Connect with us


The Huge Coinbase Experiment



Yesterday, we saw a huge announcement from the leading cryptocurrency exchange in the United States, Coinbase, who are now embarking on a year long study that aims to totally transform the way users of blockchain technology control their data and personal information.

One of the biggest ironies in cryptocurrency is that whilst transactions are anonymous and hidden in most instances, the actual buying of cryptocurrency through registered exchanges like Coinbase require users to give up a lot of personal information, including images of their Passport or identification, as well as giving up contact details and in some instances, even bank details.

Also known as ‘Know Your Customer’ the problem here is that signing up to exchanges is time consuming and quite complicated. Once a user submits this information, it then needs to be checked out for legitimacy, so often it can take days for an application to use an exchange to be approved, assuming you meet all the stringent anti-fraud checks.

Another issue this presents is that exchanges and wallets then need to securely store all of this personal information, meaning they are vulnerable to data hacks going forward. This, is a concern for the exchanges themselves and their customers. Data handling is a hugely sensitive subject in the news at the moment, we only need to look as far as Facebook and Cambridge Analytica to see why too.

So, it really is within the best interests of Coinbase to try and simplify this whole procedure, whilst adhering to important anti-fraud checks and laws. This is where blockchain technology comes to play.

Coinbase Experiment

First reported by CoinDesk, Coinbase have established a research team, led by B. Byrne, the Product Manager of the Coinbase identity team. Byrne and the team wish to simply allow internet users to own more of their own identity online, so this moves past just their own customer base and seems to have implications for a far wider audience too.

The team will be exploring the use of decentralised applications within the blockchain in order to build bridges between Coinbase products, the exploration of dApps will build the backbone for this study. According to CoinDesk:

“In Byrne’s mind, the best way to start lies in identifying a small segment of Coinbase users who would gain real value from controlling more of their personal data, rather than Coinbase repeatedly collecting and storing their know-your-customer (KYC) information across the platform’s products. Over the next 12 months, Byrne said his team aim to scale these experiments from just a few users to a meaningful group of dapp users. In addition to tech-savvy power users, Byrne said identity solutions could have the most immediate impact for customers that aren’t getting access to things because it’s too hard as is.”

How will it work?

As stated, this experiment is expected to last over a 12 month period, starting with an exploration of Coinbase Wallet users in order to find a suitable demographic to build the research upon. This will then move towards developing and testing a decentralised identity solution that will help benefit that small group of users. Once testing is complete, a final application might then be rolled out within Coinbase products that uses a decentralised applications to allow people to control their own identity checks through the blockchain.

This is more than just Coinbase

As stated, this experimentation phase has big implications for more than just Coinbase, therefore the research team won’t be going at this alone:

“Byrne said his team is talking with projects like the W3C Credentials Community Group. W3C co-founder and crypto veteran Christopher Allen told CoinDesk the group aims to launch a Decentralized Identifiers (DIDs) Working Group in January that can recommend standards through the Massachusetts-based World Wide Web Consortium.”


“Even if Byrne’s team develops identity solutions that reduce cross-platform friction or increase customers’ privacy, these solutions will probably rely on public tools and protocols that exist beyond Coinbase. Without commenting on any specific resources or priorities, Byrne agreed Coinbase would need to commit to keeping the infrastructure for future solutions, healthy. Byrne also expressed curiosity about how Coinbase could someday take a more active role in community efforts.”

What will come of this?

Well, this is where we are left to speculate, as Coinbase have not yet made clear what will come of this experiment. I suppose as with any experiment, they cannot predict the results so therefore, the current hypothesis from Byrne et al. is rather vague. The team are expecting to develop some sort of decentralised identity management solution that will give users far more control of their personal data, though the full scope of this solution is yet to be understood.

In an ideal world, we imagine a dApp being created that can be used to verify a users identity across an unlimited number of platforms, by simply just entering a private key, or a block address or something similar. This would be fantastic and would do great things for the adoption of cryptocurrency and most importantly, for the confidence of those in the industry that have to tackle data handling issues on a daily basis.




Coinbase Pays $30,000 for Bug Report



Cryptocurrency exchange Coinbase offered a payout of $30,000 for a bug reported on its platform through the Bug Bountry Program on the portal Hackerone.

According to a report published by The Next Web, the bug was fixed by the exchange, however, the spokesperson from the company was unable to provide details of what the bug constituted. While the vulnerability report is not available to the public, the bounty reward shows that the potential bug may have been quite severe.

On HackerOne, Coinbase has a four tier reward system for bug reports. It starts at as low as $200 for least critical bugs, $2000 for medium critical bugs, $15,000 for high and $50,000 for critical bugs. The exchange says, “The Bug Bounty Program directly serves Coinbase’s mission by helping us be the most trusted way to use digital currency. In that spirit, the scope and philosophy of the program aim to safeguard two highest priority assets (“Sensitive Data”) : Digital and fiat currency balances and Customer information

The Bug Bounty Program scope covers all software vulnerabilities in services provided by Coinbase.”

It added, “A valid report is any in-scope report that clearly demonstrates a software vulnerability that harms Coinbase or Coinbase customers. A report must be a valid, in scope report in order to qualify for a bounty. Coinbase will determine in its sole discretion whether a report is eligible for a reward and the amount of the award.”

Recently, Coinbase was in the news when it announced its users would now be able to backup their wallet keys in encrypted format to Google Drive or iCloud. This can come handy in case a user lost access to their laptop, smartphone or any other device in which the user had stored the keys.

At the time the exchange had said, “Starting today, you can now backup an encrypted version of your Coinbase Wallet’s private keys to your personal cloud storage accounts, using either Google Drive or iCloud. This new feature provides a safeguard for users, helping them avoid losing their funds if they lose their device or misplace their private keys.”

Continue Reading


Coinbase Exchange Users Can Now Withdraw Bitcoin Cash Fork BSV



Coinbase, the largest US-based cryptocurrency exchange, is finally allowing users to withdraw bitcoin Satoshi vision (BSV) – the cryptocurrency created in a hard fork of the bitcoin cash blockchain on Nov. 15.

On that day, bitcoin cash was scheduled to implement upgrades to its blockchain, as it is programmed to do every six months, but contention ultimately led developers and miners to adopt two different incompatible versions of the software: bitcoin cash ABC (BCH) and BSV, which now operate as separate cryptocurrencies with separate values.

Coinbase users who held bitcoin cash in their accounts at the time of the fork were given BSV coins at a 1:1 ratio, and the exchange notified its users today, three months after the fork, that their BSV balances could now be accessed.

Since Coinbase does not support BSV trading at this time, users will need to export their BSV balance to an external wallet if they wish to trade it for another cryptocurrency or for fiat.

In the email, the exchange made note of the circumstances and provided instructions on how to do so:

“Coinbase does not support purchases or sales of BSV, so you cannot sell your BSV for fiat currency on Coinbase. You may send your BSV balance to an external wallet following instructions here.”

On Nov. 20, Coinbase announced the competing bitcoin cash blockchain called bitcoin cash ABC would retain the BCH ticker and compatibility with Coinbase’s trading infrastructure.

At the time of writing, BSV is trading across exchanges at an average price of $62.58 while its competitor BCH costs nearly twice the price at $120.23, according to pricing data from CoinDesk.



Continue Reading


Coinbase Just Paid a $30K Bounty for the Discovery of Critical Bug



San Francisco-based cryptocurrency exchange desk Coinbase has just forked out a $30,000 bounty to the finder of a critical bug in its systems.

As reported by The Next Web, the bounty is the latest to be posted on vulnerability coordination and bug bounty platform HackerOne. Previously a large number of smaller bounties, mostly in the range of $100–$1,000, have been paid out, but on Feb. 12 what appears to be the largest bounty on the site so far was logged.

TNW’s Hard Fork said Coinbase had confirmed that the vulnerability has since been fixed, but would not provide specific details of the issue.

Based on the severity of the code flaw found, Coinbase offers rewards in four tiers: $200 (low), $2,000 (medium), $15,000 (high) and $50,000 (critical). Tuesday’s bounty appears to sit somewhere between high and critical as a result.

Coinbase states on the HackerOne website:

“The Bug Bounty Program directly serves Coinbase’s mission by helping us be the most trusted way to use digital currency. In that spirit, the scope and philosophy of the program aim to safeguard two highest priority assets (“Sensitive Data”): Digital and fiat currency balances [and] customer information.”

The program allows the public to report for rewards on “all software vulnerabilities in services provided by Coinbase,” it adds. The exchange grants bounties based on severity of the bug found, judging severity by two factors: impact and exploitability.

With crypto companies and protocols under constant attack from increasingly sophisticated hackers, finding bugs in systems is a critical endeavor.

Ethereum bug bounty websites like Gitcoin and Bounties Network have seen increased use of late, and the growing opportunity for rewards via white hack hacking success is even proving to be a way out of poverty, according to a CoinDesk report from last year.

No web service using crypto is immune from the threat of hacks and even dark markets have been offering bounties to those that find provable code errors with potential impact.

Checking code image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by astrict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.


Continue Reading