How much Bitcoin (BTC)
If you don’t own the private keys, you don’t own the bitcoin(or ether). Coinbase is a fully licensed and regulated exchange, so it’s unlikely that they are going to steal your coins. However, almost every major exchange has been hacked at some point. If you own a significant amount of coins, you are better off investing in a hardware wallet such as Trezor or Ledger Nano S to securely store them. Both hardware wallets I suggested are very user friendly and support both ETH and BTC.
Unless you are actively trading, you indeed shouldn’t keep any significant amount of coins on Coinbase, or any other online wallet.
Related QuestionsMore Answers Below
I am an early Bitcoin user, blockchain instructor, Bitcoin courseware designer, and privacy zealot. I believe in decentralized networks and I fight back centralized authority. Yet, I trust Coinbase and I keep all of my Bitcoin in their hosted wallet and the associated offline vault.
I respect Ken Liu’s reaction, and at one time, I would have agreed. Like gold and US dollars, I would have argued that the safest way to own Bitcoin is to keep it in a locked box under your cushion. That means taking control of your individual keys, keeping your coins off-line in a hardware vault or paper wallet, and guzzling that slip of paper on which you wrote your password.
Bitcoin is a decentralized asset that you can own and control. But, the very nature of the Coinbase service model is custodial. That means, users give up some of that control in exchange for access, convenience, record keeping and quick movement. But this is where Ken and I differ. You might think that users lose a little security when using a hosted exchange and wallet like Coinbase, but I believe that you build up enhanced security when using a 3rd party service, even if you trust the service to generate and maintain the private keys to your wealth.
How can I make such a statement?…
The problem is that Bitcoin is an asset that is manipulated by encryption every time it is exchanged, stored, transferred or moved to a fresh wallet. Additionally, it passes like data through an online public network. These traits: encryption and digital transport, are subject to hacking, user error, forgetfulness, and user incapacitation or death. It is remarkably common—even for the most knowledgeable and careful individuals—to be hacked, make a momentary keystroke error, misplace information, or die.
One way to deal with the potential for forgetfulness, incapacitation or death is to create a multisig wallet. This permits certain combinations of your trusted family, friends or colleagues to access your wallet in the event that you cannot. Creating a multi-sig wallet is remarkably ordinary, even if your beloved wallet does not support the feature. But this does not address the potential for user error, hacking or authenticating the vendors that you pay.
The way to deal with these problems is to budge and store money with exceptional care. That means that the user community must be tooled and trained with
- vetted standards
- cautiously trained practices, and
- industry approved audit protocol.
These things are being developed. In fact <shameless plug>, this is exactly what we do at CRYPSA.* But for now, these safety protocols and practices are more likely to be in use and ‘hardened’ at a translucent and well funded, hosted service like Coinbase or Bitstamp. And so, I trust my hosted wallet at Coinbase.
Why do I trust Coinbase? In large part, my trust arises from the “rule of numbers”. Coinbase is backed by serious institutional investors. A major hacking event, financial collapse or even a puny scandal would cause a lot of wall street tycoons and other very wise people to lose a lot of money. For this reason, they invest an extra measure into standards and practices. They also have invited Andreas Antonopolous to come in and perform an independent audit of his own design. Andreas is profoundly astute, skeptical and with an investment in his own reputation as pro, advisor and educator.
Coinbase boasts an independent review by an eminently qualified auditor. In February 2014, Andreas Antonopoulos published this independent and comprehensive audit [Wayback Machine backup ] of Coinbase practices and bookkeeping…
In this paper, he compared Coinbase records to the public blockchain, reserve metrics, security practices, disclosure policies, etc. It is primarily because of this report that Cryptocurrency Standards Association uses Coinbase for all Bitcoin affairs.
* Ellery Davies is a frequent contributor to Quora. He is also co-chair of Cryptocurrency Standards Association and chief editor at A Wild Duck .