Coinbase Wallet to Support Bitcoin (BTC) in Both iOS and Android Versions

On Tuesday (February 5th), Coinbase announced Bitcoin (BTC) support for its highly popular "user-custodied crypto wallet" app for iOS and Android.

Coinbase.com ("Coinbase Consumer") is "a digital currency brokerage." It "can also act as a custodian, storing your digital currency for you after you purchase it." In contrast, Coinbase Wallet is "a user-custodied digital currency wallet and DApp browser," which means that "with Wallet, the private keys (that represent ownership of the cryptocurrency) are stored directly on your device and not with a centralized exchange like Coinbase Consumer." A Coinbase Consumer account is not needed if you want to use Coinbase Wallet, and you can download it from anywhere.

Coinbase Wallet is a mobile app that initially only supported Ethereum (ETH) and Ethereum tokens (ERC20 and ERC721). On 26 November 2018, support for Ethereum Classic (ETC) was added. And starting today, it supports storing, sending, and receiving Bitcoin (BTC).

According to the blog post by Coinbase Wallet Product Lead Siddharth Coelho-Prabhu, this "new Wallet update with Bitcoin support will roll out to all users on iOS and Android over the next week." He also says that "Coinbase Wallet supports both newer SegWit addresses with lower transaction fees, as well as Legacy addresses for backwards compatibility in all applications."

Coinbase Wallet Example.png

Furthermore, Coinbase Wallet "also supports the Bitcoin Testnet to aid developers and power users." As for support for other coins such as Bitcoin Cash (BCH) and Litecoin (LTC), Coinbase wants you to know that the Coinbase Wallet team is currently working on adding support for additional cryptocurrencies. 

All Images Courtesy of Coinbase

Coinbase Says Recent Zero-Day Attack Targeted Staff, Not Investors

Neil Dennis

Coinbase sought to reassure investors on Thursday over concerns that customer accounts may have been targeted in an attack that exploited a recent Firefox zero-day.

The San Francisco-based cryptocurrency exchange said that the attack, discovered on Monday, had targeted Coinbase employees and that the exchange and its customers' accounts were untouched.

Software Vulnerabilities

A zero-day is a vulnerability in computer software that can remain unknown to those who provide and use that software for several days or weeks, yet - if discovered by hackers - can provide the opportunity to exploit that weakness for mischief or profit.

Coinbase's cyber security team, led by Philip Martin, discovered the zero-day vulnerability in Mozilla's Firefox software and reported it immediately to the web browser provider, which then issued a patch to rectify the fault.

However, the zero-day event may have lasted for weeks, according to Google engineer Samuel Gross who helped develop the patch. He reported on Twitter that he had reported a bug in Firefox to Mozilla in mid-April.

Coinbase Security on the Alert

While it remains unclear how soon attackers noticed the vulnerability and how extensively the bug was exploited, Coinbase detected the attack on its staff before the hackers could dig deeper into the back-end network from where they could have stolen funds from the exchange.

Philip Martin explained on Twitter that the security team "walked back" the entire attack and reported the zero-day to Firefox. He added the team was working with other organizations to "continue burning down attacker infrastructure and digging into the attacker involved".

He continued: "We’ve seen no evidence of exploitation targeting customers. We were not the only crypto org targeted in this campaign. We are working to notify other orgs we believe were also targeted.

Martin concluded: "If you believe you have been impacted by this attack or you have more intel to share and want to collaborate with us on a response, please reach out to [email protected]"

Growing Problem

Zero-day attacks are on the increase. A 2018 survey by the Ponemon Institute called the State of Endpoint Security Risk report, said respondents reported that 37% of cyber attacks launched against their companies were zero-day events. This was a 48% increase from 2017.

Meanwhile, 63% of the survey's respondents said that the frequency of zero-day attacks had increased over the previous 12 months.