The San Francisco-based company had been using the cloud application platform Heroku, which was battle tested and provided the right solution at the time, says Armstrong. However, later the team realized that “this wouldn’t work forever,” and have built their next infrastructure inside Amazon Web Services (AWS) with Bitcoin security in mind.
Armstrong states in his very descriptive post:
“The most common ways that Bitcoin companies die is due to theft and hacking.”
Coinbase says the entire premise of what they do is to eliminate single points of failure and operate the AWS-based system with the utmost precaution. Some of the intriguing methods of security include two-factor authentication techniques split among various people. Cold storage and two-factor security are kept in lock boxes to “prevent a single person maliciously (or accidentally) ending the company.” When using SSH access, the company deploys a lock down method with two-factor authentication, select laptops, audit SSH access heavily, set up bastion hosts, screen people who have access, and create special policies for those with access privilege.
Armstrong describes the screening aspect, saying:
“Most people would be unwilling to steal $1M if it meant never being able to see their friends and family ever again. You want to create a culture where production access is taken very seriously. It should come with a great deal of responsibility and oversight.”
In addition to transitioning to AWS, Coinbase continues to evolve its security measures. It uses anomaly detection that scans through the company’s logs looking for “irregularities.” The detection catches errors, critical issues, and sets off triggers that alert the team.
The post written by Armstrong says it “just scratches the surface of what it takes to build secure/paranoid infrastructure in the cloud.” The Coinbase founder says there are a lot more things he didn’t cover, such as red team drills, bounties, testing vendors and outside firms, incident response, and training new developers for the company. In fact, Coinbase is hiring remote and in-house dev-ops and engineers to help with cloud operations.
Coinbase seems to believe constant paranoia and security solutions will keep them afloat without being hacked or compromised from the inside. So far they have remained on top of the industry by not falling victim to single points of failure. Armstrong says the concepts used by Coinbase “are used heavily in bank security, nuclear launches, certificate authorities, corporate governance, and even human resources.”
Armstrong’s blog post on Coinbase’s security comes after recent scrutiny towards the exchange. In early March, Armstrong received heavy flak from Bitcoin Core supporters by writing that the Core development team was a “systemic threat” to the Bitcoin technology. Additionally, Coinbase has received complaints for the past two years regarding their privacy policies. Users have reported strict identification requirements and locked accounts with no explanation from customer support. Armstrong’s outline of his company’s “paranoid” security model may be his way of explaining Coinbase policies that may seem strange to customers.
The description of Coinbase’s security is also on the heels of the ShapeShift hack, where lax security policies allowed an employee to steal over $100,000 USD in cryptocurrency. Thus, Armstrong’s security blog post is well timed, assuring customers of Coinbase’s security while the ShapeShift hack is still fresh in the minds of Bitcoiners.