[jafaku]

> This means 98% of customers don't have multisig control over their coins, since multisig-protected coins can't be put into offline storage.

What makes you think you can't use multi-sig and offline storage at the same time? That's just false. You don't need an internet connection to sign a multi-sig transaction.

But I agree on everything else: 98% of funds aren't insured, and to me Coinbase has always been just another Rails startup (not necessarily a bad thing, but they made tons of mistakes typical of having web developer talent only).

[sillysaurus3]

Well, the goal of multisig is to retain control over your own coins. If someone can take your coins offline, then you no longer have control over them.

Here's an explanation of multisig: https://bitcoinmagazine.com/11108/multisig-future-bitcoin/

Multisignature escrow works as follows. When Alice wants to send $20 to Bob in exchange for a product, Alice first picks a mutually trusted arbitrator, whom we’ll call Martin, and sends the $20 to a multisig between Alice, Martin and Bob. Bob sees that the payment was made, and confirms the order and ships the product. When Alice receives the product, Alice finalizes the transaction by creating a transaction sending the $20 from the multisig to Bob, signing it, and passing it to Bob. Bob then signs the transcation, and publishes it with the required two signatures.

In this case, Bob is Coinbase and Alice is you. Alice plus Martin always retain control over the coins, so Bob alone can't take them offline.

The way that a multisignature wallet works is simple. Instead of the Bitcoin address having one private key, it has three. One private key is stored semi-securely, just as in a traditional Bitcoin wallet. The second key the user is instructed to store safely (eg. in a safety deposit box), and the third key is stored on the server.

Basically, the user would be the one storing it in offline storage, not Coinbase. But since Coinbase is claiming 98% of coins are stored offline, that means at least 98% of coins aren't using multisig.

EDIT: Thank you to kanzure's comment below. Updated.

[jafaku]

The goal of multi-signature is to decentralize the ownership (or control) of the coins. In the case of Coinbase's offline storage, they could very well be using multi-signature (and they probably are) so that no single employee can run with the coins. Instead, every time they need to refill their hot wallet, the three or five or whatever employees needed to sign the the transaction have to agree and provide their signature.

Edit: Actually, apparently they aren't using multi-signature internally: https://news.ycombinator.com/item?id=8948337

[sillysaurus3]

I agree that Coinbase itself should be using multisig, but the point of my comment is that if customers themselves aren't using multisig, their coins' fate is completely in Coinbase's hands. And Coinbase multisig won't save those coins from tech problems, willful theft, or a breach in their security model. Multisig offers you no benefits if you're not the one in control.

Are you sure you want to trust your fortune to three or five employees?

[jafaku]

> Multisig offers you no benefits if you're not the one in control.

That's a little extreme. I would trust a lot more in five employees than in one. If done right, each one of them could even not know who the other employees are.

> Are you sure you want to trust your fortune to three or five employees?

I wouldn't trust anyone with my precious coins :p. I'm just saying the same way we (supposedly) decentralize control on nuclear bombs, we can decentralize control on bitcoins. I feel safer knowing that no single soldier can launch a nuclear bomb, even if I don't have any control over that.

[jsprogrammer]

What happens if one of the five employees loses their key? Aren't you increasing the risk of bricked coins with each signature that you require? Do you really want your coins to be at risk of brick by three or five CoinBase employees?

[jafaku]

Then make the scheme 4 of 5, or 3 of 5. Besides, the company could keep a backup of the keys in physical locations, and secure them with traditional physical security.

[kanzure]

> But since Coinbase is claiming 98% of coins are stored offline, that means at least 98% of users aren't using multisig.

Almost... you should say instead: "that means at least 98% of coins aren't using multisig" because without having their internal account metrics it is wrong to assume to that 98% of Coinbase users deposited 98% of BTC at Coinbase...

[bsmith]

> . . . to me Coinbase has always been just another Rails startup (not necessarily a bad thing, but they made tons of mistakes typical of having web developer talent only).

Re-read that with the word 'internet' in place of the word 'Rails.'

[jes5199]

and you get the same level of confidence. Internet startups just don't have the quality necessary to be banks.

[lordnacho]

>but they made tons of mistakes typical of having web developer talent only

What do you mean by this?

[danielweber]

I read it as "a bunch of front-end devs who have no idea what the back-end is doing."

Which, in many cases, is A-OK. If lots of developers don't ever learn to write their own SQL queries, that's not that bad. There are lots of things to learn out there, and by necessity any professional is going to have lots of stuff she doesn't know. Doctors and lawyers specialize out the wazoo.

But when it comes time to realize that you had the wrong version of SQLAlchemy installed and now strangers can pass in arbitrary SQL code via any LIMIT parameter you exposed, and you are sitting there wondering "huh? whu?", well, that's probably not the end of the world for your cat-picture site. But if you are handling money, you need to know what's going on.

[jafaku]

For example: You can only have so much security if you don't have security experts. Same with every other area. I don't remember the details now, but their first iterations were pretty lame.

[benjaminjackman]

Well for one example this exchange is really poorly designed in several ways with respect to the standards and expectations set by other exchanges.

Though the benefit of the web-developer talent is that is also years (perhaps decades) ahead of them in others.