Bitcoin Magazine

Should hackers steal your bitcoins?
Show Menu
coinbase

Introducing the Exchanges: Coinbase (Part 2)

See also the first part of this series, and our previous entry on BitStamp

Over the past ten months, Coinbase has become well known in the United States for being one of the easiest-to-use Bitcoin exchanges out there. Using Coinbase, anyone with a bank account in the US can quickly fill in a form to have their bank account verified, and then buy and sell bitcoins directly from their bank account with a few clicks of a mouse. What many people do not realize, however, is that this service is only one of Coinbase’s many offerings. Even before the buy and sell Bitcoin service existed, the company had its own set of merchant tools and Bitcoin wallet, and once the buy and sell Bitcoin service was introduced the two could be combined together into a complete, BitPay-like merchant package with which any merchant can accept bitcoins and have them immediately converted into USD and delivered to their bank account, all at a 1% fee. Adoption has been slow; Coinbase has nothing close to the roughly ten thousand merchants boasted by BitPay, but the company has had a number of successes. In February 2013, Reddit started accepting Bitcoin through Coinbase, followed by OkCupid and the Humble Bundle in April and, more recently, Khan Academy, arguably the original precursor to the “massive open online courses” seen on websites like Coursera today.

The Wallet

One of Coinbase’s most basic offerings is the wallet. Unlike other Bitcoin wallets, which try to store the user’s private keys locally, hopefully encrypted with a password, Coinbase’s wallet more closely resembles a centralized “bank account” setup than anything else. The users’ bitcoins are managed by Coinbase itself, and the company takes care to use state-of-the-art practices in wallet security and cold storage to keep the funds safe. Many Bitcoin users are adamantly against such a security model, preferring to hold their private keys to themselves, but Armstrong believes that many users, who are not as comfortable with managing their own computer security, would prefer it. Given the myriad ways in which Bitcoin users have had their private keys leaked in the past, there is indeed a strong case for Coinbase’s solution – although a combined approach based on multisignature transactions would arguably be even better.

But the centralized wallet also offers other advantages. First of all, Coinbase-to-Coinbase transfers are confirmed instantly, as when Coinbase controls both the start and the endpoint there is no need for an actual Bitcoin transaction to happen at all. Second, the system is microtransaction-friendly, allowing people (or, likely, automated bots) the ability to transfer pennies at a time without paying any miner fees. Coinbase is already working with BitWall, a startup that allows content creators to charge users to access their website, as the first practical application of its microtransaction system. Finally, most recently of all, Coinbase added a “recurring payments” feature where users can opt to have a certain amount of money automatically transferred from their accounts to a merchant every month, the obvious use case being subscription services like web hosting. This feature was in fact essential to getting Khan Academy on board; Brian Armstrong says: “they get a lot of recurring donations. People might donate once, but the default option is recurring donations at $10 per month.”

Automatic recurring billing is somewhat controversial; the adult industry, for example, relies on people signing up for monthly subscription services and then forgetting about them for the bulk of its profits, and many other companies try to get people to sign up with their credit card for a “free trial”, with a clause hidden in the terms of service saying that they will charge $95 per month unless the user cancels the trial manually. As a result, some consumer protection advocates have seized upon Bitcoin’s lack of automatic recurring payment feature as an improvement over the current system, and are thus dead set against any attempts to change this (lack of) functionality. Armstrong, however, argues that users find recurring billing systems to be highly convenient, and plenty of legitimate businesses can benefit from it; charities, virtual private networks and web hosting services, all favorites of the Bitcoin community, will become much more convenient when users no longer need to manually pay a bill every month. Furthermore, Coinbase’s approach, while not as “pure” as Bitcoin itself in requiring the user to manually enter each individual payment, is still far better than the credit card system. “The upside is that the merchant can’t initiate a transaction by themselves, the merchant can’t change the amount, and you can revoke it, just like you can revoke access to applications with Facebook,” Armstrong explains. “What we try to do is the best of both worlds.”

The other major criticism is that Coinbase’s protocols are proprietary, and people using other wallets have no way to interact with them. This, Armstrong acknowledges, is a weakness, but he argues that it is currently the only way for things to work. He likens the relationship between Coinbase and Bitcoin to that between Gmail and SMTP. “Email tends to get into a few centralized providers,” Armstrong argues; “SMTP provides a base level of functionality, but services like Gmail add features on top. But the upside is that there are low switching costs. You can switch from Gmail to Outlook, and you can export your email. If we ever do something to lose people’s trust, your Bitcoin will work on any other email.” Of course, switching costs still exist; if, in some far future Bitcoin economy, recurring billing services like Coinbase become mainstream, then merchants would be more willing to create subscription services , and the average user might end up saddled with dozens of subscription services, which would be nearly impossible to keep paying without a third-party provider, and would be a considerable expense to switch over if Coinbase decides not to include any kind of “export” feature. However, the benefit of Coinbase is that it does not need to be used as one’s main wallet; rather, it can simply be used as a top-up card, with the user only adding a few hundred dollars to one’s Coinbase account at a time to pay recurring subscriptions as needed. If Coinbase does something to lose people’s trust, the theory is, people will be able to switch over slowly, one subscription at a time. Hopefully, innovations in the public Bitcoin protocol, like the recent payment protocol, together with improved wallet software will make it possible to have some of this functionality without relying on centralized providers at all; for now, however, Coinbase has the chance to fill a much-needed void.

Bells and Whistles

Another feature that Coinbase recently implemented is the SMS wallet, which allows users to perform most common actions, including buying bitcoins, selling bitcoins, sending bitcoins to another phone number, email address or Bitcoin address and generating a QR code to receive money, all through cell phone text messages. Currently the wallet still requires a computer (or smartphone) with internet access to sign up for, but soon Coinbase will add a feature that allows users to sign up using their phones alone. “So you can send bitcoins to a phone number of someone who does not yet have a Coinbase account. They will receive an SMS to let them know how to create a Coinbase account, set up an SMS pin, and accept those bitcoins,” Charlie Lee, the Coinbase developer who created the wallet, explains. Smartphone wallets for Bitcoin have been around for a long time, but the fact is that even now very many people still have old-fashioned “dump phones” (also known as “feature phones”) that cannot easily download and run arbitrary applications. “In the US, it’s only 45% of the population that have smartphones,” Armstrong says, “and in India it’s 5%.” It is important to note that Coinbase’s SMS wallet currently does not work in India; at this point, it only supports the United States, but, Lee writes, “We will be launching support for UK and Canada real soon and we will work on supporting as many countries as we can.” Coinbase’s SMS wallet is currently the only service that allows users in any country to do everything they need to do with Bitcoin with nothing more than a text message interface; the closest alternatives are the Bitcoin sending service Coinapult and the yet-to-be-released SMS wallet Kipochi. Extremely basic phones, with no internet access, may not be able to read QR codes, but even they can use all of the wallet’s other features like sending and receiving bitcoins. Furthermore, as a replacement for QR codes, Lee recently added support for firstbits, which allows users to type in the first few characters of an address and get the rest of the address by querying the blockchain.

With the SMS wallet, security is a major concern; SMS messages are known for being easy to spoof, so a phone number by itself does not carry any significant level of security against all but the most clueless attackers. To alleviate this concern, the wallet allows users to set up a PIN which they will be required to enter to make any actions that affect one’s balance (eg. sending money), although getting one’s balance and generating QR codes remains password-free. The service also has a voice call feature integrated. Charlie Lee writes: “We do realize that SMS is easy to spoof, so that’s why we require the voice call and PIN verification before you can send, buy, and sell. The PIN verification makes it 2-factor since you would need something you have (your SMS-enabled phone) and something you know (your PIN) in order to send your coins. The attacker would need to know your PIN, spoof your SMS, and intercept the voice call from us in order to steal your coins.” Currently, the voice call is simply another way to enter one’s PIN (namely, by speaking it rather than sending it in a message), but in theory Coinbase could add a layer of voice recognition to the authentication process if it proves to be useful or necessary.

Merchant Tools

Together with the wallet, of course, Coinbase has its impressive set of merchant tools. The company now offers payment buttons, BitPay-style payment forms, email invoices, custom shopping cart integration, and, just like BitPay and BIPS, the ability for merchants to have their earnings immediately converted to US dollars as soon as they receive them. To attract more merchants, Coinbase recently added a new promotional offer: every business gets its first $1 million in transaction volume converted to fiat for free. After that, the feature will remain with a 1% fee, or merchants will be able to continue using Coinbase without any fees at all if they are willing to keep their revenue in bitcoins.

The main advantage of Coinbase over BitPay is that the tools are more heavily geared toward casual users. BitPay requires merchants to go through a manual approval process in order to use their service, which often takes up to two days. With Coinbase, as Armstrong describes it, “everyone is innocent until proven guilty. Anyone can make a payment button. We have review processes for compliance reasons, and if people are selling drugs then we do take it down, so we ‘trust but verify'”. However, at this point, Coinbase does little to advertise its tools; most of the merchants signing up with Coinbase are “inbound interest”, even among the established Silicon Valley businesses that have gathered the merchant tools some publicity. “We’re not really a sales company,” Armstrong says. Compared to BitPay’s active marketing, affiliate revenue sharing programs and CEO Tony Gallippi’s frequent presentations at payment conferences, the quiet strategy has not really been successful. “Many people don’t even realize we have merchant tools,” Armstrong laments. However, this is slowly changing. Armstrong is looking to hire someone to focus on sales at the moment, and at the end of August the company made its first major “partnership” deal with eGifter, allowing anyone to buy digital gift cards for 100 major brands, including Barnes and Noble, GAP and Home Depot, with bitcoins – less impressive than BitPay’s deal with Gyft, but a solid start nonetheless. With more active initiatives like these, hopefully Coinbase will become a much more powerful force in the US market in the years to come.

BTC: 1FxkfJQLJTXpW6QmxGT6oF43ZH959ns8Cq

LTC: LaBhvWiAP7msku6w8QSQ5G7omVWMF3uxJC

By

Vitalik Buterin is a co-founder of Bitcoin Magazine who has been involved in the Bitcoin community since 2011, and has contributed to Bitcoin both as a writer and the developer of a fork of bitcoinjs-lib, pybitcointools and multisig.info, as well as one of the developers behind Egora. Now, Vitalik's primary job is as the main developer of Ethereum, a project which intends to create a next-generation smart contract and decentralized application platform that allows people to create any kind of decentralized application on top of a blockchain that can be imagined.

Get Top Stories Weekly

We respect your email privacy