8h? Iceage storage.

It is entirely reasonable to use hardware security modules that enforce timelocks for signing.

If it were entirely reasonable they probably would have disclosed that as the reason.

They're an exchange. Cold Storage is not their job. It isn't much of an exchange if I have to wait 8 hours to put in a sell order.

Coinbase definitely doesn't keep all their funds in a hot wallet. They keep enough readily accessible to cover the projected volume of withdrawals; the rest can be kept offline. They even specifically offer a "vault" service for managed cold storage.

When you put in a sell order through the normal "retail" interface you're trading with Coinbase itself. Those coins can stay offline in cold storage, as they're just moving numbers around in their database, off-chain. Only withdrawals and periodic internal rebalancing operations (making up for an imbalance between buys & sells) strictly require online access to the keys, and those only affect a small part of the total.

They don't need hot wallets for exchange trading. That's just normal accounting, numbers in a centralized database. They could have zero reserves and it'd still work. Only when you withdraw cryptocurrency from the exchange and into your own wallet do they need to produce actual coins for the transaction.

I wonder what your statement would be if a hacker compromised the hot wallet and drained all of the funds?

I would expect them to have insurance against theft like everywhere else I store money.

Hmm. I would expect them to have layers of security, with one of those layers being funds in a cold wallet with serious access control around it. If I were asked to insure them, the premiums and coverage would hinge on security layers and mitigations in place to prevent loss. I don't think it's unreasonable to have funds in a cold wallet.