Coinbase’s New Multisig Vault Gives Users Control Over Keys

Jon Southurst
Oct 29, 2014 at 17:18 UTC
Updated Oct 29, 2014 at 22:03 UTC

Coinbase vaults

UPDATE (29th October, 21:30 BST): Updated with comment from Coinbase CEO Brian Armstrong.


Coinbase announced today it is adding multi-signature (multisig) features to its Vault product, giving users greater control of their own security.

The company’s Vault feature initially launched in July and is aimed at users wishing to store larger amounts of bitcoin in a more secure manner over longer periods, with delayed withdrawals and multiple approvals.

Different than Coinbase’s regular wallet, Multisig and regular Vault accounts are not intended for everyday spending, and lack certain convenience features like API access, two-click checkout, pre-authorized debit/subscription payments and off-block chain microtransactions.

Speaking to CoinDesk, Coinbase CEO Brian Armstrong sought to frame the new service as one that would appeal to the platform’s more tech-savvy bitcoin users as well as new institutional clients that want a secure way to manage their bitcoin holdings.

Armstrong said:

“The multisig vault will […] help onboard large institutions such as hedge funds and high-net-worth individuals who don’t want the counterparty risk of Coinbase storing their bitcoin.”

Customer demand

In a blog post this morning, Coinbase said several Vault users had demanded control over their own private keys in the wake of security breaches leading to money loss at other exchanges.

“Users are rightfully cautious about anyone claiming to store their bitcoin,” the post said, adding that Coinbase now stores more bitcoin than any other company in the world, as far as it knows.
Multisig private keys will be optional for users who feel safer with this option, while Coinbase will still maintain its own security systems for regular Vault users.

Coinbase will not be able to move funds from multisig storage by itself, protecting users from potential contingencies like hacking attacks or bankruptcy of the company. It also means that Multisig Vault users assume responsibility for storing their keys, which the company is now unable to decrypt and produce if a user forgets his or her passphrase.

In statements, Armstrong acknowledged the larger arguments surrounding how it handles customer funds.

“I think even if some customers choose to let Coinbase manage security for them, they will appreciate the fact that we provide this option since then it will be their choice,” he said.

Notably, the company has also produced an open-source tool for users to be able to retrieve their coins should the site go offline.

Multiple keys

Multisig Vaults for individuals feature the ‘two-of-three’ key structure, where Coinbase and the customer retain one key each, and Coinbase will keep a third shared key that is encrypted by the user’s passphrase.

Users can withdraw spend bitcoins using just their own private key and the shared key, without needing to go through Coinbase. For organizations or families, there is also the option to create ‘three-of-five’ Multisig Vaults with multiple key holders.

Armstrong stressed that he feels that Coinbase’s adoption of multisig technology continues an industry-wide trend that has been ongoing this year.

“I feel multisig was a very important innovation for the bitcoin community and there have been some great product announcements now as a result of that in 2014,” he said.

Multisig Vault, like Coinbase’s regular Vault, is a free service and available to all users from today.

Keyring image via Shutterstock