Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Coinbase Cloud (coinbase.com)
200 points by hasheddan on Oct 2, 2021 | hide | past | favorite | 162 comments


Seems they forgot to write the documentation lol https://docs.cloud.coinbase.com/exchange/reference/market-fe...


Coinbase CEO here. Thx for mentioning it, we’ll get that fixed.

This is an early release from us and I would expect there to be a few quirks. Please keep sharing any feedback.


Is there any way to get support regarding the API? We are trying to increase the send limit of our application, but can't get any support for over 3 months. No one's monitoring the SO tag as is mentioned in documentation.


Thanks for pointing this out, we're working on ramping up support and a dev rel team. Appreciate the feedback.


Thoughts on https://news.ycombinator.com/item?id=28588896 ?

Non-techie Family member got scammed with this last month and lost $4k ETH while using coinbase. Thought I would let you know since it seems very common at the moment, might be worth having an alert to users not to send ETH to anyone who says they will 2x their coins. Cheers,


I'm not sure it's coinbase's responsibility to tell users not to run with scissors. Anyone who thinks sending money to random links they see on the internet that are promising to send them more money back for free probably shouldn't be entrusted with managing money.


Complete agreement with this comment.

What should a founder do? Focus on their product, the better they become more scamers will attract, but is for the user to use some basic logic.

Otherwise, should they tell people that there is no such thing as Nigerian Prince? Because Nigeria is a Republic but some people don't even check the basics, they tend to just refuse their responsibility.


I think a good solution would be to allow users to flag a wallet interaction as a scam (akin to a down vote). Then, after enough votes, you could get a warning analogous to what Safari does when you are about to go to a known scam website.

People here forget that the average person (especially as they age) will at some point fall for a scam. Insurance companies are starting to recognize that, because as you approach old age and death, apparently the mind gets more trusting of strangers to reduce mental load.


If this system existed it would immediately cause all scammers that aren't already doing it to make a new wallet address for each 'lead' and make a reputation system worthless. I would be very surprised if this wasn't already common practice.


Nothing is ever a solution, only a hurdle.


This post doesn’t seem at all appropriate to me. Those scams are the most bottom of the barrel, low effort, have existed forever, and have nothing to do with Coinbase at all. I worry that pinging founders direct with this nonsense will keep them out of one of the few forums where I ever get to see them contribute.


Depends. Most CEOs I interact with are anti-fragile. The legitimacy of crypto has a lot to do with CB, so it is in everyone’s best interest to fight scammers being front page promoted by YouTube:)


I don't see RobinHood worrying about people sending money to Nigerian Princes.

Crypto trading being secure, reliable, engaging etc is important to coinbase. Not people being scammed in ye olde isk doubling trick.


Documentation was linked to here from main page: https://docs.cloud.coinbase.com/

Not sure where you found that other link but sort of embarrassing to have that publicly exposed.


It happens, we're not perfect ¯\_(ツ)_/¯


I just searched for 'commerce' in the main documentation and voila


Hi Joe here, leading up Cloud at Coinbase. Thanks for pointing this out, as a new product there's bound to be some quirks! Really appreciate the feedback. we'll get things like this fixed.


I raised $2,200 in donations thanks to Coinbase making it easy for people to donate crypto. It sounds like they want to do the same for every aspect of a business. There’s probably a lot of value in that.


That's great to hear. We are working on something to simplify accepting crypto, would be great to chat with you about your experience.


How much energy was wasted this way? Why would PayPal, IBAN, or Flattr not have worked?


I use crypto because the financial system does not allow me to make a transaction anonymously unless I use cash, that I can't use on the internet. Make the government remove its retarded KYC and anti money laundering laws that create state mandated invasion of privacy and I will stop. Crypto exists only because there is a demand not met by "real money". The answer is not to ban crypto but to make "real money" competitive again.


If it was a custodial service, then the amount of "energy wasted" was basically equal to any of the above.


The majority of cryptocurrency mining is paid for by fixed inflationary rewards, not transaction fees. That means that the power used by mining isn’t directly dependent on the number of transactions being processed. When you hear “each Bitcoin transaction burns x MJ”, that’s a simplification.

Custodial cryptocurrency services therefore don’t consume meaningfully more or less power than non-custodial services. They both rely on the underlying protocol remaining functional, which is where the bulk of power consumption occurs.


because they dont receive crypto..


Can someone ELI5 how this is any different to what the current Coinbase API offers? https://developers.coinbase.com/api/v2

Reading through the entire Coinbase Cloud page and even going into the Coinbase Cloud Exchange docs (https://docs.cloud.coinbase.com/exchange/docs) doesn't make it clear what this offers over Coinbase's current API.


The difference of those two docs is one is coinbase.com, their more retail oriented option (picture robinhood), and pro.coinbase.com which is a more advanced trading platform (think or swim or other more mature investor platforms). The fee structures are different, order types, visualizations, etc (even though they likely use the same infrastructure for both) and they segregate a user’s accounts between the two (though you can freely transfer between the two). Another major difference is on the retail platform you’re not going to see an orderbook - just a price. All that to say, I think the main difference is access to more information about the overall market, more advanced orders, better pair selection (that usually eventually ends up on the retail platform), and the more mature financial platform.

These new docs replace the previous pro/prime API docs and extend it into new products.


The cloud product/label is where they intend to build out a suite of service offerings. API wasn't broad enough to encompass what they intend to do next.


Hi, Joe here, heading up Coinbase Cloud. tldr; this is our first step in providing a full set of API based services to build crypto applications and unifying the existing APIs that exist.

Importantly, this will go well beyond interacting with Coinbase existing products and provide tooling needed to make it easier for developers to build new web3 applications.


Given their lack of competence resolving basic user account issues, it would be a hard no from me


Agreed, I was locked out of access to my funds for months, not one human response until my complaint escalated to the Financial Ombudsman (UK), got compensation, then tried to delete my account after withdrawing all my money, raised a support ticket, then last week my account was closed with the following message:

"Upon careful review, we believe your account has engaged in prohibited use in violation of our Terms of Service and we regret to inform you that we can no longer provide you with access to our service."


That's not just Coinbase. It's every neobank type app or service.

The problem is that they can't handle the large volume of users while also dealing with fraud & law compliance. So they basically have fraud detection algos that flag anything remotely suspicious with many false positives and they don't have the support staff to deal with the aftermath.


It's almost like there's a good reason society invented bank regulation.


Oh wow that’s bad.

Mine was their screwed up identification process - I had completed it but their app wouldn’t let me view their tiny videos for the rewards. I was stuck in a support loop for months of “you need to identify yourself”, “I have”, “oh yeah you have, try the videos again” - repeat


I was locked out of my account for 3.5 years before they worked through the queue far enough to get to me. I stopped using Coinbase long before then though.


Sounds like the Robinhood model. Collect as much finances as you can and do as little as possible to support those providing the funds while sucking up to investors.


Looks interesting. Or at least one step closer to improving access to tooling.

I can totally see coin base becoming the de facto platform for this sort of stuff. Not ideal centralisation wise but oh well


Fleek is basically Vercel or Heroku, but for Web3. For those with more at stake, it's probably better to go with a big player like Coinbase.


Unrelated, but nothing reminds me I'm getting old more than an entire sentence of words I don't understand.


When someone versions the internet it is safe to disregard the other terms in the sentence.


In my day, Web 3.0 meant the Semantic Web: https://en.wikipedia.org/wiki/Semantic_Web#Web_3.0 .


Internet2 will come alive any day now

https://en.wikipedia.org/wiki/Internet2


With that hard and fast rule, I'd argue that you'll be confused about what's happening for years to come.


Also unrelated, for some reason your comment reminds me of Oscar Wilde quote I am so clever that sometimes I don't understand a single word of what I am saying.


Thanks. Appreciate any feedback from this community and hoping to make the product better as we go.


Didn't Microsoft Azure's blockchain platform fail? It was shutdown earlier this month [1]. How is this different and/or better?

[1] https://www.siliconrepublic.com/enterprise/microsoft-azure-b...


I think Microsoft and others like IBM failed to “get it”. They tried to adopt blockchain tech without the cryptocurrency aspect, failing to realize there needs to be a built-in incentive structure for people to participate on any blockchain network. Mining, staking, and other proof / reward systems are required for any blockchain tech to get off the ground.


Agree, and this quote from the OP's link is humorous in that regard:

"While blockchain is best known for its association with cryptocurrencies, it has applications beyond this field."

This sentiment is just thrown around without evidence. Either a blockchain has an internal reward mechanism to account for the increased costs associated with it's execution or it is simply a more complicated and expensive database looking for a problem to solve...and also is likely not decentralized.


Good evidence is git, which is a blockchain (linked list of hashes).


without a way to resolve the canonical version without trusting a singular maintainer, git is not a blockchain. blockchains enforce consensus in a decentralized way, at least public blockchains do or should.


Well no, blockchain plus consensus algorithm does what you’re describing.


it's not a blockchain without a consensus algorithm. it's a linked list of hashes.


While I get what you're referring too, you're drawing from a community wisdom definition vs. any clear technical spec deeming it such, which is what I'm highlighting here. Even the whitepaper calls it "a timestamp network."


Hyperledger Fabric uses Proof of Authority and is still being used for projects. Being antithetical to the crypto crowd it doesn't get the same fanfare. The target user base is very different.

I personally would reach for this tech stack before the permissionless variety, I just don't have anything that needs blockchain.


What are some projects it is used for?


Primarily supply chain.

https://www.hyperledger.org/learn/case-studies

Understand connecting IRL to BCL (blockchain ledger) is where provenance breaks down. Just because a blockchain says something, does not mean it is true. Just that the data onchain hasn't changed.


Considering the prevailing incentives are all criminal, no wonder they failed to "get it" [sic]


IBM and Microsoft cater to enterprises. Enterprises whose entrenched positions are challenged by decentralized systems. Centralizing a decentralized system is done either to bootstrap it (optimistic) or embrace, extend, and extinguish it (pessimistic). A corporation alone might not need a blockchain, but has no choice but to participate if that’s where the market is, and a consensus of participants (no pun intended) is who determines that technology (not corporate procurement).

https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...


Can you please give a single example of an enterprise that is being challenged by a decentralised system?


I would say commercial banks are on their way to being challenged by DeFi and stablecoins on Ethereum. But it is debatable how decentralized this system in its entirety is given the biggest entities are centralized custodian coins. But still.. massive disparities in yields and flexibility of moving value around at will does have enough disruptive force that banks and the Federal reserve are racing to both regulate stablecoins and push "CeFi" instiutions into registering as banks themselves, while on the other end legacy finance is moving towards adopting some of these systems themselves.


Clearing and settlement of securities. https://paxos.com


Isn't Coinbase Cloud vastly different? Azure was for building any application blockchain technology (could be crypto, smart contracts, supply chain, blah blah) whereas CB Cloud is for building applications on top of Coinbase's crypto exchange.


This appears to be only managed blockchain infrastructure, not all of the other concerns that emerge when actually building an application on top of such a thing.


The API doesn't even have support for Lightning.


....yet.


Why isn't this just called Coinbase API? What am I missing?


Coinbase API is something else [1] and would be utterly confusing to use that name for this:

[1] https://developers.coinbase.com/api/v2


its closer to a PaaS offering than just a bundle of APIs, which gives it some basis to claim the Cloud marketing moniker.

Notably, https://bisontrails.co/participate/ (this is linked from the above and is owned by Coinbase as a subsidiary)


Uh, ok, the front/linked page confused me. Thanks.


If my fund uses a thing for order entry, deposits, and withdrawals, but not for hosting (and indeed hosting for trading servers is not even for sale?), normally we would call that thing an API.

I guess the "hosted validators" thing is reasonable to call Coinbase Cloud though.


Isn't it ironic to use a REST API to send BTC vs say using what any cryptocurrency is intended for? To use their native APIs to transfer value. The aim of decentralization is to eliminate that third party but this puts it back. We've come full circle.


A better wording would be that the aim of decentralization is the option to eliminate the third party. If someone wants to use a third party to transact then he should have the freedom to do so. Similarly, if someone wants to transact with another party directly then this should also be allowed.


The idea "everyone should be their own bank" is a great idea, and most should endeavor to do that, but it fails often for a variety of legal and regulatory reasons.

Suppose you are a company, with a myriad of shareholders, do you: (a) Setup a crypto wallet and give Frank and Bill the keys, or (b) Outsource to reputable 3rd party.

I can tell you which your shareholders would prefer.


The Bitcoin network supports a theoretical maximum of 7 transactions per second, so they’re probably eager to do it some other way.


Lightning though... Amiright!?

I'm setting up a node as soon as my ssd arrives.


Coinbase has been the slowest to adopt new bitcoin features since they realized their business model is actually an altcoin casino.


Is "as soon as my ssd arrives" the new "the check is in the mail"?


Ha, no I really do have one coming.


You are setting up a Lightning node? For?


> You are setting up a Lightning node?

Yes.

> For?

To learn, and for myself and friends to use. Vague question.

I want the Lightning network to be the BTC solution to transaction throughput and privacy, but I don't know that it is. Figure best way to find out is to get my hands dirty.


Ok. I’m interested in monetising modern crypto mining so I’m always interested in hearing about people’s ideas.


I don't this is ironic. I think this is a pretty cynical attempt at wrapping the "Coinbase platform" around more layers of crypto than they already had.

Embrace, extend...


Middlemen have to middle, that’s the model of a middleman. As long as they provide some perceived value over the same without middlemen they will be profitable. In this case, coinbase abstracts crypto away from technically illiterate who want to ride the crypto wave without learning the technicals.


People who understand technicals might use AWS which provides tremendous value for many. I believe Coinbase wants to build AWS for crypto.


Haven't used it directly in forever but bitcoind had a rest API early on.


This seems more of a product to keep their investors happy than it does actually improving the crypto ecosystem. Feels like you lose the decentralization benefits of crypto when you are doing everything over a centralized service. I don't know how much Coinbase have abstracted things, but there's probably a fair amount of lock-in here too.


The idea is to make it easier to build products without having to build the entire stack. We'll still leverage decentralized protocols.


I'm interested in the Coinbase Commerce as an option for my SaaS, sadly they don't seem to support recurring payments out of the box. Does anyone know if they might be offering this functionality in the future?


The answer is most certainly yes.


99% uptime guarantee is embarrassingly low.


That's nearly 4 days out of service a year with no recourse. This should be unacceptable for any financial service.


_Should_ be, yeah. Australian banks are this bad and worse.


4 whole days! They'll never recover from this, right?


I would be not long for this world if a service I helped maintain was down for four days.


If so, that is a frightening indictment of the world we live in and not you as a person.


It is shockingly bad


Only to those firmly within the HN bubble.


Yep, there are enough services that drop into maintenance mode multiple time a week. Although outside local business hours, one of my banks is in maintenance mode every night (not sure if they do backups or if it's just down and has maintenance mode as 500 screen or what is going on) and the api (psd2 ) does not work then either. Well over 4 days a year I would say and literally no one cares: people are sleeping. So sure it depends on the service but 99% or less does not matter if no one is using it anyway. That said; it is quite bad in this day and age and I really wonder what it is they are 'maintaining'.


This is specific to the domain of cryptocurrencies and blockchains where you are dealing with decentralized networks that slash funds if you are offline for a period of time. It's a different ball game to endpoints you can let fall over and restart from time to time.


considering my experience with their product, it's probably the best they could do in a realistic timeframe.


Compared to what? I believe it’s a great starting point compared to legacy systems in tradfi.


They were probably faced with decision: Release now and improve over time, or don't release now. We don't live in the time of option B. Option B is the path of ruin.


That's the attitude you want from a financial service, YOLO BUILD FAST AND BREAK THINGS.

We absolutely live in a time where you can engineer things well, especially at the scale of a publicly traded company. They aren't some scrappy startup desperately trying to get their first users.


They’re trying to be like banks. Mine closes at 5pm sharp and all transactions stop because you can’t do fraud checks in developing countries when “fraud check” means literally sending someone physically to the point of sale to make sure it really exists.



Awesome, we're looking for a multi-chain version of infura at earthwallet.io! Sounds like exactly what we need on the Coinbase Cloud page, but it's a bit tricky to find the docs for this type of application. Definitely a great idea though, hopefully we can make it happen!


Cryptocurrencies are horrible as currencies because it’s hard and expensive to pay with them.

Make of that what you will.


"In my opinion..."


I still can't go down to my grocery store, or pretty much any outlet in the city, and pay with crypto.

Until that is the case, I think it's very fair to say, that crypto currency is hard to pay with.


Does that make them horrible?


Considering the only thing you can actually buy with cryptocoins is paying ransom, then yes.


You know who can? Anyone in El Salvador.


> You know who can? Anyone in El Salvador.

With an internet-connected smartphone with the app installed and whose neighbourhood stores are following the law. Which isn’t that many people.


https://www.yahoo.com/now/over-two-million-citizens-now-1438...

Even if we call his numbers inflated and cut his number in half, it is still 1m people.


Okay I guess?


hahahaha


This imposes a centralization externality on blockchains. Putting a validator node in Coinbase Cloud makes that blockchain more centralized by giving Coinbase control over a large number of validator nodes.


Some of the docs are coming up blank on mobile safari, what I want to know is if its possible to hack together a payment flow a la stripe with dummy data without creating a paid account first.


When twitter was younger, people would implement against their api and eventually get shut down.

I can't imagine having a dependency on a coinbase api.


Doesn't this further centralize something that's supposed to be decentralized?


Cool, didnt realize coinbase acquired bison trails


yep.


> Coinbase Cloud has it all.

Unfortunately, I don't see the API where I get $90 million accidentally transferred to my wallet. :(


So much for decentralization.


This service doesn't prohibit decentralized services from existing and evolving? Cue why not both gif.


There goes my side project


future headline: Coinbase Cloud Breach Notification


The audacity of announcing a cloud on the same day a major breach is made public lmao


Don't we already know it wasn't actually a breach?


If all your customers get sim swapped because you offered 2FA over SMS then it's your fault as a service provider.


Couldn't we shift the fault back a step? If it's so easy to SIM swap people, shouldn't the telecoms be liable for damages to their customers in the event of a SIM swap?


i am not entirely sure i fully agree. telecoms never sold us a service to authenticate us to 3rd parties. those 3rd parties did bolt it on-top of an arguably insecure message transmission system. it wasn't meant to be used like this and maybe its even a bad idea to use it like that. the assumption only you yourself could receive these codes because you are authenticated against your mobile network provider might just be wrong here.

of course, letting the actual sim swapping attack work is an issue they should be required to solve. but for entirely different reasons. once you are authenticated to their network you can cause substantial costs for the real owner of the contract for example and those costs would definitely be compensated to their clients if this happens without their involvement. but if your assumptions break because of this issue your assumptions are wrong in my opinion and you would be the one to blame.

a simple analogy here could be you park your car in front of a police station, because nobody would dare to steal your car right in front of the police right? but then your car still gets stolen and you think you should try to sue the police because that just happened.

on the other hand coinbase did made that assumption and has been proven wrong in this way. they did bet on using the telcos messaging systems being secure enough to be used for authentication. that did not work out and this caused people to lose money which should be compensated for, by coinbase, because they decided to do that and not the telecoms.


I agree - you are right, we absolutely should. But if customers are using Coinbase, and people sue and get successfully judgments against Coinbase for using insecure authentication media, then maybe Coinbase can go ahead and initiate lawsuits against the telecoms if they are feeling the heat.

Consumer complaints against ISPs/telecoms have been notoriously slow, unresolved with no real improvements - even before the creature Ajit Pai crawled out from under his rock, shockingly enough.


"all" customers? Or do you mean 6,000 out of 60m +?


Either works for the example. You should be liable for offering something that is easily exploited that affects your customers.


If that is the net you are casting that is going to be a very wide net.

SMS 2fa isn’t great but there are lots of places that use it.


They should all be liable for damages if anything bad happens as a result of account misappropriation IMO


Coinbase is making all the affected customers whole. What more liability do you want?


A fine that is substantial enough to make them deprecate 2FA for SMS


Why do you care if Coinbase gets robbed?


Because people and organizations should be held accountable for their actions and weak security can directly impact people's lives


Then don’t use it haha. There’s always so many HN users talking up these so-called breaches and acting like they matter when they probably have a grand total combined spend authority of $100 for snacks at the weekly happy hour.


I was a pre-sale investor in Ethereum, have been in Bitcoin since it was < $2 per BTC. Your casual dismissal of my statement indicates you have no idea what you are talking about - no one is going to seriously use this. Just like no one serious keeps their balances on Coinbase Pro/Prime. They are a fine trading desk if you face them OTC, but to think they are going to become a state of the art "crypto cloud provider" is hilarious.

Next up, Coinbase NFT verification services (Sotheby's of the future!). My sides are sore.


You bought some crypto currencies early, congrats. None of those statements demonstrate purchasing power for a cloud product…


> None of those statements demonstrate purchasing power for a cloud product…

What does this even mean? Are you trying to say I don't have enough money for the offering? Maybe so :)

I am indicting Coinbase for what they are - their lack of support, lack of useful options even for well-moneyed players in the market, lack of useful crypto products. Their API is fine, but that is standard.

And now they want to be the new Infura/Alchemy? I mean, why? They already don't provide a great product. My Uber driver yesterday was asking me if they should buy Avalanche after I casually mentioned crypto. Yeah, democratizing finance for sure.

Use it if you want, you seem axed on the product. Hope it works out for you!


To be fair an early investor in Bitcoin and Ethereum from pre-2015 could have the same ‘spending power’ as a successful IPO founder, which isn’t trivial!


Nothing I like more than a cookie accept button covering half the screen that doesn't work when you click it.


The "i dont care about cookies" extension is really good on desktop https://www.i-dont-care-about-cookies.eu/


I always thank Europe for this, makes me feel so safe. I don't risk anything when I can't even accept the cookie.


Will this service be using Rust?


I think they’re a Go/Typescript shop, but crypto does love Rust!


Cardano ecosystem used to use Rust a lot. Currently moving to Haskell. Few other big ecosystems using Rust too.

Imo future is more expressive rust-like languages.


I thought they'd been using Haskellfor years, and the rust development was relatively recent.


Yeah Cardano has been Haskell for years and some Rust for a secondary implementation of the node (Jormungandr)


Polkadot is Rust and WASM based.


Yes put everything in their cloud where the IRS criminals have full access. Satoshi as wel as the cypherpunks definitely approve.


No one else find it super weird there is an announcement the same day coinbase got hacked?


fact check: coinbase did not get hacked


A bug in Coinbase software allowed hackers to steal Coinbase users' money and private information. What else would you call this?


If you look more specifically into what happened, you might have your answer.


It was a failure in the oauth implementation in coinbase I like the way shills don’t even try to justify their untrue stances. Please correct me if I’m wrong.


Okay. Anyone can look and see that it was not that. But I guess that carries farther than an honest assessment.


Let me do more research and get back to you as this is the first time I’ve been accused of being a liar - I must have got some seriously wrong let’s see




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: