If Coinbase is the future of Bitcoin, then I want off this ride.
Bitcoin. It’s still a thing, apparently. There have been many ”things” in the past, like pet rocks or flagpole-sitting, but unlike those “things”, Bitcoin is defying the trend (and haterz) and is gonna live forever! Problem is that it hasn’t really caught on, and the people who do get interested in the ‘Coin lose it very quickly when they realize how batshit insane the community is to deal with. That’s why a lot of the marketing towards attracting new bagholders has been about how easy Bitcoin is to use.
When looking at Bitcoin’s legendary “ease of use“, no one has cornered the market better than Coinbase. Coinbase is so easy; all you need to do is create an account and link it to your bank. It’s just that simple! Or is it?
I first signed up for Coinbase around April of 2013, when it was the only player in town that could let people buy and sell Bitcoin by linking a bank account. Coinbase was one of the first services, if not the first, that let you just buy Bitcoins with a bank account. And, for the most part, it still is – it is still incredibly difficult for newbies to obtain Bitcoin outside of services like Coinbase or Circle.
So I decided to sign up for another account, just to see what the user experience was like from the start. I’d forgotten how rough it was.
Coinbase has a beautiful website, clean and clearly laid-out, with the sign-up form right in the middle of the front page. (There’s also a link to a standalone form in the top menu, presumably for the sake of completeness.) From there, you enter your email address and desired password (which, oddly, it only asks for once). Then you verify your email address. Done. That’s all you need to create an account; now you have a basic wallet. To test mine, I sent 25 cents from a friend’s old account to the newly-created wallet. I now had enough BTC in my account to buy the first part of an ebook about homemade explosives manufacturing on Silk Road. However, if I wanted to buy Bitcoins from Coinbase to get the second part, I needed to verify my phone. This is mandatory. You cannot get around this step if you want to buy Bitcoins from Coinbase.
If you click “Skip, I’ll do this later”, it just goes back to your wallet. You have to give them a phone number. Why would it want that? To spam me? To send me dirty pictures deep into the night? No, much worse.
Enter 2-Factor Authentication. On a “2FA”-enabled site like Coinbase, you first enter your username/email address and your password, then a random string of numbers is texted to your phone, and when you enter that, it lets you access your account. It sounds simple, and, to a degree, it is. But Bitcoiners are the people who turned buying stuff from Amazon, the site with the “1-Click Checkout” button, into a middleman-heavy descent into madness, so you know they’re going to fuck something up. This is just the start.
The major flaw with 2FA is that, if you lose access to your device (whether by losing the phone or by simply switching numbers/computers/accounts/Yubikeys/etc.), you are permanently blocked from your own account. Coinbase, thankfully, lets you use Authy to change your phone number (we’ll get to that in a second), but what if you forget your old number? Where is the “Forgot your Password?” option then? There is none. And it’s the same in every scenario with standard 2FA. Forgot your phone number? Fucked. Friend threw the phone into a lake, trying to be funny? Fucked. Hardware melted in a mining rig-heated bedroom? Fucked. Switched out hard drives, but had your only key on it and can’t access your account unless you have the key back? Fucked, and on NBC News.
Coinbase has a reset system as Kafkaesque as the FTC trial against BFL, where, yes, a password can be reset, but only if it comes from a known IP address/device. If your phone is gone, and that was the only way to access the account, and the account cannot be opened without the device, then there is a backup, and that’s asking for help from Coinbase, which logically circumvents all these security features in the first place.
That’s how security here has been designed: one way in, by way of M.C. Escher. And if someone else gets access to your 2FA-registered device, you still lose, because it technically wasn’t a security breach! Someone who wasn’t you used your device, registered to you, to access your account and steal your Bitcoins, and you’re left holding the bag because there’s no way to differentiate between you and the thief. (Except IP addresses, which get logged, but these guys could just use Tor or something.)
Of course, as mentioned earlier, you at least have the option of pairing your account to a new device, but that’s another can of worms. First, you enter your old phone number, then the new one. You then wait 2-3 days for Authy to do… something. Along the way, they will spam you with emails about the process. I know this because when I changed my phone number earlier this year, I went through that process. Over three days, I got six separate emails telling me the same thing: you requested a phone change, so now we’re going to bug you to death.Those “We’re reviewing your petition” emails? Exact same, each one. Literally no difference except the date. They had to tell me the exact same message three times in a row. And, somehow, my spam folder (!) had three more of the things.
This is assuming you have a phone number, which I didn’t last year after moving from Boise to Boston and ending my service with T-Mobile. Two weeks after the move, I finally had some free time to get a new phone number. But during that interim, I was completely locked out of my account and had no control over my own (Bitcoin) finances. I’m sure if that happened with a real bank, I’d have recourse. But here, none. All roads in Coinbase security lead to delays and waiting, and there’s not a damn thing you or I can do in the meantime.
So after this Authy business, I can finally get back into my account. There, I’m stunned by something:
Coinbase is only encrypted with 128-bit encryption. 256-bit AES is the security standard Satoshi himself set as the Bitcoin algorithm for encryption; it is currently the strongest and most secure digital lock and key out there. AES is, if not the highest cryptography standard, at least one of the highest, approved by the NSA for protecting the highest of high-level national secrets. The fact that this Bitcoin “bank account” doesn’t even try for that level of security is odd, especially since I saw this recently when ordering a Game Informer subscription for my little sister:
GameStop has a top-grade encryption standard for buying magazines, but Coinbase, a Bitcoin bank that operates in an industry known for being robbed a lot, does not. Heh.
Coinbase then asked me to create a “Vault”. This article by Coinbase (which I swear has graphics done in MS Paint) explains that the Coinbase Vault is just another way to store coins, but with more security features than a regular wallet. Those features are mainly a system that sends multiple emails confirming any transaction from the vault, and each of those emails being able to cancel any order. The vault is a fucking annoyance to the nth degree. This video is their official look at the vault. Besides not describing what in the hell the vault even is, it has this bit:
The vault basically applies 2FA to transactions. You enter the amount you want to send and who you want it sent to. You confirm by email, yes, I want this sent off. You then confirm again, this time by phone, yes, I want this amount sent off. You then wait for 48 hours, during which you can cancel at any time – in Bitcoin-land, there are no chargebacks (it’s a feature!), so this weird Rube Goldberg time-bomb is the closest you can get if someone else starts spending your Vault coins.
By contrast, with an actual bank vault, I go through a minor security check – “Can I see some ID, and do you have your key on you?” – get my shit, and am done. Which leads to the weirdest thing about security on Coinbase: it is really fucking good at confirming my identity. When I signed up, it confirmed my identity by asking me things like “What street did you live on in Boise?” “What county is your car currently registered in?” “What car do you drive?” What did you do last summer?” Intensely personal shit that tells me they have access to verification materials that far exceeds the basic “Can I see some ID?” security check I’d get at a regular bank vault. I, at that point, had not even mentioned my hometown was Boise, or even hinted at anything related to that kind of information, and yet it knew I was from there. That is advanced security.
In the end, I just named my vault “DA VAULT!” and moved on.
Along with the 48-hour Vault wait, there’s another shitty delay to verify that you’re a big boy and ready for “Level 2 Verification” status, granting you the ability to buy or sell a massive quantity of ‘Coin at once. To do this, it tells you, ”Buy some Bitcoin and wait at least 30 days.”
I’ll repeat that. ”Buy some Bitcoin and wait at least 30 days.”
I have no idea how any bank, let alone any currency, could thrive by telling its customers, “Buy something, and then don’t use the account for a month.” So I decided to ask Coinbase’s tech support about it:
I have no idea how sitting around and waiting for 30 days to be verified makes me a trusted user or protects my account, especially since I’ve already been verified via the world’s pickiest security system, which knows more about my own childhood than I do. Maybe because the account is not being used, there’s no risk I’ll do something stupid (like use it), and possibly get into trouble? Is that the rationale?
Moreover, it’s pointless to try and find out why I need to wait 30 days for this, because even Coinbase’s staff don’t know. And I’m not trying to beat up poor “Rosey” up there; she’s just doing her job. The problem seems to be that info isn’t being told to staffers. And if they don’t know, how the hell am I supposed to? And if I’m not supposed to, what else am I, the customer, not supposed to know? Is there no Coinbase fraud protection, if (when) that (inevitably) happens (when they get hacked because of their low-grade encryption)? No FDIC-insured deposits, or even something remotely akin to that?
Nope. But they have a referral program!
Coinbase is insured for their losses, not yours, through Aon. If your shit gets stolen, you’re screwed, but if they get robbed, they’re good to go! As for fraud protection, there is nothing. I have heard that they cover up to $100 (!) in losses, but I cannot verify that. Hell, I can’t even link to anything, because there is nothing to link to. That’s disturbing to me, because to sign up for this account, I had to send in pretty personal details, like my address, my phone number, my SSN, current bank account info, etc. Besides the fact that they don’t have fantastic encryption in an industry where the biggest bank, Mt. Gox, crashed and burned earlier this year, hackers grab shit all the time from these Bitcoin services. And you’re telling me there is nothing to keep me, the customer, safe?
When looking into their fraud protection, I started out by simply Googling “coinbase fraud”. The first thing that popped up? A site called CoinbaseFraud.com, which aggregates complaints about the company from various sources. Not really a big deal, since these kinds of sites pop up all the time from people who think they’ve been “robbed” by “The Man”, but in an industry where 1 out of every 16 Bitcoins have been stolen, those complaints may hold water down the line. Especially since a lot of them weren’t super outrageous crazy-babble like on r/Bitcoin; it was mostly just “I ordered 1 BTC and never received it.”
At this point, I’d like to point out something slightly unrelated: I have, in the span of about 5-8 minutes of creating and setting up my account, gotten six emails.When I signed up for a real bank account and a credit card with HUECU, I got two:My fear of being spammed has come true, albeit in a slightly different way. Why do there need to be six separate emails? What, exactly, does that accomplish? The first email verified my email address. The second asked me to subscribe to “The Coinbase Blog”, which brags about its 197K subscribers, because Bitcoin has apparently become a YouTube-like race for subscribers. The third is an email I get every time I do anything like buy or sell on the site, meaning you will get 2 emails for each transaction going forward. The fourth is a promotional thing that I’ll get to in a bit. The fifth email was when, during the creation of “DA VAULT!”, I needed to verify my 2FA and then add an email address to my phone number for my username to work. It’s fucking stupid, and I still don’t understand it. The last email just confirms the vault was set up.
What did the real bank’s email do? The first email confirmed I created an account and asked me to confirm my email. When I did, it just sent me to the login, then my account page. This may have had something to do with the fact that I already verified everything the first time. The second email confirmed I had applied for a credit card, linked to the account I just created. It told me I’d get a call in a few days to verify things, and I may need to come into the bank to do so. I didn’t have to, though, because they verified everything on their own since all my info was linked to the main bank account, something Coinbase seemingly cannot do (although, to be fair, Authy was able to see I had two accounts with the same number and linked them).
Back to that fourth Coinbase email: as a promotional deal, I got $1 in BTC for creating an account. Excited to put this towards a future heroin addiction, I waited for it to verify (Coinbase waits for six confirmations from the blockchain before it deposits funds).
The transfer started at 3:06. Transfers are supposed to only take an “instant” 10 minutes. Yet at 3:22, there was still nothing.
Then I read the text:
Turns out, in order to get my $1, I need to verify my bank account. And, if I don’t do it within 30 days, the money goes back to Coinbase, in the same way that if you don’t collect your tip on Reddit, it goes back to the original tipper. To quote a fellow shill:
You see, if your tipee doesn’t claim their Bitcoin in 21 days it goes back into your tipping pool. Wouldn’t it be nice that if you tipped that waitress at Denny’s, she doesn’t spend that
$20$10$5$2.80 and instead of her being able to save it for a rainy day, it just found it’s way back to your wallet? That’s how bitcoin works! No chargebacks but we can still have takebacks! (Source)
The bank verification, by the way, is basically the same as PayPal’s. Either you can “Instantly Verify” (which has never worked on this site, I’ve tried on three separate occasions), where Coinbase logs into your bank account with your real bank’s username and password, or you check your account in 2-3 days and see what amount of pennies were withdrawn and re-deposited.
Five days after I made the account, I get the time to verify. I’m excited, since this is the first time I get paid for doing anything Buttcoin related, even if it is just a dollar. I’m seeing it more as a dollar-off coupon for some counterfeit art on Silk Road 3. I look at my account, see that the amounts are there, and enter them. I expect my precious $1 to be there. It isn’t. And a week later, it still hasn’t shown up. I don’t know why. The complaints I read from CoinbaseFraud.com immediately popped into my mind.
During the writing of this article, Coinbase announced ”USD Wallets”, which allow users to hold actual money in their accounts and, if they so desire, “instantly” convert them over to Bitcoin. Currently, this has only been released in select states to users who have verified their wallets.
Deciding to give them one more shot, I tried their new-fangled USD system. It really reinforced the fact that these people have no idea what the fuck the word “instant” means.
First, some good news: Coinbase’s USD Wallets are FDIC secured. I think. They say on their page:
Customer funds stored in Coinbase USD Wallets are held with an FDIC-insured financial institution.
Yet their user agreement hasn’t been updated at all to include anything on USD Wallets, and therefore there isn’t any info on who the institution in question is. Moreover, the fact that they haven’t updated their user agreement is both ridiculous and shady, because it presents no clarity on the legal aspects of using the wallet, nor any sort of restitution should something happen to your actual money. So there is no way to verify whether or not it’s like that $100 insurance rumor from before, or even the amount it’s insured up to. We can assume $250,000, because that’s the FDIC mandate, but can we really be sure if it’s not even on their ToS?
Barring that, how does it work? To use the “USD Wallet”, you must deposit cash from your linked bank account. I didn’t want to put more than $1 into this, but the minimum is $10:
“Your funds will arrive in 4 business days,” it says. Fine. I can almost accept that. But accounting for the weekend, four business days ended up being nearly a week:
This implies that they’re doing nothing at all on Tuesday itself, despite the fact that there is no defined cutoff time, and everything is supposed to be automated. If I want my “instant” Internet bucks before my sister gets her Game Informer magazine (ordered at the same time, mind you), I need to order on Sunday or Monday only. Otherwise, I don’t get my funbux until next fucking week. Currency of the fucking future.
I got my Surprise Rubles, and then tried to figure out, on my own, how the fuck to convert them to funbux. I was expecting a button on the USD wallet page that said “Convert USD to BTC” or something, because I keep forgetting this is the same community that gave use the multi-step way to buy stuff on iTunes, Gyft. Turns out in order to convert, I needed to go to the “Buy” tab and enter the amount in my USD wallet I wanted to convert.
It was confirmed and transferred in a little under a minute. Still not instant, but by far the fastest time I’ve dealt with so far with Coinbase.
There were no instructions on how to convert them. The only thing in the FAQ was what USD wallets even were. I had to ask their customer support. (Who, by the way, are pretty great.)
So, in the end, it took me a little under two months to get my Coinbase account up and running, and a week more to add cash to the account. I started this article started at the beginning of November with the intention of getting this done ASAP. Instantly, if you will.
Meanwhile, in the UK, the Brits have set up a system that sends money anywhere, anytime, for just a few pennies per transaction. NPR’s Planet Money did a test by having the 50-year-old man who set up the system send his daughter £10 for a beer in New York via text, while he was in his home in London. She got it in 15 seconds, an entire ocean away.
fuckman
December 31, 2014 @ 12:07 pm
you suck dont post ever again you piece of shit
Nicsho
January 4, 2015 @ 9:49 am
Why does every comment here have 8 upvotes exactly?
Wampler Longacre
January 16, 2015 @ 4:19 am
His clicking-finger got tired. (And his mom called him to bed.)
disappointedbutt
December 31, 2014 @ 12:58 pm
stupid post you dont even know what you are talking about. and its not even funny. i miss borderpatrol.
Nicsho
January 4, 2015 @ 9:48 am
I do know what I’m talking about. I did research. Its not supposed to be funny, really, but I did try at some points (Which you didn’t like, I guess). And borderpatrol still writes most of the stuff on here, under the name “Buttcoin”.
Wampler Longacre
January 16, 2015 @ 4:19 am
That’s amazing … I was so keyed-in to the bad capitalization and lack of apostrophe in “don’t” … that I actually SAW “your” instead of “you are” right afterwards. My mind just swapped in the shitty grammar of “your”, even though it wasn’t there, because it just so clearly felt like it should be there…
You must be some kind of hypnotist!
buttfrustrated
December 31, 2014 @ 1:26 pm
Seriously, give it up. You’re the worst writer ever. EVER. Buttcoin doesn’t deserve you ruining it like this.
Nicsho
January 4, 2015 @ 9:47 am
Man, you sound so definitive. Like, I’m the worst writer, ever. EVER. Also, great username!
buttfuckoff
December 31, 2014 @ 2:03 pm
jesus shit this is terrible
willfe
January 1, 2015 @ 11:54 am
I know. It’s so embarrassing watching someone repeatedly posting the same mindless, abusive comments again and again from obvious sockpuppet accounts just to attack an author who wrote an article they didn’t like.
Poor guy must have lost a fortune investing in bitcoin and now he’s lashing out at everyone who was smart enough to criticize and stay away from it.
Nicsho
January 4, 2015 @ 10:08 am
Probably.
Greyhawk
December 31, 2014 @ 2:15 pm
If NicSho Is The Future Of Buttcoin, Then I Want Off This Tripe.
Nicsho
December 31, 2014 @ 4:45 pm
Down with tripe!
Alin
December 31, 2014 @ 3:46 pm
The kids are pretty fuckin’ mad about this one, you must be on the right track.
Nicsho
December 31, 2014 @ 4:44 pm
I think Greyhawk (or someone else) just made a bunch of new accounts to try to insult me. Personally, my roommate and I think it’s hilarious.
Greyhawk
December 31, 2014 @ 5:06 pm
oh, you CAN be funny after all
Nicsho
January 4, 2015 @ 10:08 am
Thank you!
fuckman
December 31, 2014 @ 5:44 pm
lets be clear: everyone hates the article because it isn’t funny. I stopped reading after a few paragraphs because its like 12 pages of you attempting to use bitcoin for some reason, with a bunch of interspersed unfunny link alt-texts.
the point of buttcoin is making fun of people who use bitcoin and the stupid shit they do, yet you are literally one of those people doing their stupid shit (and in a way that isn’t even humorous). you don’t belong here, please dont attempt to write again.
one last time i’d like to re-emphasize that nothing in this article is funny at all and you should leave.
Nicsho
January 4, 2015 @ 10:06 am
Not everyone hates this article. Even the comments from r/Bitcoin were kind. So, right off the bat, you’re wrong. But, barring that, you don’t get a voice. You stopped reading “after a few paragraphs”, your words. You don’t get to judge the whole piece based on “A few paragraphs”. For you to finish your rant by saying “one last time i’d like to re-emphasize that nothing in this article is funny at all and you should leave” is asinine. You do not get to read “A few paragraphs”, then declare “nothing in this article is funny”. Come back when you’ve read my “Novel”, and I’ll respond in kind.
The point of this article was to explain how tedious Coinbase is to use, and for no real reason. There shouldn’t be 10 emails sent in 5 minutes during the sign up process. There shouldn’t be random delays like not being able to use the account for 30 days, or weeklong delays for “Instant” Bitcoin buys. There shouldn’t be zero protection for your stuff while Coinbase is insured by one of, if not the largest insurance companies in the world against theft. And overall it shouldn’t have taken me 2 months to deal with all this stuff just to buy $25 worth of BTC that, as of today, is now worth $19 USD. Coinbase proves Bitcoin is a giant waste of money, and therefore time. That is the point of the article.
Buttcoin is a comedy site. That’s the only thing you are right about. And the piece should have been punched up a lot more. But if you are looking at this as “I’m not laughing”, then you have missed the point entirely, and should really feel ashamed for writing such an insulting and pointless comment.
Wampler Longacre
January 16, 2015 @ 4:15 am
Yeah well you’re not funny at all!
honeybunch2k10
July 3, 2015 @ 4:49 am
Exactly. Coinbase and Bitcoin in general is pretty $hitty. Of course, the cultists will be upset.
Buttman
December 31, 2014 @ 4:00 pm
Jesus, do you actually expect people to sit down and read all this horseshit? I’d ask if you even read what you post, but that’s almost certainly beyond the level of human tolerance for garbage.
Nicsho
January 4, 2015 @ 6:41 pm
This went through 51 revisions over 2 months, and was looked at by 2 other people who all agreed it was okay to publish. While its not a masterpiece, its certainly not what you’re describing. Also, great name!
Josh
December 31, 2014 @ 8:19 pm
“I am a journalist by trade.” For what, the Weekly World News?
Stop posting.
Nicsho
January 4, 2015 @ 10:09 am
Weekly World News died in 2007. Along with my talent.
Trucutru
January 1, 2015 @ 2:41 am
Nicsho: I know that you want to become a writer/journalist but you have to realize that you *suck* at both things. Ar a fundamental level. Like, seriously, first try to understand what makes good reading and then, only then, begin writing short, concise articles. Good luck.
BTW, You’re also not funny, and I’m afraid that cannot be fixed (don’t post in a comedy website, seriously)
chris
January 1, 2015 @ 5:42 am
found the bitcoin hodler
Nicsho
January 4, 2015 @ 10:12 am
Dear Trucutru ,
Thank you for your insightful comment. After reading this, I decided to try my hand at goldsmithing. I lost that hand. I miss it. Its the hand I used in the Bitcoin circlejerk. Please tip me so I can pay for hand surgery?
Sincerely,
Nic Schweitzer, Amateur Oncologist.
Wampler Longacre
January 16, 2015 @ 4:14 am
U JUST JELLY
Alafoss
January 2, 2015 @ 3:40 am
Why is none of this novel funny?
I thought we were promised dirt on how coinbase operates, not what ever the fuck this is.
Anon1
January 2, 2015 @ 10:19 am
This guy scks and i hate every thing about him imma dox him soon just u wait lol XD.
Nicsho
January 4, 2015 @ 9:45 am
Please do. I’m dying to see what’s on my permanent record (according to Bitcoin).
Nicsho
January 4, 2015 @ 10:13 am
That was never promised. Who told you that?
Shark
January 3, 2015 @ 6:00 am
Who cares if it’s funny or not? This site exists to point out how shitty Bitcoin is. Nothing about this article requires all this belly aching and whining.
If you want funny, read r/bitcoin
Nicsho
January 4, 2015 @ 10:19 am
Thank you!
anon2
January 5, 2015 @ 10:52 am
Man, you really hit the nail with this article!
I’ve been following you guys for almost half a year now, and I kinda missed the shitflinging at the comments that old articles used to have. It seems that the change from buttcoin to fundation did cut some of your most casual public.
It’s always funny to see the balant trolls in action. Keep up with the good work!
-AHS-_Prism
February 15, 2015 @ 8:33 pm
i’m sorry king of the dickheads had an hour of time to waste to tell you this article sucks because i couldn’t stop grimacing in embarrassment at the fact that you put yourself through all this shit for comedy / criticism’s sake, holy shit i love this article and i’d love more well written descriptions about how frustrating various bitcoin related services are to realistically use
honeybunch2k10
July 3, 2015 @ 8:52 am
So far bitcoin and coinbase seem pretty awful. Let’s see, a week to get your money, err, bitcoins? SERIOUS? If banks or credit cards did that, they’d go out of biz very quickly. Coinbase and bitcoins are newbie friendly.
Ghost of Bruce Lee Roy
July 30, 2015 @ 3:50 pm
i like coinbase so i couldnt even finish this garbage. Did you not know that you can view text messages from your computer? Take off sms notifications badges on locked screen and if the phone is stolen scramble it. Not that the common theft would really know who’s phone he is stealing or bitcoin for that matter. I just wasnt sure if you were serious,you friend throwing your phone into a lake as some kind of joke? You are a stupid ass do you know that?