The popular cryptocurrency exchange Coinbase has launched a new feature for its stand-alone digital asset wallet. The software will offer users the ability to back up their private keys using either Google Drive or iCloud.
The idea is to give users of the Coinbase Wallet a safety net in the event that they lose access to the device upon which the software is installed or happen to misplace their private keys somehow. However, some in the cryptocurrency community have highlighted that the saving of private keys on cloud storage services could expose users’ funds to additional threats.
Cloud Storage of Keys Comes to Coinbase’s “User-Controlled” Wallet
San Francisco-based Coinbase is one of the few exchanges to launch its own wallet software, helping promote the kind of monetary sovereignty Trace Mayer’s “Proof-of-Keys” event championed on the 10th anniversary of the Bitcoin network going live. Users of the Coinbase Wallet are the sole holders of their private keys. As such, they potentially enjoy a much higher degree of security than those choosing to leave money on centralised exchanges, which are prone to hacks and other security breaches.
The latest feature launched for the Coinbase Wallet is a built in option to back up the user’s private keys to either Google Drive or iCloud. This is supposed to provide them an additional way to access their cryptocurrency holdings should they lose access to the wallet for some reason.
According to a Coinbase blog post, copies of the private keys stored to the cloud will be encrypted and require the wallet’s password to access:
“Your backup is encrypted with AES-256-GCM encryption and accessible only by the Coinbase Wallet mobile app. The backup can only be decrypted using your password.”
The post goes on to state that Coinbase will not have access to users’ passwords or funds at any point when using the wallet. They also state that the cloud service provider will not have access to either since the keys can on only be decrypted with the user-set password.
Coinbase says that it still encourages users of its wallet software to backup their private keys manually. The post also reminds users of the importance of using two-factor authentication as an additional security precaution.
Optimisation for Convenience Always Costs Some Security
Not everyone is impressed with the latest update for the Coinbase Wallet. Podcaster and long-time Bitcoin proponent @WhalePanda Tweeted the following:
At the @coinbase team meeting: “What’s the dumbest thing we could come up with now that we’ve gone full shitcoin?”https://t.co/8JaLv8W7j4
— WhalePanda (@WhalePanda) February 12, 2019
In the comments to the above Tweet, other community members voiced their concerns about the update. One called it a “hackers dream”.
Others were more understanding of Coinbase’s stated motives in their responses but still called it a dangerous idea generally:
To be fair, it’s an encrypted backup. Unfortunately most people don’t bother making their passwords secure, and relying on there being no bugs with the encryption implementation just adds one more thing to worry about.
— ⚡Random Name (@username0ne) February 12, 2019
Others still argued that such user-friendly functions on digital currency wallets are necessary if Bitcoin and others are to see the sort of widespread adoption many in the space are hoping for:
If you want mass adoption, you have two options. Banks hold Bitcoin, so people can spend it with their Credit Cards or you simplify Wallets as far as possible, key backups are the most critical part.
— skiddi3 (@skiddi3_) February 12, 2019
Whilst it is certainly true that users of the Coinbase wallet opting to back up their keys to the cloud are creating an additional attack vector against themselves, for some the convenience will be worth the slight reduction of security. No cryptocurrency storage method is truly impenetrable and different types of users require different levels of security. Some are willing to sacrifice a little (or even a lot) for greater convenience. Providing they are aware of the additional risks, they should be free to make their own decisions.