How Safe is Storing Cryptocurrency Private Keys on Centralized Servers?
There are many lessons to learn and many knowledges to gain when you consider yourself an investor in cryptocurrencies.
From learning about the features of the cryptocurrency whose basis for its creation catches your fancy, to learning about trends in the cryptosphere such as price fluctuation, the respective cryptocurrency exchanges and all, the knowledge would not be considered to be complete without an adequate knowledge of security and protection of funds.
Investors that pay leap service to asset security have had a bad tale to tell as cryptocurrencies are usually subjected to different forms of insecurities.
Role of cryptocurrency exchange in securing wallet funds
Cryptocurrency exchanges offers trading services to holders of Bitcoin and altcoins alike. There are centralized exchanges, decentralized exchanges as well as hybrid exchanges. This article focuses on the centralized exchanges (with focus on Coinbase wallet’s new security feature) as they are more predisposed to theft and other anomalies.
Centralized cryptocurrency exchanges keep assets of their customers which may include both the buyer and the seller and they control the private keys required to access funds by these customers. The cryptosphere has experienced different cases of trading inconvenience when these centralized exchange servers go down or when they get hacked as is most often the case.
The fact that you need the exchange before you can access your funds generates many uncertainties.
In response to this security challenge as made worse by the death of Gerald Cotten of QuadrigaCX who alone held the password to his private computer stacked with over 115,000 customers private keys locking in over $145million and spurring many centralized exchange customers to start considering decentralized alternatives, many centralized cryptocurrency exchanges are developing means to secure private keys better.
Why are centralized exchanges so unsafe?
The narrative of the unsafe nature of centralized exchanges is easy to comprehend. Many hackers are generally poised to attack a central server storing multiple private keys than a single crypto-owner thereby, getting large result with less effort. These would always predispose centralized exchanges to hacking threats.
Centralized exchanges unlike QuadrigaCX might grant permission to more than one employee to have access to the private keys stored on their server and this further makes it unsafe as undue alterations can cause a big threat to the stability of the keys.
The challenges faced by these exchanges that makes their centralized key storage unadvised is as dynamic and evolving as the volatility of the market itself. To combat this, centralized exchanges are now offering some encryption and backup so users alone can have sole access to their private keys.
The case for Coinbase wallet
Coinbase is a centralized cryptocurrency exchange that is based in San Francisco. Cryptocurrency assets traded on the exchange are usually stored on the coinbase central server until the launching of Coinbase wallet formerly known as Toshi. With Coinbase Wallet, users can store their own cryptocurrencies protected by their unique private keys. Those keys are purportedly secured with Secure Enclave and biometric authentication technology provide by the Coinbase wallet application.
This way, a higher level of control was given to coinbase wallet users and this control has been given a new leap with the announcement by the company of February 12 that users can now back up their encrypted private keys on Google drive and iCloud.
Coinbase pointed out that neither they nor the cloud services will have control or access to user funds, as the recovery phrase key is unlocked by a password that only the user knows.
The backup is reportedly encrypted with AES-256-GCM encryption, which is only accessible through the Wallet mobile app. Coinbase also reiterated that this backup option does not replace existing recovery option as it is an opt-in service which is solely in the discretion of the user to embrace.
As usual, there has been diverse comments since this new feature was announced, some lauded the idea citing the case of the encryption and accessibility by only the user as the plus for the backup option while other believe that hackers would focus more in targeting this cloud services.
Popular opinion though can fuel a change as the crypto community is a responsive one but on this, Coinbase wallet has proven that it would not end up causing users headache as QuadrigaCX is currently doing.