This week Coinbase conducted an Ask Me Anything (AMA) on the Bitcoin subreddit.
With a leading player like Coinbase, these community outreaches are bound to be popular. Several members of the Coinbase security team joined this AMA which revealed a lot about the direction of digital assets and blockchain technology.
Coinbase recently added ETH to its wallet platform, making it the first alternative blockchain token supported. Because of this, the Ethereum community took a strong interest to this AMA thread. The founders have both expressed glowing endorsement for Ethereum and have been vocally bullish on its potential.
Coinbase engaged both the Bitcoin and Ethereum communities in the AMA thread by addressing a lot of key issues. Some were skeptical of Coinbase’s decision to add Ethereum support to its wallet. Those skeptics felt that it was a rushed implementation, which only added difficulties to the platform. Complexity is unwanted within Coinbase since it is a key platform for new and novice users.
Coinbase reaffirmed their position on ETC in a substantial way, stating there was no planned ETC support. Coinbase did admit they completely misjudged how the Hard Fork would be handled. According to one Coinbase employee, the hard fork, it was assumed, would “quickly fade.” They did lose forty thousand US dollars as a result of replay attacks, but they were quick to assure customers that everything was taken care of properly.
As the questions got a little deeper, specific issues regarding Ethereum support went unanswered, which is not unusual for an AMA of this nature.
Coinbase’s security impacts the Ethereum and Bitcoin community equally. This was the other hot topic in the AMA. With the recent Bitfinex hack making mainstream news, everyone became interested in security. Key companies in the space are under increasing scrutiny. In turn, Coinbase laid out some interesting and novel security approaches.
As far as digital security is concerned, they laid out their best practices. Security team member, rob_coinbase responded to the thread with these 5 key areas:
- Datacenters- Datacenters deal with physical, control plane and logical access to either bare metal or VMs. If your datacenter has any single staffers that can directly access a significant amount of funds through any of those channels, you’re going to have a bad time. It’s unfortunately hard for small providers to solve this without a big or bureaucratic staff. We run on a bigger provider (AWS) and work closely with their security team to use their services in such a way that we’re confident no single insider could access the funds we have online.
- Surface Area- Reduce the surface area of your key material so it never touches areas that individual staff could access. Don’t run multi-tenant, disable memory swapping and encrypt anything in-transit or at-rest that leaves your trusted zone.
- Consensus- Where key material can be accessed, protect with consensus. We rely on multiparty crypto like shamirs to ensure that no single person can access our key material or the systems that touch it.
- Sign- Every request, piece of code or update that enters the trusted zone must be audited and cryptographically signed or verified. SHA2 or Docker Notary are your friends here.
- Crypto Solutions- We’re looking forward to the next steps of homomorphic operations and expanded secure enclaves like Intel’s SGX that will protect code, operations and data from insiders and admins.
Coinbase is at the forefront of technology and business development in the blockchain space. What they say and how they interact with their user-base matters a great deal. It will be interesting to see how they continue to interact with the Ethereum platform and community.