Today, Coinbase announced that it’s going to insure aspects of its operation against theft and fraud.
It may be ironic that Bitcoin technology, which supports the most decentralized and trustless technologies on Earth also supports, among its most prominent businesses, centralized, trusted services. Exchanges, “online wallets,” and Bitcoin banks are all potential Mt. Gox-style nightmare scenarios for users as shady, anonymous operators vanish, taking the money with them.
As big a risk as malice is incompetence – cyber security is hard, and so is running a multimillion dollar business. The founders of many Bitcoin startups are new to both, and often find themselves, rather unexpectedly, responsible for a lot of money. There are a lot of ways that a few million dollars in user money can go for a walk and not come back, even without active fraud.
It takes a lot of faith to put a significant amount of money into a web-based trusted Bitcoin service – and, in the wake of the Gox collapse, trust is a hard thing to come by. That’s a problem for large webwallets like Coinbase, which would like to be the primary way that millions of people buy, sell, and spend Bitcoin. One solution to this problem is to insure the company and its Bitcoin holdings against theft, fraud, and loss with an external company, paying another company to take their risk.
Unfortunately, this tactic has proven difficult for many Bitcoin businesses: banks are skittish about insuring Bitcoin businesses for a few reasons, including both broad conservativism about new technology, and a certain justifiable level of skepticism about the reputability of young Bitcoin institutions. Coinbase’s announcement of an insurance partnership with a major and well-respected insurance broker is a big step, but it isn’t a complete victory: they insure only the amount in their “hot wallet” – the Bitcoin wallets used for active exchange, which are stored on computers connected to the internet and are directly vulnerable to hackers and malware. The move does not insure the contents of their “cold wallet” – the offline Bitcoin wallet in which they keep funds that are not actively being moved. While Coinbase assures us that that wallet is safe enough not to need insurance, that’s cold comfort if something does happen in the future.
It’s possible, likely even, that this is something that will get better with time. As banks become more familiar with Bitcoin, and feel more confident in their ability to judge the security of Bitcoin storage apparata, it’s probably that the cost of insuring cold wallets will drop to reflect their true security, making it profitable to run a fully and truly insured web Bitcoin operation. Until that happens, partial schemes like the one Coinbase announced are a step in the right direction, but are by no means the final solution.