Sign up to uncover the latest in emerging technology.
Coinbase wants to make sure it’s letting in the right people.
The crypto exchange filed a patent application for a risk-analysis system for “cold restore requests” for digital wallets. With a cold restore, a user transfers cryptocurrency from “cold storage,” or a physical hardware wallet kept offline, to “hot storage,” or online storage, such as within a crypto exchange. (Think of it like storing money in a safe at home, versus in a bank.)
This system aims to determine the risk level associated with that transfer. Using a machine learning model, Coinbase’s system comes up with a “risk score” associated with transferring crypto from a cold state to a hot state, analyzing a host of different factors.
First and foremost, the system analyzes a user’s account history, which includes authentication credential usage, frequency of cold restore requests, transfer limits associated with hot wallets, and whether or not they’ve experienced an attack in the past. It also analyzes the crypto or asset that the user is trying to access specifically, such as looking at the volatility of the assets and “sentiment data corresponding to public discussion” around the asset. It also considers time of day and geographical location of the requester.
If the calculated risk score doesn’t satisfy a certain threshold, the system promptly denies the request.
Because crypto is a common target for theft, cold storage wallets provide additional protections that a typical digital wallet doesn’t, making them “significantly safer” for long-term investors, Coinbase noted. But cold restores can be initiated for malicious purposes, such as in the case of customer impersonation or stolen authentication credentials.
Coinbase is the largest crypto exchange in the U.S. by volume with a quarterly trading volume of $145 billion and $130 billion in assets on its platform. When managing that much in assets, cybersecurity is paramount.
Jordan Gutt, Web 3.0 Lead at The Glimpse Group, said that boosting security measures with tech like this could reflect its efforts to “increase user adoption in preparation for the next bull run.”
“Not only does the patent safeguard their users’ crypto assets, but enables Coinbase to build trust with their user base,” Gutt told me.
Coinbase, however, hasn’t always had the best run with security. In February, The 0ktapus hacking group, which had targeted more than 130 tech companies, attacked Coinbase, stealing the login credentials of one of its employees to try accessing its internal systems. The company also revealed a multi-factor authentication breach in October 2021 that impacted 6,000 customers. And in March of this year, a Coinbase user sued the company after a hack caused him to lose “90% of his life savings,” which the company refused to make whole.
While boosting cybersecurity could help keep users’ assets secure and restore user confidence, the patent doesn’t deal with what happens to the collected data after the fact, said Ali Allage, CEO of BlueSteel Cybersecurity. The machine learning model collects a lot of sensitive user data to make its risk analysis determination, Allage said, and that data needs to be protected in any case.
“They’re trying to figure out how to protect the end user, and my gut feeling tells me that intentions are good,” said Allage. “I think it’s just one of those things where the full picture needs to be thought through.”
Risk analysis using machine learning isn’t exactly uncommon, noted Allage, and plenty of companies use AI fraud detection. This patent may run into obstacles in the approval process unless Coinbase can prove its offering is unique.
Have any comments, tips or suggestions? Drop us a line! Email at admin@patentdrop.xyz or shoot us a DM on Twitter @patentdrop. If you want to get Patent Drop in your inbox, click here to subscribe.