Coinbase: Put Your Private Keys on the Cloud, Community: Wait, What?!
Major cryptocurrency exchange Coinbase wants their users to backup an encrypted version of their Coinbase Wallet’s private keys to your personal cloud storage accounts, using either Google Drive or iCloud. However, the community is worried that cloud storage is far from secure enough and that Coinbase is teaching bad security to their users.
“This new feature provides a safeguard for users, helping them avoid losing their funds if they lose their device or misplace their private keys,” explains the blog post by the company. “The private keys generated and stored on your mobile device are the only way to access your funds on the blockchain [...] Now, with cloud backup, we give you the ability to store an encrypted copy of your recovery phrase on your personal cloud account. You will only have to remember a password, that you decide, in order to recover your funds. If you lose your device or get signed out of the app, you can easily regain access to your funds with the combination of your personal cloud account (iCloud or Google Drive) and your password.”
The blog post goes on to explain that the backup is encrypted and can only be decrypted by the use of the password: “Coinbase will not have access to your password or funds at any time, preserving your privacy and control. Your cloud backup provider will also not have access to your funds, as only you know the password that decrypts your encrypted recovery phrase.”
However, the community and competitors are not sold on this. Jesse Powell, co-founder and CEO of cryptocurrency exchange Kraken, tweeted:
I am not a fan of training users on bad security. Cloud storage, while convenient, is constantly compromised, especially with all the SIM porting. 99% chance the people who would unwittingly use this do not have passwords strong enough to withstand professional cracking. #SFYL
I want to see someone actually test this out to see what the passwords are restricted to.
What's the maximum amount of characters the app lets you use? What characters can't you use? etc
See StopAndDecrypt's other Tweets
Others are not mincing words. “Everyone mark this tweet so we can come back and laugh during the next cloud hack,” wrote Twitter user @ChartofWar, while popular Twitter influencer @TheCryptoDog writes, “I don't understand, how do you misunderstand your target audience so bad?”
Twiter user @Ibelite found a middle ground, however: “I would urge coinbase to use their technology for backup of private keys instead of offloading the risk to third parties who are not equipt [sic] with the same level of sophistication.”
Meanwhile, yesterday, CEO of major cryptocurrency exchange Binance, Changpeng Zhao (CZ) argued that “the majority of the population today are not able to keep cryptocurrency securely on themselves”, suggesting that it's safer to store your private keys on a "good cryptocurrency exchange." However, many in the cryptoverse think it's an “absolutely horrible advice.”
Source Link
0 Response to "Coinbase: Put Your Private Keys on the Cloud, Community: Wait, What?!"
Post a Comment