I got my coin out of Inputs.io just a few days before they got hacked, and I've got a low balance in Coinbase. I'm going to make that a zero balance, because I've completely lost faith in any company's ability to manage Bitcoin.
Please ensure you're using random passwords on every site you use, select the best available security questions, use a password manager, and enable two factor authentication everywhere that allows it.
Also move all your coins in to offline wallets. No online web wallets have a bank grade reputation.
Were you born yesterday?
The steal-all-your-money rate of bitcoin businesses is running right around 100%, and you're going to lecture people that "they can only ever lose a small portion of all stored user funds"? Really?
And there won't be even when they do.
And when they close due to massive theft / loss of coin, and take all of their users' funds with them, that will be the first suggestion that any user hears of.
It happened to me. It's not fearmongering, it's fact.
To use a metaphor, a failed proof of reserve is like detecting that someone who's riding a motorcycle without a helmet has been launched into the air due to a car crash, and is about to hit the ground. That doesn't change the fact that they're not wearing a helmet in the first place. And in bitcoin's case, no such "helmet" exists. There is no protection for consumers against losing their funds by the exchange.
There's always going to be this massive risk of the coins disappearing due to any number of reasons: that they get hacked, that the founder steals them, that they lose them to some massive technical problem, that they experience another undocumented bitcoin protocol issue like malleability, that they lose access to their cold storage wallets, etc.
This has happened at, what, a dozen exchanges so far? They've all died due to one of the above reasons. Who's next? It's completely possible that Coinbase is next, and that you're recommending users throw their money away by trusting them. There's no reason to trust Coinbase. Keep your funds in your own secure cold storage wallet, and you'll have them forever. Keep them in Coinbase and you'll have them exactly as long as Coinbase lasts.
In regards to Coinbase, if only because their terms make it clear they aren't liable for a customer loss of any cause whatsoever.
Their actions make clear that they are enormously untrustworthy.
Honestly, the best thing for the bitcoin ecosystem is to learn from Paypal and Visa, and to emulate their good qualities. I know it's popular to hate on the existing ways of doing things, but the existing ways have a lot of hidden wisdom embedded in them.
This could lower the transactional-risk cost between doing business with certified exchanges, and still allow users to do business outside but with the increased transactional costs.
But then again you're just building another financial exchange system controlled by the certificate issuer - except it would need to be backed by some form of international enforcement (e.g. WTO?).
Where is the benefit to bitcoins then?
You won't need insurance when the coins simply can't be stolen.
It'd be a good idea for Coinbase to implement, though.
But there are also some online wallets that already implemented it:
https://www.bitalo.com/ (this one is also at the same time something like localbitcoins.com)
From the top comment in that thread, it looks like the company with insurance underwritten by Lloyd's is Elliptic.
Please read my post carefully next time.
Perhaps you're arguing so vehemently in support of Coinbase because you're keeping all of your coins there? If so, I would suggest you move them to a secure cold storage wallet immediately.
Besides, I trust my mattress. It's a nice mattress made by a great VC backed mattress company. It's not like I'm putting my money under some mattress that I bought on craigslist.
Regarding user names, they are optional and meant to be public.
I think the biggest problem here has been that Coinbase hasn't been responsive to messages sent to their whitehat@ address. That and the fact that users are being spammed by "researchers," which is a problem that falls back on them to mitigate.
They haven't been "hacked" though, and the only thing that has been "leaked" is public account names and account existence. The latter is almost impossible to avoid if you require unique emails for accounts (if I'm wrong about that please correct me).
That's just my naive two cents, so let me know where I'm missing the picture if that's the case! :)
Their official response confirms this: http://blog.coinbase.com/post/81407694500/update-on-coinbase...