This is Charlie Lee with Coinbase. I’ve been working at Coinbase for over a year now, and am currently the engineering manager for the product team. After reading the Blockchain.info security thread, I wanted to write this post. Sorry for being long, but I think it’s worth your while if you care about security!Blockchain.info used to be my goto wallet even after I joined Coinbase last year. I found it having a good balance of security and convenience for my every day wallet. Over the past year though, Coinbase kept introducing new security features while Blockchain.info wallet’s security has stayed exactly the same, and arguably became worst. For this reason, I have not touched my Blockchain.info wallet in months.Coinbase has made it a priority to protect our users. We want to make Bitcoin easy to use, and most of our users are novice users. It is especially important to protect them from themselves. Just to highlight some of the security features we’ve added this year:We now store 97% of our coins in cold storage, so that in the unlikely event we get hacked, coins won’t be all gone.Had Andreas Antonopoulos peer review our security. We realize that this is not a fool proof audit. We will keep working towards that.Got insurance that exceeds the amount kept in our hot wallet.Implemented device verification. When accessing Coinbase with a new computer/phone, user must verify the new device over email. For convenience, we added little tricks like if they access the new device from the same IP, we automatically verify it.Re-did our API security. API key settings are now protected by 2fa and email verification.Warn users with high balance to set up their phone with 2fa.Default to asking for 2fa if user sends more than $100/day. We even let users change a setting to have Coinbase ask for 2fa on every send.Added audit trails and open sessions, so users can see sign in activity and sessions. They can even sign out other sessions.Introduced our vault solution where users can put their savings money into. Vault delays withdrawals by 2 days and keeps notifying users over 2 emails and their phone over those 2 days. This lets them easily cancel the withdrawal if it was an attack.Added multisig vault, which let more advanced users control their own keys. Our multisig vault is one of the easiest to use even for novice users. We even provided an external backup tool for sending money outside of Coinbase.Started working closely with HackerOne. We pay out to whitehat hackers to find holes in our security. This lets us be ahead of the hackers.Prevent hackers from pretending to be Coinbase with OAuth2 permissions. (See below)Introduce a innovate solution against email compromise attacks. (See below)Phishing attack against Coinbase user is practically non-existant today. Even if user has their email, password, and 2fa phished, the attacker would not be able to verify the device they are using.Attacks are now more creative and fall into 2 buckets: OAuth2 tricks and email compromiseOAuth2 tricksHackers have recently create OAuth2 apps that pretend to be Coinbase. And they use those to phish unsuspecting users. So users get sent to the Oauth2 authorization page saying “Do you want to give permission to Co1nbase to allow unlimited withdrawals”. Most users see through this immediately, but for every 10 users, 1 of them would not think twice and click on authorize. The attacker than can steal everything in the Coinbase wallet.It was our mistake for letting a hacker use a name like Co1nbase or use unicodes in the name so that it looks exactly like “Coinbase”. So because of that, we have reimbursed every victim from our own pocket. We also launched an immediate fix so that someone is not able to use a name similar to Coinbase using unicode tricks. We are also going to deploy a few other changes to our OAuth2 flow over the next weeks. These include adding 2fa for API calls. This is so that wallet apps can ask users for 2fa tokens to send more than $100. We are also going to restrict asking for unlimited sends. There’s no practical reasons why regular apps will need unlimited access to all your accounts. This will reduce the risk exposure there.Email compromiseSince attackers can no longer phish user credentials, they have to resort to email compromise to steal from Coinbase users. This means that the attacker hacks into the users email account. With email access, the attacker can reset the user’s Coinbase password and even add new devices. And to get around 2fa, they can reset the user’s cellphone online account and request SMS forwarding to another phone. This can all be done remotely and without the user’s knowledge, as the attacker can delete suspicious emails immediately.We have recommended users add 2fa to their email account to prevent this, but 2fa on email is way too much work for most people. And the people that have weak passwords on their email accounts are the same set of people that won’t have 2fa on their email. Email compromise is a lot of work for a hacker, but sometimes they know the payoff is huge. In one case, a Coinbase user wrote a post on reddit and told everyone that they had a significant amount of BTC in their Coinbase account. They even posted their email address! Guess what… an attacker hacked into his email, forwarded his SMS, reset his password, added a new device, and stole all his coins.We realize this is a rare case where the attack is hard to pull off, so it will only be done if the attacker knew there’s a lot of money to be gained. But we wanted to stop this edge case too, so we thought of an innovative solution. What we are trying to prevent is a remote hacker, and the 2 things the hacker needed to do to gain access is to reset the user password and add a new device remotely. Our solution is to make it such that a hacker cannot reset a password on a new device. This blocks off this type of remote hacking. The attacker would need access to a user’s device or be in the same location (same IP) as the user.Of course, there’s still the scenario where some malware actually controlled a user’s device. In that scenario, the malware does have access to the user’s device. We have some solutions for this and are working on it!tl;drCoinbase has introduced dozens of security features over the past year. Phishing is practically non-existent. We will keep working hard to protect everyone and keep Bitcoin easy to use.Sorry for the long post. But after I started writing this, I realized how much Coinbase has done over this year. On reddit, you only hear about the hacks and the canceled buys and never about all the good stuff we’ve done. But we are not done. We will only rest when there are 0 BTC lost by Coinbase users. And please tell us how we can improve our wallets/vaults to make security even better.
gummygunk
vaporwave
kianamaiart
jbbartram-illu
baratheonpilled
2087
dededos
