How Coinbase goes all out on security



Coinbase is so secure it can’t even hack itself.

Knock on wood: Coinbase is the only exchange yet to suffer a breach.

CEO Brian Armstrong revealed a secret to its success to Wall Street Journal reporter Paul Vigna at Consensus this morning: it hires spies, unbeknownst to most of the staff, who attempt to infiltrate the exchange’s offices and compromise the network.

“We hire third-party firms to try and break into it,” he explained. “They pose as candidates applying to work at Coinbase. Typically, only the head of security and me know that it’s a drill.

But the person will come in, and apply for a job, and try and get into the office, and try to break into our systems.”

Any luck? “They might breach one or two” layers of security, Armstrong said. But better them than, say, the hacker that stole $40 million from Binance. Or the hacker that stole $450 million from Mt. Gox. Or the hacker that stole $16 million from Cryptopia.

Armstrong said that customers’ funds are stored in a geographically distributed database and that the exchange is building the “generation four” of its cold-storage system—wallets that holds customers keys offline—which is rebooted every 18 months.

That’s a far cry from $190 million in a dead man’s wallet.


Many of these practices are the same ones global banks deploy. I know of at least one bank that has internal department much like the CIA/FBI and uses agents to try and preemptively identify people who are looking or trying to get information to hack them. This is one step further than the above Coinbase drills.

All in all it is nice to see them taking these steps.

1 Like