Yep - sorry we should really add a page on that. We're storing wallets in the cloud so this is an important concern. Private keys are encrypted in the database. bcrypted passwords. We also offer two factor authentication for your logins:
http://blog.coinbase.com/post/25677574019/coinbase-now-offer...
We'll start keeping a majority of funds in cold storage as deposits grow (we're still in beta at the moment). And I think you're right a firm policy on this would be needed about loss of funds and what is covered. I'm interested in the idea of getting insurance through Lloyds of London or something along those lines, but haven't pursued it yet (we've just been building the prototype).
I worked on fraud prevention at Airbnb previously and we had lots of money flowing through the site and stored with us, so I'm familiar with best practices around this. I also have a healthy respect for what can go wrong, and I think as we grow we'll go through regular security audits (and much more scrutiny as we pursue licensing as a money transmitter). You certainly shouldn't trust us on face value though, it's something we'll have to earn over many years.
Please encrypt the private keys with a key K derived from the users' passwords. When a user logs in, your server-side code can compute K and access the bitcoins. When a user logs out, the server should forget K, erase it from RAM, thus leaving the bitcoins securely encrypted on-disk. Not even an attacker getting access to your infrastructure, not even you(!), could steal the bitcoins when the user is not logged in.
Not a single online wallet service actually does it this way, the right way, sigh... This mechanism could have prevented numerous thefts: MtGox, MyBitcoin, Bitcoinica, etc.
For power users, if they forget their pw, they lose their coins. Period. That's the option I would use, as someone who never lost an important pw thanks to my use of redundant password safes.
For other users, when creating an account, coinbase.com could email them a "key recovery" file (or mail them a physical QR code), with instructions to keep it permanently stored in a safe place. This key recovery file would be K encrypted with a unique IV and a key known by coinbase.com, who would not keep a copy of the key recovery file. This would satisfy all my requirements: coinbase.com would be unable to steal/access the users coins, and an attacker merely getting access to the key recovery file would be unable to do anything with it.
Like file system encryption is done. You don´t encrypt the hard drive with your pass phrase. You encrypt the encryption key to your hard drive with your passphrase. Your problem is solved with an extra key in offline storage.
In this case instead of just encrypting private keys with K (derived from user's password), you encrypt private keys with K and encrypt K with user's password. You also encrypt K with your own master key which is stored offline. You could either retrieve K manually or through a rate-limited API.
However, Estragons point about it only slowing down the attack still holds, although in Bitcoinicas case the loss would be much less, since they discovered the attack early. "not even you(!)" however is false.
At least for the MtGox and Bitcoinica thefts, this would only have slowed the attack down. All it would take is adding a password logger. Still might be a worthwhile extra line of defense, though.
What do you mean by "We'll start keeping a majority of funds in cold storage as deposits grow"?
Are you re-investing some of the deposits, and the ones that you don't touch are in this so-called "cold storage"? If yes, what percentage do you keep in cold storage, and why don't we get interest if you reinvest some of our deposits?
"Cold storage" in Bitcoin parlance is a wallet that is completely disconnected from the network. Since a "wallet" is really just a collection of private keys, one example of cold storage is to scatter pieces of the wallet (M of N splitting) in physically secure locations like safe deposit boxes.
Unless I'm misunderstanding him, what he's describing is simply "cold storage", not a fractional reserve. The putative bitcoins are still under the person's control, even if they are offline. It would only be fractional reserve lending if the person were actually lending a portion of their reserve.
But very cool site. Bitcoins are one of the things that drew me back into programming, and I'm grateful for that. (btw, are they still using json rpc for interprocess communication? it got a lot of flack, but I liked the API) But I got fed up with the volatility and the people it was attracting about a year ago and left it behind. It's good to see a legitimate business like yours getting involved (and with the ycombinator name, too!). Maybe I'll check it out again. There's a huge amount of potential there.
EDIT: My bad, I see that the parent comment was talking about fractional reserve lending. I only looked at the comment directly above your remark about reserve lending. Yeah, I'd stay away from fractional reserve lending since it's an anathema to almost everyone who uses bitcoins.
The potential was always there ever since Satoshi released the specs. The volatility is because of the nail-thin market depth, and the bubble was unavoidable (Hello 20/20 hindsight) because of that combined with some media attention and the first time occurence of a digital limited resource... Well, most people probably only thought as far as "OMFG the price is going up, I expect great returns on investment". Thankfully the price fluctuations are smaller now and we can all focus on building infrastructure and a market.
As for legitimate businesses there´s plenty. We´ve (mullvad.net) been accepting bitcoins for two years, but then again we were probably the first corporation and full-time business to do so :)
Oh, I totally agree that there are plenty of legitimate businesses using Bitcoin. I've sent you guys a lot of bitcoins over the past 1-2 years (great service, btw).
I've also paid some very professional developers and designers for high-quality work using bitcoins. Personally, I'd love for btc to take off more, since I'm a freelancer and do lots of work for overseas clients, and get hit with lots of banking fees. Btc is a fast and easy way to pay freelancers, and could be a great way to get paid by clients.
Nonetheless, I an easyjust got sick of all the hoopla surrounding Bitcoin and the constant Bitcoin heists, combined with the cluelessness of so many Bitcoin developers regarding security (not the core developers, but all the devs trying to build Bitcoin-related businesses). But perhaps it's time to give it another try.
That's nice and all, but you're loading arbitrary javascript from Olark, CloudFront and Google on your login page. So no matter how much you secure your own systems, you're reliant on several third parties securing there's too.
I'm not a security expert, but at least I have first hand experience with the Bitcoinica hack. It seems that all the security features you have mentioned are present in many Bitcoin sites, including Bitcoinica,r and they don't prevent the easiest ways of losing wallets.
Storing in the cloud is especially dangerous because for most (NOT all) cloud service providers, the front-end security (concerning authentication and authorization) is probably much weaker than your own implementation. For example, anyone can reset the password with an email, and change the root passwords of the servers. There isn't likely an option for second factor authentication.
This does not apply to cloud services with serious security considerations, such as AWS. It has IAM as well as second factor authentication. However, in Bitcoinica's case, both Linode and Rackspace don't seem to be a good choice to host wallets: Linode hack was actually a result of their customer service system compromise (i.e. possibly any support agent can reset the root passwords). While Rackspace Cloud's support staff couldn't log out the hacker and preserve the servers even when the hack was detected and password being changed.
These are really basic security features that cloud services are lacking.
You made a good point that things can be upgraded as you grow. Please do that. It's exactly what I intended to do when I launched Bitcoinica last year. But after I sold the company last year, no one really think it's an urgent thing to do because there were no performance issues, no availability issues and everything went just fine. It's important to stick to the plan, and preferably allocate a fixed portion of revenue for upgrading security features and doing audits.
I'm glad to give you more information so that you can make better decisions (just drop me an email). I have been leading Bitcoinica for half a year (until the handover in April) and I had some experience in running a Bitcoin site that scaled quite well. I'm working on a non-Bitcoin project at the moment but I really want Bitcoin to succeed.
Intent is not the same as action, and as you said, no one (including you) thought it was urgent to upgrade your security. Shortly thereafter you discovered that there are black swans.
The above is also very easy for someone (like me) to say when you´re not in the middle of it. You want to grow your business, and the benefits of working on security are hard to measure. I get it. That´s when you need to ask yourself what your priorities are, and if you´re in the business of selling turnips, or handling valuables such as bitcoins.
Brian, you are where Zhou Tong was a while ago, although there´s no hype around your service yet. It has great potential, especially with the backing of PG et al. Please don´t make the mistake of putting security on the back burner. If anything you should use it as your primary selling point.
If you´re comfortable with it, subject your internal architecture to public scrutiny. If you´re not, think really hard before you say "trade secret".
Do my bitcoins stay as my bitcoins OR do I transfer my coins to coinbase and when I want to use them you transfer the same value back? I would feel a lot more comfortable with the later where your company was liable if you got hacked.
I don't believe it would be the possible to do the former with Bitcoin, short of telling them your private keys and erasing them from your storage I guess?
Google's 2FA wasn't hacked, it was bypassed. Essentially, there was a second "door" (the account recovery flow) that wasn't protected by 2FA, and that's what the attacker used.
It doesn't matter. The point of that story is, the weak link is going to be exploited. Bitcoinica is a good example. Zhoutong said at the start he understands application security, and in fact the big attacks didn't result from exploits in his code, but from third-party vulnerabilities.
We'll start keeping a majority of funds in cold storage as deposits grow (we're still in beta at the moment). And I think you're right a firm policy on this would be needed about loss of funds and what is covered. I'm interested in the idea of getting insurance through Lloyds of London or something along those lines, but haven't pursued it yet (we've just been building the prototype).
I worked on fraud prevention at Airbnb previously and we had lots of money flowing through the site and stored with us, so I'm familiar with best practices around this. I also have a healthy respect for what can go wrong, and I think as we grow we'll go through regular security audits (and much more scrutiny as we pursue licensing as a money transmitter). You certainly shouldn't trust us on face value though, it's something we'll have to earn over many years.