Login | Register

Coinbase online payment system

Coinbase
https://coinbase.com/

Updated on October 11, 2012
Views: 7737 | Clicks: 275


Website Screenshot



General Information

 

 

Glyphicons_055_stopwatch
Instant Payments

Payments arrive at the speed of an email (just a few seconds) and are confirmed within the hour. No more waiting three business days for checks.

Glyphicons_037_credit
Low Transaction Fees

Coinbase charges just 0.5% when you buy or sell bitcoin via bank account transfer. After that all bitcoin-to-bitcoin transactions are free.

Glyphicons_163_iphone
Pay By Phone

Our website works great on modern smartphones (iPhone, Android, etc). Just visit coinbase.com from your mobile browser.

 

Glyphicons_263_bank
Simple Transfers

Use your bank account to purchase bitcoins. Transactions are processed within two to three business days. (coming soon)

Glyphicons_280_settings
Merchant Tools

Easily create "buy now" or donate buttons. We also offer full shopping cart integration. (coming soon)

Glyphicons_040_stats
Widespread Adoption

About $2 million a day (USD) is already being transacted in bitcoin. It's quickly becoming an international currency.

Currencies

Bitcoin

Countries of use

USA

Users

private and business

Fees

0.5% when you buy or sell bitcoin via bank account transfer

Recent news

Posted on October 15, 2019
Pay Coinbase Commerce merchants directly with your Coinbase account

By Eli Haims, Product Manager, Coinbase Commerce

As of today, customers of Coinbase Commerce merchants are able to pay for goods and services directly out of their Coinbase account. Instead of copying complex cryptocurrency addresses and long decimals of amounts, you can simply log into your Coinbase account, select a wallet from which to pay, and we handle everything necessary to ensure the correct amount of cryptocurrency reaches the correct merchant address. Customers who do not have a Coinbase account, or wish to use another wallet, are still able to do so.

Not only does this simplify the customer experience, it also reduces the operational burden on merchants to resolve issues with payments. Cryptocurrency wallets pull exchange rates from various sources, which may have slight variations that cause payments to be a couple of cents over or under what was expected. Merchants must then manually inspect and resolve a charge before delivering the purchased goods. When customers pay with Coinbase, these payment mismatches will no longer occur.

Regardless of whether a customer chooses to pay with their Coinbase account or from another wallet, all transactions on Coinbase Commerce are still secured by the blockchain and deposited directly into the merchant’s user-controlled wallet.


Pay Coinbase Commerce merchants directly with your Coinbase account was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read more on Coinbase
Posted on October 14, 2019
Ethereum Smart Contract interaction out of the coldest of storage

By Max Blaushild, security engineer, Coinbase Custody

(This blog post reflects a talk that Max Blaushild gave at Devcon 5 in Osaka, Japan)

At Coinbase Custody, security is our top priority. The strength of our battle-tested cold storage solution is why more customers choose us to hold their funds than any other custodian on the planet.

We use friction as a feature, introducing obstacles such as offline storage, single use addresses and human validation that make it extremely difficult for attackers to steal our customers’ funds.

This friendly friction comes with certain trade offs however. Our solution natively struggles with the sort of on-chain network participation that makes Ethereum great. Interacting with dApps like Maker Governance, or participating in signalling events like the Edgeware lockdrop require many transactions to be signed with an address that holds funds, which violates our one-transaction-per-address rule.

We’ve discovered a simple, yet effective pattern that allows us to bypass these restrictions. By leveraging the power and safety of smart contracts, our customers can have their cake (hold their crypto safely) and eat it too (use it to do neat things with smart contracts)!

How do we pull this off? Let’s dive into it!

Proxy Smart Contracts

We use smart contracts as a bridge between our cold storage system and these on-chain Ethereum contracts.

When we choose to integrate with a new network, like Maker Governance, we start by writing a customized smart contract that wraps around their smart contracts’ APIs like a glove. These ‘proxy’ smart contracts all come out slightly different, since they wrap different functionality, but share a few core similarities.

First, they are exceedingly simple. All storage variables are set when the contract is deployed, and never change. No branching logic is implemented in these contracts as well. Regardless of their simplicity, a 3rd party security audit is performed to ensure the safety and security of these contracts..

For instance, the proxy contract we used to allow our customers to participate in the Edgeware lockdrop was less than 30 lines of code with only one externally callable method:

Second, they are designed to interface with only a single cold address. This keeps all client funds segregated and maintains the security and auditability of all actions taken by this contract.

Third, and most importantly, these contracts are all configured to return funds to, and only to, a pre-set cold storage address. Securing this out-channel gives confidence that once we move funds into these contracts, their only possible destination is a Coinbase Custody Cold storage address.

Using our Proxy Smart Contracts

When onboarding a customer to a new network integration, we start by delegating them an address controlled by our Ethereum wallet service called Macbeth. This address never receives customer funds. Rather, it is used exclusively to make contract calls for our customer to their proxy smart contact. You can think of it as an “admin” address.

We then use this address to deploy a proxy contract on behalf of the customer. This address and the return Coinbase Custody Cold storage address are the only addresses able to call the contract:

Next, we process a standard withdrawal to send the customers funds from cold storage to the smart contract. Once the customer’s funds have been transferred to their proxy, the fun can begin!

To perform a network action, we simply use Macbeth to call the proxy contract method that facades the intended network method on behalf of our customer. In the instance of Maker Governance, we have the method on their contract that performs a vote:

Which is in turn wrapped by our proxy method:

When a customer wants to vote, they press a button on our UI without having to provide any keys or integrate with any Ethereum identity provider. We then handle all of the heavy lifting for them, grabbing the address of their proxy contract from the blockchain, forming their transaction and broadcasting it to the blockchain:

In conclusion

Our proxy smart contract pattern provides a frictionless user experience when interacting with Ethereum smart contracts. Moving the customers’ funds to a specialized proxy smart contract allows us to sign specific transactions behind the scenes, while maintaining the safety and security of client funds.

Through the use of this pattern, our customers have successfully participated in Edgeware Signalling, and now, Maker Governance. We have many more integrations planned for the future as well!

If you’re interested in helping us expand our bridge between cold storage and smart contracts, or just want to build cool things with blockchains in general, please apply for an open position at: https://www.coinbase.com/careers.

We’d love to have you!

This website contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of Coinbase, Inc., and its affiliates (“Coinbase”), and Coinbase is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. Coinbase is not responsible for webcasting or any other form of transmission received from any Third-Party Site. Coinbase is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by Coinbase of the site or any association with its operators.

All images provided herein are by Coinbase.


Ethereum Smart Contract interaction out of the coldest of storage was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read more on Coinbase
Posted on October 11, 2019
Next step on our European journey: Coinbase is granted an e-money licence in Ireland

The next step on our European journey: Coinbase is granted an e-money licence in Ireland

Coinbase becomes one of just a few companies to receive the e-money licence, which will enable us to expand our Irish operation and ultimately deliver a better product to customers across some of our fastest-growing markets.

At the end of 2018, we announced our first step into Ireland with a new office in Dublin — one of the capitals of Europe’s burgeoning cryptoeconomy. Today, we are happy to announce that we have been granted an e-money licence by the Central Bank of Ireland.

Europe represents a huge opportunity for Coinbase and today’s announcement is another positive step for us in the region. The approval from the Central Bank of Ireland will now enable us to expand our Irish operation and deliver a better product to customers across some of our fastest-growing markets. It will also allow us to secure passporting for our customers across the EU and EEA.

We are committed to ensuring that our customers have the same safeguarding and security as any regulated financial institution, and the approval of a second European regulatory authority demonstrates our position as the world’s most trusted cryptocurrency platform.

The licence is another important step toward our mission of creating an open financial system for the world.

Martin Shanahan, CEO, IDA Ireland congratulated Coinbase on this important milestone and said: “Coinbase’s choice of Dublin for this operation reinforces the strength of Ireland as a destination for financial services companies, providing a consistent, certain, pro-enterprise policy environment for businesses to grow and thrive.”

This website contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of Coinbase, Inc., and its affiliates (“Coinbase”), and Coinbase is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. Coinbase is not responsible for webcasting or any other form of transmission received from any Third-Party Site. Coinbase is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by Coinbase of the site or any association with its operators.

Unless otherwise noted, all images provided herein are by Coinbase.


Next step on our European journey: Coinbase is granted an e-money licence in Ireland was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read more on Coinbase
Posted on October 11, 2019
Coinbase Custody now supports Maker Governance

Coinbase Custody continues to pioneer active crypto-network participation directly from our industry-leading offline storage. Starting today, all clients who hold MKR in their Coinbase Custody account can participate in Maker Governance. We’re especially excited to launch this capability ahead of the upcoming MakerDAO MCD vote on 11/15/19.

Maker voting dashboard inside Coinbase Custody

Governance on Coinbase Custody

To date, crypto asset managers have been forced to withdraw their funds from 3rd-party custodians to participate in on-chain governance. This has kept many would-be voters on the sidelines as these potential participants need to avoid the risk of moving assets or first-party voting solutions. Starting today, we now support our clients with the industry’s first, fully integrated governance solution that works directly out of offline storage.

Coinbase Custody is fast becoming critical infrastructure for the cryptoeconomy. Governance is another step in our journey to give our clients the platform they need to fully engage with the emerging crypto asset class.

Technical Details

Marrying active participation with offline storage is another example of the fun and innovative problems we solve at Coinbase Custody. We’re excited to share some of these stories and implementation details over the coming days. To start, check out this excellent deep-dive from our Security team into how we enable staking and voting out of cold storage.

If you own MKR and are looking for a way to securely participate in MakerDAO governance, you can open an account with Coinbase Custody here.

Coinbase Custody is the world’s largest and fastest growing crypto custodian. If you’re interested in helping to build the utility phase of crypto, we’re hiring!

This website contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of Coinbase, Inc., and its affiliates (“Coinbase”), and Coinbase is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. Coinbase is not responsible for webcasting or any other form of transmission received from any Third-Party Site. Coinbase is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by Coinbase of the site or any association with its operators.

Unless otherwise noted, all images provided herein are by Coinbase.


Coinbase Custody now supports Maker Governance was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read more on Coinbase
Posted on October 11, 2019
Voting and Staking from the Ice Box

By Adam Everspaugh, Ph.D.

Coinbase security engineer, Adam Everspaugh, Ph.D., provides a deep dive into what it takes to usher in the utility phase of cryptocurrencies without degrading security. In particular, he looks at how the Coinbase security team designed a way for customers who store their assets with Coinbase Custody to participate in Maker (MKR) Governance and Tezos (XTZ) staking from the security of cold storage.

How does one permit customers to participate in cryptocurrency ecosystems while still protecting funds?

Coinbase operates a world-class cold storage system for storing private keys. This is coupled with an elaborate offline key generation ceremony. Together, these enable us to protect over a billion dollars worth of digital assets spread over 30+ distinct asset types.

But investing, speculating, and hodling isn’t enough--our customers are active participants not just investors. They invest because they believe in the interesting and untapped properties of programmable money. They want to use their digital assets: to vote, participate in staking, lend, borrow, and more verbs.

In order to support our customers, the security and engineering teams at Coinbase were tasked with enabling some of these actions without putting funds at any additional risk. The challenge here is that actively engaging typically requires hot keys (private keys held in memory and used multiple times); but the stronger, and preferable, protection of funds uses cold keys (private keys stored offline and used only once).

This post discusses the challenges and technical solutions through two case studies: Maker (MKR) governance voting and Tezos (XTZ) staking. The solutions demonstrate a pattern that is instructive for implementers managing funds and for protocol developers. This design pattern can encourage network participants to engage actively in a network’s protocols and still protect funds with offline private keys, if desired.

The Ice Box

Coinbase’s cold storage protects private keys with a defense-in-depth strategy including offline storage, printed materials, threshold cryptography, and encryption. Necessary steps for key reassembly require designated individuals around the world to collaborate and access information on paper stored in secure vaults; interact with HSMs; and then reassemble and decrypt private keys in a secure enclave. Once recovered, a cold storage private key is valid just long enough to sign and broadcast a transaction. After recovery, a cold storage key is marked as “burned”. In our design, once a cold private key is recovered, all funds are transferred out of the address so that the private key is never re-used. In the case of a partial withdrawal, residual funds are sent to a fresh cold storage address.

Maker Governance Voting

To permit our customers to participate in regular (usually weekly) governance votes with the MKR token, we designed a voting system in concert with MakerDAO. MKR is an ERC20 token used for governance voting. To vote, token holders deposit MKR into a designated voting smart contract on the ethereum network. Token holders are credited for their deposits and cast votes in the voting contract. When MKR tokens are withdrawn, votes that have been cast are also withdrawn.

Overview of Coinbase’s Maker Voting design.
1. MKR tokens sent to proxy contract.
2. MKR tokens deposited (“locked”) into Maker voting contract.
3. Administration key used to cast votes through the proxy contract.
4. MKR funds returned to pre-designated cold storage address.

We designed, in collaboration with MakerDAO, a pair of smart contracts and internal systems to enable MKR voting for Coinbase Custody customers. When a Custody customer enables voting for MKR funds, internal systems originate a fresh VoteProxy smart contract on the ethereum network. This VoteProxy contract is associated with a pair of addresses: an administration address (backed by a hot key) and a cold address (corresponding to a fresh, unused cold private key). Customers funds are moved from their cold storage address (causing this cold storage key to be burned) and deposited into the VoteProxy contract. Using the administration key (stored in-memory in a secure enclave), transactions are signed to lock MKR funds into the voting contract. Customers then designate votes to cast and those transactions are signed and broadcast using the administration key.

In the event the administration key is compromised, an attacker could release votes or alter votes. However, the smart contract, by design, restricts the administration key from transferring funds to any address other than the designated cold storage address.

As a contingency, in case the administration key is compromised or lost, the cold storage private key can be used to return all funds to the cold storage address with a single transaction. In this case, the VoteProxy contract and the administration key are effectively useless.

As part of our security process for building MKR voting, we put our design, smart contract source code, and the source code for the MakerDAO through an expert, 3rd-party audit. Thanks to this diligence: auditors identified critical vulnerabilities in the Maker voting smart contract; MakerDao rapidly fixed and deployed a new voting contract with no impact to user funds; and Coinbase confidently deploys MKR voting knowing that customer funds are secure.

Design Patterns

The critical design pattern here is a separation of concerns through multiple private keys. Actions (lock, release, vote in the case of MKR) are executed with an administration key--which can be kept online (hot). But the administration key cannot transfer funds anywhere except to the previously-designated cold storage address. Funds remain protected at the same level of security as our cold key. And compromise or loss of the hot key does not put funds at risk. Full control of funds is possible in this contingency because the cold private key can be restored and used to sign transactions. (Coinbase has strong disaster recovery in place for cold storage keys.)

Tezos Staking

The same pattern emerges in the Tezos protocol’s proof-of-stake block validation. In fact, we modeled MKR voting on our experience building Tezos staking. The Tezos protocol supports this separation of concerns natively. To support staking, internal systems at Coinbase originate smart contracts on the Tezos network. The smart contract (a KT address) is created by an administration (hot) key and is associated with a managing (cold storage) address which delegates staking rights to the Coinbase staking node. This delegation is recorded on-chain. Funds are then deposited into the smart contract (KT) and they can only be transferred using the managing private key from cold storage.

Once funds are delegated to the staking node, delegators (Coinbase customers in this case) earn rewards for each block validated and published by the staking node.

Thanks to excellent availability by our engineers, our Tezos staking node has staked more than 100% of the opportunities granted through the lottery for some cycles. The additional opportunities arise when a Coinbase staking node is a runner-up and the designated node is unable to complete its duties within the defined time frame.

Recommendations to protocol designers

Digital assets are meant to be used, but they still need to be secure. In many situations, offline storage without key reuse is the preferred means to manage large funds. Protocol designers should take this into account and permit the use of distinct keys for separation of concerns: voting, staking, funds transfer, delegation, and other actions. Distinct keys permit system builders to manage risks individually for each activity. Depending on the quantity of funds, insurance considerations, performance requirements, and the operating environment, different security measures may be warranted.

The other critical recommendation is to have source code audited by competent, external auditors. These audits should ideally occur before production deployment. Extensive testing is great. Extensive testing and a fresh pair of eyes is best. External security audits are one of the criteria that Coinbase considers when assessing the security posture of a digital asset.

This website may contain links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of Coinbase, Inc., and its affiliates (“Coinbase”), and Coinbase is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. Coinbase is not responsible for webcasting or any other form of transmission received from any Third-Party Site. Coinbase is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by Coinbase of the site or any association with its operators.

Unless otherwise noted, all images provided herein are by Coinbase.


Voting and Staking from the Ice Box was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read more on Coinbase

See all news of Coinbase

Coinbase Comments:

Add your comment