Coinbase Points the Finger

Photo courtesy of Coinbase.
Tracking Big Tech through the lens of patent filings.

While the best case scenario for cybersecurity is to stop attacks before they happen, Coinbase is planning for the worst. 

The company is seeking to patent a system for “database recovery” in the event of a failure. Basically, if a database fails, this tech allows Coinbase users to access their data on a remote device. 

Here’s how it works: First, Coinbase encrypts the user’s data in a database. If a database failure happens, the data is sent – still encrypted – to the user device or account. The system then sends the encrypted data, signed by the user with some form of digital signature, to what Coinbase calls a “recovering server.” The server verifies the validity of the digital signature, decrypts it with a recovery key and sends it back to the user. 

Coinbase defines a failure as more than just a cyberattack, noting that a failure could be anything from a power outage to a disc or hardware crash. The company said its tech is particularly effective when a database is updated frequently and “old data becomes useless.” 

“Distributed database recovery saves the need to manage an expensive centralized backup system by storing/updating the database user record on the user’s machine,” the company noted. 

Flowchart showing order of events for Coinbase’s recovery system. Photo courtesy of the U.S. Patent and Trademark Office.

Like any consumer-facing fintech, Coinbase deals with a large amount of personal customer data and a large number of transactions per day. But helping customers keep hold of their data may be a priority given some of the security breaches the platform has faced over the years. In February, a hacking group that has targeted more than 130 other tech companies went after Coinbase, stealing the login credentials of one of its employees to try and gain access to its internal systems.

“These days, the benefit (of Coinbase’s patent) is basically ransomware attacks,” Raman noted. “That’s the big, topical reason. What they’re patenting is a specific method to make sure that only the right person can unlock from backup.” 

But one bug (or, potentially, a feature) with Coinbase implementing this technique is that it could shift the blame for security breaches away from Coinbase, Ali Allage, CEO of BlueSteel Cybersecurity, told me. By giving the customer the ability to take hold of their data in the case of a database failure, the company could be putting the onus on them to manage the aftermath of a targeted attack. 

Coinbase attempting to point the finger wouldn’t be surprising, given the company is already claiming no responsibility for a recent security breach which cost one user $96,000 in cryptocurrency. (The user is suing Coinbase for the breach, alleging its handling of the matter violated state laws.)

“I’m a little skeptical, because it feels like it came about because they’re looking for cost savings measures and a way of offsetting liability,” said Allage. 

Investing in the Gateway Cities to the American Dream

Demand destruction is a fallacy. Demand hasn’t evaporated, it has simply transformed.
Read More
Deep Dives more

HOA Fees Are Adding to the Housing Affordability Problem

Meta Files Lawsuit Arguing FTC’s In-House Courts are Unconstitutional

Recent News

Google May Use Drones to Keep Data Centers Healthy

Ford Patent Seeks to Keep EV Batteries Running

Amazon is Narrowing the Gap in the AI Race

Cigna, Humana Eyeing a Merger