Coinbase may be one of the most popular and well known startups in the bitcoin space, along with a handful of others that have received millions of dollars in venture capital in order to further develop and be a part of bitcoin and blockchain technology.
It’s an exciting time for bitcoin, where many companies are competing with each other to be king of the block [chain].
Coinbase has an important fiduciary responsibility; being custodians of customer funds, whether it’s bitcoin or fiat currency. And in a recent Medium article from Coinbase CEO Brian Armstrong, he explains just how Coinbase is building secure infrastructure to store bitcoin in the cloud.
In the article, Armstrong says that Coinbase “securely stores about 10% of all bitcoin in circulation.” At the time of this writing, there is about 15,500,000 coins in circulation. This amounts to $697 million in bitcoin that Coinbase says they store.
How Coinbase does it
The article is a bit lengthy, as Armstrong highlights that Coinbase has layered security with no single point of failure. This means two factor authentication for everything, and no one person has full access, but rather its split among multiple people in different locations with redundancy in mind. Using two factor tokens, such as a YubiKey is a crucial component to splitting responsibility. Another point of security is that not everyone should have SSH access and if they do, use two factor authentication and use special laptops for SSH access.
It’s also explained how that Coinbase stores 98%+ of the $697 million offline in “cold storage,” using various methods to generate private keys and store the coins. Audits are super important, just in case there is ever an incident. Think about the recent Shapeshift hack, where audit trails became one of the key pieces of information in tracking down their hacker.
There is obviously a lot more to it than this, so it’s highly suggested to read the article if you’re a bitcoin company (or not) that has fiduciary responsibility. There is also a YouTube video which highlights some of what Armstrong discusses in their approach to security.