By Ben MunsterCryptocurrencies
Knock on wood: Coinbase is the only exchange yet to suffer a breach.
CEO Brian Armstrong revealed a secret to its success to Wall Street Journal reporter Paul Vigna at Consensus this morning: it hires spies, unbeknownst to most of the staff, who attempt to infiltrate the exchange’s offices and compromise the network.
“We hire third-party firms to try and break into it,” he explained. “They pose as candidates applying to work at Coinbase. Typically, only the head of security and me know that it’s a drill.
But the person will come in, and apply for a job, and try and get into the office, and try to break into our systems.”
Want the best of crypto news straight into your inbox? Sign up to Debrief.
Any luck? “They might breach one or two” layers of security, Armstrong said. But better them than, say, the hacker that stole $40 million from Binance. Or the hacker that stole $450 million from Mt. Gox. Or the hacker that stole $16 million from Cryptopia.
Armstrong said that customers’ funds are stored in a geographically distributed database and that the exchange is building the “generation four” of its cold-storage system—wallets that holds customers keys offline—which is rebooted every 18 months.
That’s a far cry from $190 million in a dead man’s wallet.
> First person to hack coinbase gets a billion dollars in crypto, lets go!
If you're envisioning Tom Cruise hacking into a computer like in Mission Impossible, you're not being creative enough. Much more likely scenarios include:
- Insider jobs. How many engineers at Coinbase have access to hot and cold storage? If you built the system in the first place, you could likely cook up a plan to syphon off a little (or a lot).
- Incompetence/negligence, software is made by humans. Do a little light reading on [Mt Gox](https://en.wikipedia.org/wiki/Mt._Gox). For the people going 'I'd just sue Coinbase if they lose my money', it's been what, four years since Mt Gox exploded, and people will likely get pennies on the dollar after the lawyers take their share.
- The US government decides Bitcoin is a threat to the dollar, and 'socializes' Coinbase in the interest of national security. If you disagree with having your money seized, you're clearly a terrorist and should pipe down. For everyone saying this is unlikely, they've already done it, read up on [BTC-E](https://en.wikipedia.org/wiki/BTC-e).
Just bite the bullet and order yourself a [hardware wallet](https://trezor.io/). They're cheap.
Well, they seem to think there is:
## Digital Currency
Coinbase prioritizes the security of our customer's funds, all digital currency that Coinbase holds online is insured. If Coinbase were to suffer a breach of its online storage, the insurance policy would pay out to cover any customer funds lost as a result. Coinbase holds less than 2% of customer funds online. The rest is held in [offline storage](https://www.coinbase.com/security).
Please note that the insurance policy covers any losses resulting from a breach of Coinbase’s physical security, cyber security, or by employee theft. This insurance policy does not cover any losses resulting from the compromise of your individual Coinbase account. It is your responsibility to use a strong password and maintain control of all login credentials you use to access Coinbase.
*For more on securing your account, see* [*here*](https://support.coinbase.com/customer/portal/articles/1447997-how-can-i-make-my-account-more-secure-)*.*