"Coinbase is now insured against theft and hacking in an amount that exceeds the average value of bitcoin it holds in online storage at any given time."
So you're still at the mercy of their offline storage security. Not saying there is a better option for most people, but this wouldn't protect you against a Gox-like breach.
I'm not convinced that this even protects the online wallet against Mt Gox style corporate malfeasance, where much of the damage was done as an intentional corporate decision by the leadership. (I'm conjecturing that's what happened at Mt Gox; regardless, this seems not to cover against them trying something intentionally with their coins related to trading, and then losing them all.)
Additionally, as you pointed out, this only covers a very small portion of their holdings - a percentage smaller than the number of Mt Gox coins that were "recovered" (about 25%).
Finally, Coinbase being insured against the value of the bitcoin loss doesn't translate in to you being covered, as Coinbase may accrue other debts they have to pay off before your holding in the event of a hack large enough to cause a serious business disturbance, such as paying off creditors with higher standing.
With FDIC, the depositor is insured, not the bank. This is the bank being insured, not the depositor.
Additionally I'm very curious why they never disclosed this publicly before. It's a decent marketing and selling point so there must be some reason they decided (or were required) to keep it under wraps for so long.
Just FYI, Coinbase's staff is infinitely superior to the embarrassing shenanigans of MtGox. If you want to get an idea of what they're doing, jump to 12min30secs in this video https://www.youtube.com/watch?v=ZwG1roO70co
Assuming that Bitcoins won't be FDIC insured in the foreseeable future, this is as good as it gets imho unless you feel better moving the majority of your coins to your own address and keeping the private-key yourself.
And as always, Disclaimer: Bitcoins are not FDIC insured and it's still wild-west out there. Don't play with money you cannot afford to lose without any recourse.
Of course, bitcoin startups really want to use the second model, where THEY control the money, which gives them many more avenues for profit: As any salesman knows, the closer you are to the money in a business, the more money you're likely to make yourself.
This means bitcoin companies are bending over backwards to say "look how safe your money is!" However, be aware if you ever buy bitcoins, it is much better to store your own bitcoins or use a wallet that allows you to manage your own private keys, or use a (now trendy) multisig wallet where the wallet company can't move money without your permission.
If a bitcoin bank says "We insure our bitcoins" your best response is "No thanks, I'd rather not have to trust you with my money in the first place." The whole raison d'être of bitcoin is that such trust isn't necessary.
Even for those of us who are computer savvy, the lengths you have to go to in order to make sure that your wallet is completely secure and redundant isn't easy. I feel a lot more secure with the bank holding my money.
This is why the whole notion of Bitcoin's success is paradoxical. To really succeed it probably has to be pushed by these third-parties, which is an advantage over our current banking system because the core protocol will still be neutral, but only to an extent: third parties will almost certainly build features that lock people in on top of it. This is a far cry from the vision some proponents have of a completely decentralized system.
This level of user verification, necessitated by KYC, AML policies and so on, is extremely burdensome for end users.
In fact, I've heard Coinbase is now requiring their users to declare exactly _where_ bitcoins are to be sent when a withdrawal request is made. Furthermore, Coinbase is having to shut down customer accounts that are known to be associated with online gambling.
Native wallets don't come with these "features". That's the benefit of being in control of your own money.
If Bitcoin ends up relegated to native wallets it probably will look like TOR - something that tech savvy people can use for certain activities, but not something that really caught on in widespread use.
Being able to be in control of your own money is great, if you can do it, but I tend to think most people don't want or can't handle that level of responsibility. Kind of at the heart of Bitcoin is a very libertarian philosophy on life and government. Our political system shows us that the vast majority of people aren't looking for that, and by extension, it probably applies to financial matters as well.
Using bitcoin for currency as a whole (IMO) is almost like a misguided application rewrite -- sure, at the beginning it has all these advantages of being light and nimble and having limitless possibility, but by the time you add all the stuff users actually want/need back into the system you wind up pretty much right back where you started with the old heavy app, perhaps with a shift of power behind the scenes (from the old architect to the new architect, if those are different parties), but nebulous real advantages for end users at the end with a lot of transitional pain in between.
3rd party wallets do not provide security via black magic. They use tools like passwords, 2FA, and email addresses, all of which could be compromised on a user's computer. Think key loggers, viruses, social engineering, people leaving their computers unattended with the wallet open.
There is no technical reason why the security measures that Coinbase implements cannot be done using a personal wallet. Moreover, when storing coins on Coinbaes, you are additionally subject to counter party risk (Coinbase goes under, loses their coins) as well as regulatory risk (Coinbase shuts down withdrawals due to regulations).
Yes, they use passwords, 2FA, and email addresses, but those are all things mainstream users are familiar with and have to use for any other major service. They are not familiar with the concept of encrypting a wallet or the fact that deleting a wallet can lose you money.
Of course you are at risk of something bad happening to Coinbase, but steps like getting insurance are hedges against that. I should point out that when I talk about mainstream users, I'm not so much talking about right now, but in potentially a few years when Coinbase is more of a known institution or existing banks or other parties have jumped into the game. At that point a wallet hosted by Google or something will be a much better bet for most consumers.
Yes, and they can do that without handing over their private keys (see blockchain.info, etc.)
The problem is that Coinbase only insured themselves against damage from coins-in-transition being accidentally lost or being stolen. That doesn't actually cover most of the cases that I'm worried about, because while a 3% loss would be annoying, it's nothing compared to the other failure modes and should be a loss that's sustainable by Coinbase independent of this insurance policy.
The problem isn't fundamentally exchanges holding the coins, but rather, exchanges holding coins so irresponsibly currently.
The fact is that web wallets are available that are just as user friendly as coinbase that don't require you to do this. (trust a third party and/or stab yourself in the eye)
They know they need one; they have applied in other states, such as Florida. See https://archive.org/download/coinbasefloridamtl/20140415.coi....
Interestingly, Coinbase appears to offer false information to the State of Florida in item 6(A)(2) of its application, which has since been withdrawn. Coinbase did receive a subpoena in the NY DFS's investigation of various Bitcoin companies in August, 2013. See http://www.reuters.com/article/2013/08/12/us-digitalcurrency....
The exchange having insurance does relatively little to protect me against loss, even if it's a smart business move on their part to limit their losses to creditors in the event of a theft of inventory. That's only sane business, and it's a little crazy how long it took that to become normal in bitcoin.
It seems (naively) reasonable that the exchange could float something like 10k-20k policies of some mixture of 0.1btc, 0.5btc, and 1btc protection, depending on the level of activity in an account, and require that anyone holding more bitcoin than that in their trading account take out a separate policy for that amount or else acknowledge that they're only protected up to 1btc. (An additional corporate policy against theft of inventory seems reasonable, and likely would lower the rate on these separate policies, since the underwriter would know you could cover some degree of loss already, through that policy.)
Thinking about the numbers, it would only be ~$20 million of coverage to cover 50,000 customers (40,000 at 0.5btc and 10,000 at 1btc). This seems reasonable.
I have confidence buying from questionable online merchants using a credit card because I know I have a recourse if they are deceptive. I would say it's more of an issue of incompatibility between the systems rather than a real "flaw" in either.
So, where the money came from?