Coinbase is among the most popular cryptocurrency exchanges. It was founded back in June 2012. Since then, Coinbase has grown to over 10 million users and has traded over $50 billion. It is based in San Francisco, California, which means Coinbase must adhere to U.S. regulations. As such, Coinbase offers a few extra security measures and protections that other exchanges don’t. Even so, you should do some research into how safe Coinbase is before using the platform.
This article deals with Coinbase security, if you’d like to find out more about this exchange then see our full review and comparison we carried out of Coinbase vs GDAX.
What Security Measures Does Coinbase Have in Place?
Among other security measures, Coinbase stores 98 percent of customer funds offline, preventing loss or theft. Not only are the funds offline, but Coinbase distributes its Bitcoins geographically around the world in vaults and safe deposit boxes.
In terms of data security, Coinbase takes multiple steps to provide protection. Instead of storing sensitive data on servers, the platform has that data disconnected from the Internet so it is not as easy to hack. For further security, the data is split with redundancy and encrypted with AES-256 before being copied onto paper backups and FIPS-140 USB drives. Just like the funds, those paper backups and USB drives are also geographically distributed throughout vaults and safe deposit boxes spread around the world.
Additionally, Coinbase requires all user accounts to have two-step verification, something that most exchanges just highly encourage instead of requiring. This requires users to get a code from their mobile phones for logging in and other specific activities in addition to using their password and username. This extra requirement makes it significantly less likely that an account will experience hacking.
To round out the security, Coinbase follows best practices for the payment industry, including running all website traffic over https encrypted SSL. Additionally, all private keys and wallets have AES-256 encryption.
Security Measures as an Organization
In addition to security measures for funds and the platform itself, Coinbase has additional precautions in place regarding employees and the organization as a whole. During the hiring process, all employees have to pass criminal background checks. They must also encrypt the hard drives they use, enable screen locking, and use strong passwords. Finally, Coinbase uses separate passwords along with two-step verification for every service and device.
What Security Steps Does Coinbase Have in Its Application?
As a prevention measure against CSRF attacks, Coinbase uses SQL injection filters for verifying POST, DELETE, and PUT requests’ authenticity. It also limits the rate for some actions on the website, such as login attempts. Coinbase additionally whitelists attributes across models so there are no mass-assignment vulnerabilities.
What Additional Authentication Security Measures Does Coinbase Use?
In terms of security with authentication processes, Coinbase hashes passwords in its database, using bcrypt along with a 12-cost factor. When a user creates an account or resets his or her password, Coinbase checks for strong passwords. Finally, it stores application credentials separately from the code base and database.
Coinbase Custody
So sure are Coinbase of their security they recently started offering a custody service for institutions. This is a offering which charges a setup fee of $100,000 and a minimum holding of $10million so you can see it is aimed at banks, hedge funds and other finance institutions who would require such a service.
Coinbase Bug Bounty Program
The Coinbase Bug Bounty Program is yet another way the platform keeps customers safe. It rewards developers for finding bugs related to software securities. This encourages developers to test the software regularly to ensure security is up-to-date without having to use valuable internal resources.
Just recently Coinbase rewarded a Dutch company with $10,000 for disclosing a bug which would have allowed people to grant themselves with extra Ethereum currency on the platform.
What Insurance Does Coinbase Offer?
Insurance covers all of the digital currency Coinbase stores online. In case of an online storage breach, the insurance would cover lost customer funds. As an added precaution, less than two percent of all customer funds are online. The insurance policy covers cybersecurity, physical security, and employee theft, but not individual account compromises.
Keep in mind that because a digital currency is not a legal tender, it is not government-backed and not covered by protections from the Securities Investor Protection Corporation or the Federal Deposit Insurance Corporation. The cash balances, however, are. This means that U.S. residents have coverage from FDIC insurance for their Coinbase USD Wallet of up to $250,000.
Coinbase also stores fiat currencies in either custodial bank accounts or U.S. Treasuries in the United States. Outside of the U.S., these currencies are in segregated custodial bank accounts. As such, even if Coinbase as a business were to fail, the company and its creditors could not claim those funds, and Coinbase customers would get their funds back.
How Does Coinbase’s Regulation Improve Security?
Coinbase is regulated and complies with all the regulations and laws within every jurisdiction it operates in. It has a license for money transmissions in the majority of U.S. jurisdictions. Additionally, it is registered with FinCEN as a Money Services Business.
How Can You Protect Yourself When Using Coinbase?
To protect yourself when using Coinbase, make sure that you never share your password, login credentials, or two-factor authentication codes. Customer support or other Coinbase staff will never ask for this information. Additionally, make sure you contact Coinbase customer support via the real number or other contact information on its website. Fakes are increasing in number, so do not trust what you find on a search engine without further research.
In terms of your password, create a unique, complex password unlike those you use on other websites. You should also change the password every three months or so for added security. Don’t forget to take full advantage of Coinbase’s two-factor authentication, and consider adding it for sending money. Keep in mind that TOTP applications, such as Google Authenticator, are more secure than the SMS method for 2FA codes since a phone porting attack can compromise your phone number.
If you ever have doubts about your account security or potential hacks, view your IP activity in your security settings. This will show your verified devices and IP login activity.
For the ultimate protection of your cryptocurrencies, we recommend that you use a Hardware wallet such as a Ledger or a Trezor.
Conclusion
Overall, it is easy to say that Coinbase is a very safe platform. Just keep in mind that you will do best if you do not actually store cryptocurrency on Coinbase, as this is not what it is designed for. As a crypto trader or investor, your best option will always be bringing your crypto onto platforms like Coinbase just for trading or selling and storing them in a safe hardware wallet.
During your trading activity, you can be sure that Coinbase is one of the safest and most secure exchanges available at the moment, they have never suffered a hack and are leading the industry in security measures.
