC just like bank
deposits up to $250k:

[https://support.coinbase.com/customer/portal/articles/166237...](https://support.coinbase.com/customer/portal/articles/1662379-how-
is-coinbase-insured-)

~~~
jklein11
The link you posted says that all digital currency coinbase stores online is
insured. They also say that it is less than 2% of customers funds.

Also, to be clear, the FDIC insurance is on any cash balance in coinbase.

------
kleer001
Depends on how good their security protocols are at the point of attack.

If their security is really really really good they should be able to publish
(and advertise) the details of every step and still be secure.

Unless I completely misunderstand the essentials of security, which I might.
Can someone school me?

In the end though their security is only ONE point of detail to concern
yourself with when investing. The really really really important detail though
is your belief in the rock stead control of your emotions. That should be 60%
(or more) of your calculated risk. Because, as we know, humans are always the
weakest link in any system.

------
aviv
No competent technical person should ever EVER keep bitcoins on an exchange
wallet, Coinbase included. Bad actors are inevitable.

~~~
csnewb
Where should I keep bitcoins if not an exchange wallet? Hardware wallet?

~~~
gesman
Deterministic wallet that is fully restorable from password phrase.

electrum.org and alike.

------
gesman
Yes.

Coinbase keeps your private keys.

There are exactly zero reasons why you should keep your cryptocurrency in
Coinbase account and not transferring it to your own deterministic wallet.

~~~
abcdefghijklm
I've heard this over and over, and I totally understand your concern.

But I think there's at least one reason to stay on Coinbase though, and it's
their insurance against security breaches, including employee theft (note my
comment above).

I'm not individually insured against bitcoin theft, and I also think there's a
non-zero risk of making an irreversible mistake with my own offline storage.
I'm not incompetent, but I can't claim mastery of the bitcoin protocol either,
therefore I assume I can mess things up.

So yeah, you don't get your private keys, but insurance on your full balance
is worth something to some people, in some cases far more than the assumption
that nothing will ever go wrong with your own wallet (if you feel comfortable
with that assumption, great).

------
muzani
Doesn't this logic apply to putting your money in a bank as well? That's why I
have multiple bank accounts and buy gold.

~~~
colecut
Bank deposits are federally insured

~~~
stagas
Unless you're in Cyprus[0].

[0]: [https://www.rt.com/business/cyprus-crisis-bailout-
deposit-63...](https://www.rt.com/business/cyprus-crisis-bailout-deposit-631/)

