The popular cryptocurrency exchange Coinbase has launched a new feature for its stand-alone digital asset wallet. The software will offer users the ability to back up their private keys using either Google Drive or iCloud.
The idea is to give users of the Coinbase Wallet a safety net in the event that they lose access to the device upon which the software is installed or happen to misplace their private keys somehow. However, some in the cryptocurrency community have highlighted that the saving of private keys on cloud storage services could expose users’ funds to additional threats.
Cloud Storage of Keys Comes to Coinbase’s “User-Controlled” Wallet
San Francisco-based Coinbase is one of the few exchanges to launch its own wallet software, helping promote the kind of monetary sovereignty Trace Mayer’s “Proof-of-Keys” event championed on the 10th anniversary of the Bitcoin network going live. Users of the Coinbase Wallet are the sole holders of their private keys. As such, they potentially enjoy a much higher degree of security than those choosing to leave money on centralised exchanges, which are prone to hacks and other security breaches.
The latest feature launched for the Coinbase Wallet is a built in option to back up the user’s private keys to either Google Drive or iCloud. This is supposed to provide them an additional way to access their cryptocurrency holdings should they lose access to the wallet for some reason.
According to a Coinbase blog post, copies of the private keys stored to the cloud will be encrypted and require the wallet’s password to access:
“Your backup is encrypted with AES-256-GCM encryption and accessible only by the Coinbase Wallet mobile app. The backup can only be decrypted using your password.”
The post goes on to state that Coinbase will not have access to users’ passwords or funds at any point when using the wallet. They also state that the cloud service provider will not have access to either since the keys can on only be decrypted with the user-set password.
Coinbase says that it still encourages users of its wallet software to backup their private keys manually. The post also reminds users of the importance of using two-factor authentication as an additional security precaution.
Whilst it is certainly true that users of the Coinbase wallet opting to back up their keys to the cloud are creating an additional attack vector against themselves, for some the convenience will be worth the slight reduction of security. No cryptocurrency storage method is truly impenetrable and different types of users require different levels of security. Some are willing to sacrifice a little (or even a lot) for greater convenience. Providing they are aware of the additional risks, they should be free to make their own decisions.