Comment by thepasswordis
13 hours ago
The problem is that it seems like the data that leaked is also the data that would be used to do account recovery.
And what that means is that
1) If you lose access to your account (through either your own fault, or coinbases fault) that the process of recovering it may not be so straightforward anymore.
2) Hackers can try to “recover” accounts now using this leaked info.
This is a huge problem. What coinbase needs are IRL offices where you can go and do things like account recovery, and where people trying to steal money can be caught and prosecuted (and makes a huge barrier for the overseas thieves who are usually doing this)
The only solution here is: hardware 2 factor like yubikeys.
The Crypto industry continues their speedrun of rediscovering all of the reasons for why the global financial system exists.
What you've described is the same thing that many Crypto enthusiasts call a "Bank"
Many banks don't have physical branches.
One that I'm using does, but I find it extremely annoying when they have me go to a branch to unblock my account that they locked due to a poorly calibrated risk system (that they need due to not supporting actually secure 2FA methods).
except banks staff can easily be bribed too. There is plenty of bank fraud happening.
If my bank money gets stolen from me via fraud (unless I literally just Zelle the scammer), I get it back. That's the big difference.
1 reply →
Can you show us that? Where the consumer is left with no money at all and bank does not take the loss.
1 reply →
I can walk into a bank branch and show documents.
I guess I can walk downtown to CB HQ, but something tells me I won't get past the front desk.
Coinbase is identical to a bank because it holds customer funds. Your comment isn't quite the dunk you think it is. Blockchains allow money to be held anonymously without any banks involved. Centralized exchanges are just profiting on speculation and probably should be banned.
No they don’t. “Cryptocurrency” isn’t money at all. Just because you can trade it in for money, doesn’t make it so. I can also trade in my hat to the Buffalo Exchange for money. But my hat is not money.
6 replies →
My money in the bank in case of fraud is protected unless I voluntarily gave the fraudster my money. If a bank goes bankrupt, my money is protected by the government
If you ever sent money to or from a wallet you control, I'd think a reliable recovery factor would be to use that key to sign a message that Coinbase can verify with the address in their records. Cryptocurrency after all is just another PKI.
The the data that would be used to do account recovery is 99% either public record or already part of dozens of prior major data breaches.
> What coinbase needs are IRL offices where you can go and do things like account recovery, and where people trying to steal money can be caught and prosecuted
People getting locked out of their account (which can happen due to no fault of the user, e.g. by an overly nervous risk system) will be really happy to have to potentially travel to a different city to regain account access...
I would be very happy to do this.
Fine, make it optional. I actually would love a version of cold storage that is: never release this money unless I personally travel to an office if NYC and authorize it.
Just buy sone gold bars, and bury them in your yard.
I'd imagine that anyone who's sophisticated enough to use a yubikey would just buy a hardware wallet and self custody.
> The only solution here is: hardware 2 factor like yubikeys.
And when that’s lost, what do you do? Aren’t you back to account recovery step?
Then you send your iris scan to sama
> What coinbase needs are IRL offices where you can go and do things like account recovery, and where people trying to steal money can be caught and prosecuted (and makes a huge barrier for the overseas thieves who are usually doing this)
That's just a bank.
Beyond the regulatory-dodge and crypto marketing explain to me how Coinbase is NOT a bank
Cryptocurrency firms exist in a quantum superposition of bank and not-a-bank until you interact with them, at which point they collapse into whichever state costs them less money.
1 reply →
Well, right now they’re applying for a charter which suggests they don’t think they’re a bank, but I can think of some other reasons, too.
lol they even do fractional reserve things like banks, except they're more shady and don't acknowledge it, now I'm either connecting dots that shouldn't be connected or some withdrawal locks that happened through some big arbitrage opportunities were very suspicious.
Correct. Coinbase is a bank that holds cryptocurrency.
And OpenSea is a zoo that holds apes.
Watching crypto enthusiasts run into every problem that society already tackled with in the past when developing currency and its controls, and then coming up with solutions that look exactly the same as what dirty fiat currency uses, has been a source of much entertainment the past few years
> every problem that society already tackled with in the past
More KYC creates more problems while solving some others. Why didn't the same society despite KYC/AML tackle the problem pointed at in a previous comment? "Florida teens kidnap Las Vegas man, drive him to Arizona desert, steal $4M in cryptocurrency"[1] Why is there this crime?
Without mandatory KYC laws, this particular attack would be near pointless. No name tied to account, bookkeeping doesn't archive wire transaction details for the past 10 years.
Let businesses easily accept cryptocurrency (like... regular cash?), without a blade to their throat held by the government, and the need for such centralization points will greatly diminish. People get in trouble by p2p-exchanging money with unknown peers; in some instances this "trouble" has the unit of "years".
It's in nobodies' interest to protect cryptocurrency payments as the alternative, other than the activists, and the big groups jumping in on it for the speculation purposes - something they had refined decades ago. There's CBDC is on the horizon.
[1]: https://news.ycombinator.com/item?id=43999011
1 reply →
This is an exchange problem, not a crypto problem. You don’t need an exchange to hold crypto.
12 replies →
As others have said, it has nothing to do with crypto, it is an exchange problem, and a government intervention problem.
1 reply →
As I understand, the root of the problem is that Coinbase kept lot of sensitive information, including photos of IDs. If Coinbase was fully anonymous, and didn't require any KYC, the impact of the leak would be insignificant because it would be difficult to link user number 12345 with some real-world person.
So if we want to constrain impact of such attacks, we must make companies keep less data and delete them faster. For example, instead of storing a photo of ID, store just a checkbox that the person showed their ID and it was valid.
This applies not only to cryptocurrency, but to any company like Google, Uber, Amazon etc - if they didn't keep extra data, there would be little value in the leaks.
So the blame is not at cryptocurrency, but on companies not wishing to delete the data and governments demanding them to collect the data not necessary for operation. It's the government and capitalists who create problems out of nowhere.
1 reply →
Is there anything crypto does that paper currency doesn’t?
4 replies →
> What coinbase needs are IRL offices where you can go and do things like account recovery, and where people trying to steal money can be caught and prosecuted
Is this satire?