How does Coinbase/GDAX secure Bitcoin, Litecoin, Ether?

Key Takeaways

in this video we're gonna talk about GX security anytime you're gonna use a service and you're gonna give this service your funds your your hard-earned money you're gonna want to definitely look into their security policy because that's how your funds are gonna stay safe all right so we're gonna do that in this video go to GX comm which is where we are here and then scroll down to the bottom of the page to security you would click on Security Statement first thing to notice like we talked about before we're at now Quinn makes comm slash security the reason we're at coinbase is because GD x is a coin base company they tell a security for your peace of mind we take careful measures to ensure that your Bitcoin is as safe as possible it's exactly what we want go down further and they mention this on their home page 98% of customer funds are stored offline so that means these things are not touching the internet so a hacker sitting at their computer somewhere anywhere around the world they're not going to be able to access these systems because they are offline systems offline stores provides important security measures against theft or loss this is another important piece we distribute Bitcoin geographically in safe deposit boxes and vaults around the world so what do they mean we distribute Bitcoin what they mean is they distribute the private keys to customer wallets around the world geographically so that means suppose they had all of the customer wallets just sitting on one server in say California and there was a big fire that happened and all the servers were destroyed well all the customer funds would be lost and so they've taken measures here to distribute them geographically around the globe they mentioned here again that sensitive data that that's on their servers it disconnected entirely from the internet and they talk about their encryption and their redundancy so redundancy means they have multiple copies of it they talked about here USB drives and paper backups so these are going to be the thing the offline pieces and they're redundant so that means that there's not there's no one location that if that location was destroyed then those funds will be lost because they've got it there they're redundant and they're backed up and then here they are they're mentioning that these drives and paper backups are distributed geographically around the globe so that's that distributed you have multiple locations where the same information resides so let's go ahead and scroll down and take a look they mention here 2-step verification on all accounts what is 2-step verification the first step in bare is your username and password so that's one step verification now the second step is gonna be what they say here you will enter a code from your mobile phone adding an extra layer of security so that second piece that's the second step that's that code that you're gonna get in your phone they're not calling it out here but they have two different ways of offering 2-step verification they have SMS which is when you're gonna get a text message and then they also offer the use of Google Authenticator we're gonna go over how to use these in an in a future video but until we do that video if you are using the SMS you're gonna want to switch and use a Google Authenticator because it's a lot more secure hackers can actually clone your phone they can gain access to your text messages so what you're gonna want to do is use a Google Authenticator option we'll talk about that more in future videos okay let's scroll down a little bit further now this is they're telling us that they use SSL HTTPS so we look up here we got HTTPS this means that our data transmission on this website from coinbase servers to our current machine is that data transmission was encrypted so anybody sitting in the middle capturing that data they wouldn't be able to read it and that's it says our web traffic runs entirely over encrypted SSL now now they talk about their wallets and private keys are stored using aes-256 encryption this is industry standard now scrolling down more they give us more details they're giving us details about the organization application and authentication so let's take a look they gave us two pieces of information about employees they say employees got a they have to pass a background track in order to get hired and they also say employees are required to encrypt their hard drives utilize strong passwords and enable screen locking maybe an employee takes their machine home and then their machine gets stolen it might have some information on there so they're saying that all employees have to have their hard drives encrypted and they have to use a strong password this next piece is an application piece this piece gets technical they call out the fact that they use sequel injection filters and they talk about to prevent cross-site request forgery attacks they use they verify the authenticity of the post put and delete request now if you're technical and you want to read up on cross-site request forgery attacks I'm gonna leave a link to that wiki page in the description that's what this C s RF stands for so if you wanna if you don't know about that and you want to look into it more I'm gonna leave a link in the description down below regardless of if your technical or not you can understand this they say they they rate limit it variety of actions on the site so what does that mean that means you can't look you can't try to log in a huge number of times so typically if there's a hacker and they're trying to break into your account well they're gonna have so they're gonna have a program that will be able to try to log in thousands you know a times per second what's gonna happen if they try that then they're gonna get the rate limit is gonna kick in and it's gonna it's gonna slow them down make it to where it's not really feasible for them to sit there and try to brute-force your your password and then they talked about here they whitelist attributes on all models to prevent mass alignment vulnerabilities this is another thing if you're technical we'll leave a link to this down in the description this next one authentication says they hash their passwords stored in the database they check for strong passwords on account creation and application credentials are kept separate from database and code base so what's the code base the code base is the actual source code of all their applications they're saying that their passwords that kept separate that's a good practice coinbase bug bounty program we're gonna take a look at that in the next video last thing I want to mention in this video is actually another video his videos titled fraud prevention at scale and it was a talk given by Olaf Carlson we about a year ago now even though this video is a year old is still very relevant to security at coin base because in this talk about halfway through it's a 20-minute talk about 11 minutes in he starts talking about coin base and the security at coin base and how they handle all of the things that we went over gives it a lot more detail about it and I think the way he talks about in the way he explains it he does it quite well should be sure to check out this video I'm gonna leave a link in the description down below I hope this video was helpful please like the video subscribe and support those deep Blizzard channel thank you