Multisig Vault By Coinbase

Coinbase today unveiled their multisig wallet product which will allow customers to store their bitcoin with the site while restricting the ability for Coinbase and others to move the coins unbeknownst to the customer. Coinbase stated that they underestimated customer demand for such a product.

Multisig Vault creates three keys, two of which are needed to send bitcoin from the vault. Coinbase retains control of one key, the customer a second, while the third key is controlled by both Coinbase and the customer but is encrypted with a password that only the customer knows. In the event that the customer loses their keys, Coinbase will be unable to retrieve the bitcoin, setting the stage for what might become a customer service nightmare for them.

Coinbase have also released a free open source tool which can be used to recover bitcoins in the event that Coinbase shuts down or is unavailable for whatever reason. That tool is available here.

Charles Lee AKA coblee stated on reddit that a great use case for the multisig vault

is for users that only use Coinbase to buy bitcoin and immediately transfer their coins out of their Coinbase wallet. These users can now buy coins straight to their Multisig Vault, so they will have full control of their coins at all times.

This might imply Coinbase have a vested interest to encourage users to maintain their bitcoin balance with them instead of moving the coins to an address completely outside of their control.

When questioned on the security of the service, coblee continued:

If your computer is compromised at the time you are creating your multisig vault, the hacker would be able to get your backup keys and your credentials. This is also the case if you are creating a paper wallet.

A paper wallet can in fact be created from a computer that is not connected to the Internet. Charles Lee either misspoke or is purposlely misleading users in order to encourage their use of Coinbase as a place to store bitcoin.

On their blog, Coinbase state:

We think this will greatly improve bitcoin adoption amongst institutions and high net worth individuals looking to store larger amounts of bitcoin securely.

Is multisig vault nothing more than Coinbase manufacturing insecurity in an attempt to encourage more people to store more bitcoin with them? Time will tell.

2 thoughts on “Multisig Vault By Coinbase

  1. Someone who is willing to give a third party control over private keys is not going to consider the alternative of creating a paper wallet on an air-gapped machine. I do wonder why coinbase would encourage people to leave bitcoins in their vault. I suppose coinbase wants to make it easier for people to make payments using the coinbase wrapper, without having to go outside and fiddle with a local wallet. It does seem risky though. There's really no amount of insurance that would make me feel comfortable being coinbase, say 5 years from now, when the vault becomes a single super high-value target.

    • Here's a relevant bit of conversation:

      BingoBoingo: asciilifeform: And maybe people learn not to visit datacenters uninvited…
      asciilifeform: BingoBoingo: cut pipe from safe distance.
      BingoBoingo: Safe distance is a mystery though…
      asciilifeform: a datacenter that can't be diddled from a safe distance is also called 'a nuclear power'
      BingoBoingo: asciilifeform: Nothing I said contradicts that conclusion. At $900k/BTC a lot of things become possibilities

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>