Coinbase: Put Your Private Keys on the Cloud, Community: Wait, What?!
Major cryptocurrency exchange Coinbase wants their users to backup an encrypted version of their Coinbase Wallet’s private keys to your personal cloud storage accounts, using either Google Drive or iCloud. However, the community is worried that cloud storage is far from secure enough and that Coinbase is teaching bad security to their users.
“This new feature provides a safeguard for users, helping them avoid losing their funds if they lose their device or misplace their private keys,” explains the blog post by the company. “The private keys generated and stored on your mobile device are the only way to access your funds on the blockchain [...] Now, with cloud backup, we give you the ability to store an encrypted copy of your recovery phrase on your personal cloud account. You will only have to remember a password, that you decide, in order to recover your funds. If you lose your device or get signed out of the app, you can easily regain access to your funds with the combination of your personal cloud account (iCloud or Google Drive) and your password.”
The blog post goes on to explain that the backup is encrypted and can only be decrypted by the use of the password: “Coinbase will not have access to your password or funds at any time, preserving your privacy and control. Your cloud backup provider will also not have access to your funds, as only you know the password that decrypts your encrypted recovery phrase.”
However, the community and competitors are not sold on this. Jesse Powell, co-founder and CEO of cryptocurrency exchange Kraken, tweeted:
I want to see someone actually test this out to see what the passwords are restricted to.— StopAndDecrypt (@StopAndDecrypt) February 13, 2019
What's the maximum amount of characters the app lets you use? What characters can't you use? etc
Others are not mincing words. “Everyone mark this tweet so we can come back and laugh during the next cloud hack,” wrote Twitter user @ChartofWar, while popular Twitter influencer @TheCryptoDog writes, “I don't understand, how do you misunderstand your target audience so bad?”
Twiter user @Ibelite found a middle ground, however: “I would urge coinbase to use their technology for backup of private keys instead of offloading the risk to third parties who are not equipt [sic] with the same level of sophistication.”
Meanwhile, yesterday, CEO of major cryptocurrency exchange Binance, Changpeng Zhao (CZ) argued that “the majority of the population today are not able to keep cryptocurrency securely on themselves”, suggesting that it's safer to store your private keys on a "good cryptocurrency exchange." However, many in the cryptoverse think it's an “absolutely horrible advice.”
I use cloud storage but my service provider encrypts my entire account so only I have the master key. Even if they were breached the attacker would have to attempt to crack hashes just to gain access to my files. I also use a password manager that encrypts the password file.— Kybernetx (@Kybernetx) February 13, 2019
Ummmmmmm nah. pic.twitter.com/JcOfwNQ2fQ— Michael Nye (@CryptoShillNye) February 12, 2019
Encrypted— Rafa Jiménez (@rseibane) February 12, 2019
Kinda the opposite of what crypto wants to do. pic.twitter.com/QaRnFUK4kC— the_ETHernal_1 [Jan/3➞₿ 🔑∎] (@the_ETHernal_1) February 12, 2019