Coinbase today unveiled their multisig wallet product which will allow customers to store their bitcoin with the site while restricting the ability for Coinbase and others to move the coins unbeknownst to the customer. Coinbase stated that they underestimated customer demand for such a product.
Multisig Vault creates three keys, two of which are needed to send bitcoin from the vault. Coinbase retains control of one key, the customer a second, while the third key is controlled by both Coinbase and the customer but is encrypted with a password that only the customer knows. In the event that the customer loses their keys, Coinbase will be unable to retrieve the bitcoin, setting the stage for what might become a customer service nightmare for them.
Coinbase have also released a free open source tool which can be used to recover bitcoins in the event that Coinbase shuts down or is unavailable for whatever reason. That tool is available here.
is for users that only use Coinbase to buy bitcoin and immediately transfer their coins out of their Coinbase wallet. These users can now buy coins straight to their Multisig Vault, so they will have full control of their coins at all times.
This might imply Coinbase have a vested interest to encourage users to maintain their bitcoin balance with them instead of moving the coins to an address completely outside of their control.
When questioned on the security of the service, coblee continued:
If your computer is compromised at the time you are creating your multisig vault, the hacker would be able to get your backup keys and your credentials. This is also the case if you are creating a paper wallet.
A paper wallet can in fact be created from a computer that is not connected to the Internet. Charles Lee either misspoke or is purposlely misleading users in order to encourage their use of Coinbase as a place to store bitcoin.
On their blog, Coinbase state:
We think this will greatly improve bitcoin adoption amongst institutions and high net worth individuals looking to store larger amounts of bitcoin securely.
Is multisig vault nothing more than Coinbase manufacturing insecurity in an attempt to encourage more people to store more bitcoin with them? Time will tell.