Quick question: What's preventing Coinbase from shutting down operations tomorrow and walking away with everyone's money, as MtGox walked away with mine?
Or, what if the founders orchestrated some sort of disaster wherein all of the coins are claimed to be lost, but in reality they're simply transferred to the founders?
I know they wouldn't actually do that. My question is, what's stopping them? Why wouldn't someone try to do that, other than their morals?
Nothing, so most people should use Coinbase the same way they use a grocery store: buy what they need and take it somewhere else. Unfortunately most people do not know enough to do that. I wrote a blog post about it if you're interested.
False. Theft is against the law. Bitcoins don't magically avoid being subject to existing law. The owners are known and subject to US jurisdiction, you have legal recourse through the courts should they try and steal your funds.
The law doesn't prevent you from committing crimes. It certainly did not prevent Mt. Gox from making bitcoins disappear.
If that happens and you need to go to court, good luck proving that an exchange stole your coins. We haven't even seen Mt. Gox play out yet. Suppose they actually stole everyone's coins. Can someone prove it wasn't a hacker or a software bug? Time will tell.
> The law doesn't prevent you from committing crimes.
That wasn't the question, the question was what's to stop them and the answer I objected to was "Nothing"; that's false, the law is not nothing. What's to stop most bad behavior... the law.
No... what stops most bad behavior is _consequences_. The law applies to everyone, but the consequences for breaking them don't.
We will see what(if any) consequences are placed upon MtGox. Personally, I still can't see how MtGox will be found liable of anything. Bitcoins aren't protected under any law and nobody said it was okay to trade your hard-earned government-backed fiat for some magical interwebz money. It might as well be fairy wings & unicorn tails. Don't get me wrong, I'm into crypto-coins and willing to lose up to 7k on them... but I fully understand that my coins could disappear in the next 5 mins due to any number of reasons and I have absolutely nobody to blame but myself.
The law is what defines the consequences, your pedantry is pointless.
> Bitcoins aren't protected under any law
False. Just because something is new doesn't mean existing laws don't apply to it. Bitcoins are property and property is protected by law regardless of when said item was invented. We don't have to create new law to cover every new invention man decides to own.
I disagree with you... but we'll see how it plays out with MtGox.
In the eyes of the law, I don't think bitcoin is your property anymore than buying a special weapon on Eve Online with fiat-money is your legal property. Maybe it should be, maybe it will be, but today that's not the case.
Or maybe I'm completely wrong... Has anyone sought legal action on financial loss related the value of an item inside Eve Online? Or any virtual item in any system?
A straight scam I understand, but say you purchased a bunch of rare swords & armor in some online game then next month the server crashes and all players lose their virtual items and the gaming company goes bankrupt. Is the company liable?
The law is fairly obviously not an answer though, given the context. The original question specifically asked what stops Coinbase from shutting down and taking everyone's money like MtGox did. It was just as illegal when MtGox did it, yet it happened anyway. (Actually, most of the other answers have the exact same problem.)
If there is evidence that MtGox was complicit in the loss of their customers' Bitcoin, someone will go to jail, regardless of the jurisdiction. It's plain old theft.
The fact that public outrage is required to get their attention when dealing with such large amounts of money doesn't inspire confidence. Your example is a good example of bad customer service, not something good to credit them with.
Lots of people in this thread seem to think that there is either no incentive for Coinbase to conduct their business legitimately, or that the law is the only incentive. That ignores the much more obvious and presumably stronger incentive: they should be able to make a lot more money as a legitimate business than if they just ran away with one lump sum.
That relies on the assumption that they will not suffer a tremendous loss due to a rogue employee, a software bug or a malicious hack.
If they found themselves in a situation in which they are certain to go out of business as soon as people find out that they are in trouble, that motivation would cease to exist. It would come down to ethics, reputation, pressure from investors, etc.
Sure, Bad Things™ could happen at Coinbase like they did at Gox. However, I think it is reasonable to trust Coinbase more than Mt. Gox. If you looking to Mt. Gox's history there are many signals that suggest general mismanagement and dysfunction.
This is in no way rigorous but consider User Interface design as a rule of thumb. Gox had an ugly unintuitive site. Coinbase on the other hand has a polished UI. This attention to detail suggests that the people who operate Coinbase are very different from those who operated Gox.
The mistrust in Coinbase line of thinking seems similar to fear and paranoia about terrorism. Could a bad actor acquire and use agency to do something horrible like obtain a dirty bomb and set it off? Sure, it is possible. But at the same time it is very unlikely. People GENERALLY want to be good actors and make a positive impact on the world.
With Mt. Gox I am more inclined to think their problems stemmed incompetence rather than malevolence.
... Most places have extradition treaties with the US or US-allies. I'm sure it wouldn't be hard to find one Coinbase user not in the US, then use that country's extradition.
The promise of future profits amounting to more than what they would walk away with today, gained in a somewhat more respectable fashion. If they become the leading wallet in the world, they're sitting on a goose laying golden eggs. Doesn't make sense to slaughter it today for dinner.
These guys are known — like the guys at Mt Gox. They're not anonymous, and they would run a real risk of bodily harm by such a public crime.
The promise of future profits amounting to more than what they would walk away with today
That's exactly the same argument I used to justify why MtGox wouldn't shut down, almost word for word. It's the same argument I used to convince myself why they wouldn't shut down. They still shut down.
They're not anonymous, and they would run a real risk of bodily harm by such a public crime.
So we're relying on mob justice? Also, Mr. Karpeles hasn't been harmed and probably won't be.
Or, it could be that Mr. Karpeles hasn't been harmed for a common sense reason; right now, he's the only one who seems to know what's going on inside of Mt.Gox, and what the actual status of the missing BTC is. If he comes out and announces that all of the customers' coins are irretrievably gone, then all bets are off.
(No, I don't want to see harm come to him, and I don't mean that comment above as a threat. What I do know is that there's a very strong chance that at last some of the BTC he lost/stole/squandered/etc. was owned by people who don't settle things with a lawsuit and a lawyer. Maybe it is unlikely, but it's something that I would be concerned of, if I was in his shoes right now)
The jury's out on whether MtGox took the money and ran or lost the money and hid, right?
I'm not saying we should rely on mob justice. I'm saying that the risk of reprisal is a perfectly understandable reason not to commit certain crimes. These guys are public figures and would be easy targets for people who want to harrass or harm them, unlike for example a mask-wearing bank robber whom nobody can identify and who stole only the bank's money.
Why put yourself in a position where you need to worry about that happening?
Keep the bulk of your BTC in a private wallet under your exclusive control and only use the intermediary provided wallet when you need to make a trade through their platform/exchange. You're still exposed while a trade is being executed but your maximum exposure is never more than the amount you are trading at that time.
You wouldn't deposit your life's savings with a new, unknown bank based out of a tiny island state with lax/non-existent regulation. Don't do the same with your BTC.
I'm not sure what your point is. My best guess is that you're implying that the only reason people don't do things that are illegal is the fact that they are illegal. If I'm wrong, please correct me, and disregard the next paragraph.
I see two problems with this point. Firstly, while I'm not entirely sure how the legal system in the US works, but I suspect it would be illegal for Coinbase to shut down and run away with everyone's Bitcoins. I doubt that USD is the only asset that is legally protected from theft/fraud. Secondly, I suspect that Coinbase has a huge incentive to not do this even if it were legal to do so. Namely, they should be able to make a lot more money by conducting their business legitimately and continually than if they ran off with one lump sum.
> they should be able to make a lot more money by conducting their business legitimately and continually...
You're not the first person to make this point. It is not necessarily true. What if the amount they could run off with is huge and their margins are tiny, or they are losing money?
- They are in SF so I can walk/bike/bus to their office; for whatever good that does me. Didn't do that one dude any good going to MtGox's Japan office. =/
- They are YC backed, so that means pg knows about 'em. That adds a "gold star" in my book in that they must have passed some kind of filter to get into YC; that they're not just plain scammers, unprofessional or woefully uneducated about security on the interwebz.
All that said, you still shouldn't leave a huge amount of coins on an address that you don't exclusively hold the private key to. 1 or 2 bitcoins, meh. Day-trading with 50 BTC? Risky, but okay I guess. Those crazy amounts I saw on that gox-horror Reddit thread, like 100+? Some people in the THOUSANDS?!!! That was a bad decision. That needs to be some place else. Coinbase.com may have the most honest people in the world, but I also believe hackers are extremely talented people and hundreds of bitcoin is adequate motivation for a certain subset of hackers to pour all their energy into breaking coinbase. I'd love for Coinbase.com to talk about all the strange hack attempts they must see against their service every... minute.
I day trade on btc-e.com with 1k USD and my rule is to never have more that 2k on there. If I reach 2K, I buy 1k's worth of bitcoin --> send to coinbase.com --> cash out. Repeat again with the 1k remaining. I could try and turn 2k into 4k, but that's a risk I'm not willing to take. I'm happy with my 1k units of profit.
Simple - because YC, a16z, USV, SV Angel, etc all have skin in the game.[0] There are some serious people with some serious money who have reputations to uphold. AFAIK Mt. Gox had none of that.
Well, I suppose there are legal implications: that's known as "theft". Also there are the morals of every other employee... I believe Coinbase is set up with standard controls so no one person can steal funds without it being obvious to (and preferably requiring the cooperation of) other employees.
I would ask a similar question: What's preventing Nationwide Insurance, Chase Bank, and e-Trade from shutting down operations tomorrow and walking away with everyone's money? The biggest difference between these institutions and MtGox is that these institutions all have regulators who have the power to (in extremis) take over the operations of the institution if it begins to show the same kinds of trouble that MtGox showed for quite some time before its collapse. Coinbase is not currently subject to any such regulation.
Third option would also be actual negligence which is an interesting case because people are used to dealing with banks and do not realize that they will not get their money back. Im not suggesting FDIC style protection for Bitcoin exchanges is a good idea, but that is just what people are conditioned to expect and I think that is why so many people leave their money in exchanges like Coinbase or MtGox.
Because they run what I suspect to be a fairly lucrative business which, if operated competently, should make them a lot more money in the long run than if they just stole everyone's bitcoins?
You're right, the surety bond system is fundamentally flawed. But it's $9 million more in security (in California, since different states have different bond requirements) than Coinbase has.
I've advocated for an FDIC-like system for money transmitters, run by CFPB or some other entity, for three years. Congress is hard to reach these days.
Nothing. And good luck finding their worldwide "cold storage" locations. They're apparently not in the United States, and not required to disclose them to any regulator.
Considering any positive comment will be buried deep under in HN, I think it's important to celebrate this success. Price of Bitcoin is meaningless, all other metrics seem to point to higher and higher adoption of this new technology. Great news!
The main reason I chose to buy BTC through Coinbase is because they're funded by A16Z and USV. Very prominent and influential investors that would also come under scrutiny if anything nefarious happened internally.
This is the correct answer. FDIC insurance is needed because when you give your money to a bank, they turn around and lend it out to other people, so when you want to withdraw they may not be able to collect enough to pay you out.
I suspect when you deposit 10 BTC in Coinbase, they actually just hold it for you. Honestly, given how volatile Bitcoin is, and the general upward trend, it would basically be insane for them to try to invest it in any other assets.
Maybe FDIC insurance specifically doesn't make sense for Bitcoin, but it can still be lost or stolen in a full-reserve model and thus should be insured.
I've often wondered the same. Section 1.1 of their user agreement:
"1.1 Coinbase helps you make payments to and accept payments from third parties. Coinbase also provides a bitcoin wallet service where you can store your bitcoin. Coinbase also allows users to buy and sell bitcoin. Coinbase is an independent contractor for all purposes. Coinbase does not have control of, or liability for, the products or services that are paid for with Coinbase services. We do not guarantee the identity of any user or other party or ensure that a buyer will complete a transaction. Coinbase is not a money transmitter. Coinbase assists its users in Bitcoin transactions."
You hook up a bank account, "transmit" funds from a bank, receive virtual currency (and in reverse) but they are an independent contractor, assisting with the process. Very interesting approach.
A simple person might say the service very much looks like a money transmission, money exchanging business. The fees for acting as a money transmitter without licenses is supposedly up to $1k/incident.
"Coinbase is not a money transmitter" is a demonstrably false statement in violation of the Lanham Act, 15 U.S.C. § 1125(a)(1)(A). You can find Coinbase's registration with FinCEN as a Money Services Business at:
I have personally never understood the criticisms of new things of the form "<new thing> doesn't provide the service that we've had for years with <old thing>!" IT'S NEW AND DIFFERENT, GIVE IT A CHANCE.
> That's one million consumer accounts with no FDIC insurance, no surety bonds, and no other backstop in the event of a problem.
All of which were created voluntarily by customers, which indicates that there is demand in the market for different types of asset/currency, some of which might not have FDIC insurance or any of those things.
Financial accounts. One person can have many bank accounts. I would guess they're using the word "wallet" to avoid regulatory scrutiny that might be applied to financial accounts. People might feel like "wallets" can get lost or stolen. "Accounts" shouldn't.
> People might feel like "wallets" can get lost or stolen. "Accounts" shouldn't.
That's exactly why the term "wallet" should be used. This is cash, and should be treated accordingly and thought of accordingly. Terms like "wallet" help people develop a reasonable mental model that fits reality.
> That's exactly why the term "wallet" should be used. This is cash, and should be treated accordingly and thought of accordingly.
Cash held by someone else on your behalf is an account (even if it is physically stored in their wallet).
So, sure, bitcoins are in a sense analogous to physical cash, and bitcoin wallets are in a sense analogous to physical wallets full of cash -- but some third party business who keeps bitcoins in their own wallets and contracts with you to transmit them according to your instruction is providing you with an account, not a wallet.
how are they able to guarantee an exchange rate? aren't they exposing themselves to the huge fluctuations in bitcoin price (though the price seems to have stabilized recently)? for instance, there were some days this month where the price fluctuated by more than 40%. somehow the price and volume must work out where this is a calculated risk to cultivate the broader bitcoin ecosystem. would love to see some numbers if anyone has any ...
I suspect they don't need to expose themselves because they are holding large amounts of both Bitcoins and cash, so they can simply sell them to people at whatever price they want to. It's not like they take your USD and then have to run out and buy Bitcoins to cover them. They do have to worry about the value of their Bitcoin and USD holdings becoming worthless, but that's something all Bitcoin and USD investors have to worry about.
If they are taking some risk, by making commitments that they don't have backed with currency, it's trivially easy to calculate their exposure and figure out how high their fees need to be to cover it. That's a problem actuaries solved decades ago. Currency exchange is not a new business.
I realize it's all startup-y to pat yourself on the back about growth, but aren't you painting a target on your back for those that want to perform the next heist?
Pretending they're tiny and poor isn't a long-term strategy for becoming a mainstream, trusted brand in e-commerce. Security is one front they need to win on, just like every other successful payment processing business; they can't hide and become big at the same time.
Any prominent Bitcoin site is going to be the subject of continuous attacks at this point. If Coinbase has vulnerabilities like Gox did, chances are they'll get found.
That's what mtgox said too, I believe their figure was 98%:
On average 98% of customer bitcoins are held in cold storage...Offline wallets are generated from an offline system and kept in paper format in three separate locations, using a technology based on raid.
But of course, they weren't really in cold storage or offline after all, because somehow they all disappeared...
Not that I mistrust coinbase specifically, but without insurance, audits and regulation (i.e. without a banking license), I'm not sure I'd trust anyone to store significant amounts of money.
Banks that hold large amounts of cash either insure it against fire/flood/theft or self-insure with other assets - what is Coinbase's plan if these cold-storage coins are destroyed, either by malicious attempt or disaster? That link shows the coins are locked away, are apparently not accessible, but how safe are they against actual loss?
As I understand it if security is done correctly then "stealing bitcoins" amounts to breaking strong cryptography. At this point nothing indicates that the elliptic curves or the cryptographic hashes (SHA-256, RIPEMD-160) used in Bitcoin are at risk.
Under the assumption that the crypto used in Bitcoin is safe, there's, for example, nothing an attacker can do to spend the coins in offline wallets. Not even a 50%+1 attack that'd be sustained for days...
If anything, the recent fiasco with Gox (which is more than shaddy) gives me lots and lots of confidence in Coinbase to do "the right thing".
Now I'm not saying they'll never get pirated or anything like that. But Bitcoin implemented correctly seems to be very safe and there are many people out there who have bitcoins which are "sleeping" safely on offline wallets in deep cold storage.
Most people holding bitcoins and most companies like Coinbase only need a fraction of their bitcoins "online" to be able to operate. And even for those bitcoins I take it Coinbase is taking security very seriously.
Yeah, we'd hope they have some serious M-of-N key system in place to safeguard access to the wallets.
The biggest thing that gives me pause about Coinbase is their decision to use MongoDB. There may be a reason, but I certainly can't find one. Their use case is perfect for proper, old-fashioned, reliable RDBMS. They've also had a fair amount of customer service issues, including "we rebooted and our job queues didn't run anymore" problem where they tried to rip that guy off.
Even so, the security of the offline wallet is so important, you'd think their investors will have insisted on some auditing and third party implementation. Maybe some of the big wallets are even partially held by outside people.
Or, what if the founders orchestrated some sort of disaster wherein all of the coins are claimed to be lost, but in reality they're simply transferred to the founders?
I know they wouldn't actually do that. My question is, what's stopping them? Why wouldn't someone try to do that, other than their morals?