This week, Wired published a unique insight into the security system employed by Coinbase to lure institutional investors into the crypto space.
In July, Coinbase, the world’s largest cryptocurrency exchange and brokerage, announced the formal launch of Coinbase Custody, a custodian solution designed to facilitate large transfers of capital from the traditional finance sector into cryptocurrencies like Bitcoin.
Unique Security System of Coinbase
Sam McIngvale, a product lead at Coinbase Custody, said at the time that Coinbase has implemented a series of security measures in order to eliminate the possibility of the funds of its institutional investors from becoming vulnerable to hacking attacks and security breaches.
Coinbase has a five year track record dating back to 2013 without any instance of exchange vulnerability, security breach, and hacking attack, which most exchanges cannot claim. Leveraging its reputation, the Coinbase team has focused on establishing the last barrier separating the cryptocurrency sector from institutional investors.
For many years, investors like Blocktower Capital’s Ari Paul have said that the lack of custodianship in the crypto market has prevented institutional investors from committing to cryptocurrencies as an asset class.
With Coinbase Custody, the first unicorn in the crypto sector created an infrastructure that is sufficient to handle large demand from institutions, equipped with robust security systems.
In an official blog post, McIngvale revealed last month that the Coinbase Custody system has four major security measures involved designed to prevent theft and hacking attacks. The measures include:
- On-chain segregation of crypto assets
- Split, offline private keys that require a quorum of geographically distributed agents to use cryptographic hardware to sign transactions
- Multiple layers of security
- Robust cold storage auditing and reporting
The report of Wired published on Wednesday delved deep into the split and offline private key generation system that requires geographically distributed agents, demonstrating a glimpse of one aspect of the Coinbase Custody security system.
As seen in the photograph taken below by the Wired team, Coinbase establishes tents in remote locations to generate private keys on a regular basis to ensure that every key handled by Coinbase cannot be tracked by its location and IP addresses.
Within the tent exists an independent shielded power supply that removes power fluctuations. Then, with a Linux-based operating system and a printer, the Coinbase technical team begins printing out private keys that will be used to store many millions of dollars on behalf of institutional investors.
Philip Martin, Coinbase’s head of security, explained that the process of generating new keys in remote locations can take an entire day from start to end, but is worth the allocated resources because it completely blocks out the possibility of hacking attacks.
Any device, whether it is a computer or a mobile phone that is connected to the internet can be hacked. But, if a device remains offline, it is impossible for hackers to ever gain access to the device.
“Cryptocurrencies have a threat model that’s fundamentally different from what’s come before. We’re taking the lessons from the past about physical security and blending them with well structured cryptography,” Martin said.
Can Coinbase Lure in Institutional investors?
Institutional investors like multi-billion dollar financial institutions and pension funds cannot invest in a new asset class with low liquidity and high probability of security breach without insured and properly structured custodian solutions.
The complex but highly necessary process of Coinbase to secure user funds and the insurance of Coinbase holdings by Lloyd’s of London are sufficient to convince institutional investors to commit to the cryptocurrency sector, especially if there exists no regulatory boundary that may lead institutional investors elsewhere.