In a recent interview, Sam McIngvale, Head of Product for Coinbase Custody, described his company’s new staking service for Tezos (XTZ) and explained how it works. 

Sam’s interview was with crypto journalist and podcast producer Laura Shin, and it was released on April 12 as episode 068 of her “Unconfirmed” podcast. 

Sam first talked about this new staking service via a post on Coinblog’s blog on March 29. There, he wrote that Coinbase was announcing Tezos (XTZ) baking for Coinbase Custody clients, and that Coinbase Custody was “proud to be the first full-service, regulated, comprehensively-insured, and 100% offline staking provider in crypto.”

Here are the main highlights of this interview:

  • “Delegated Proof-of-Stake networks work really well with our current offline custody architecture.”
  • “As soon as you deposit your Tezos, what we are going to do is simultaneously delegate that Tezos that is deposited into a cold storage address to a baker that we are running.”
  • “Coinbase Custody is actually purchasing the bond on behalf of our clients. So, we’re the ones putting funds “at risk”. We have hot funds; we have hot skin in the game; our clients don’t. So, their crypto is never at any more risk. Their Tezos, in particular, when they are participating in the Tezos network, through delegated Proof-of-Stake, is never at any more risk than, say, their Bitcoin or Ethereum, which would be similarly held in our cold storage.”
  • “Coinbase Custody, in this case, is running the baker that is actually actively participating in the blockchain, so baking blocks and endorsing other blocks, and our clients’ funds in cold storage are delegated to our baker. So, by doing that, there’s a couple of things we can control. One, we can control the bond for that baker. We can also control a lot of the infrastructure around it to make sure that it is highly secure, highly available, etc. We can also control the payouts from it, so as we earn baking rewards or staking rewards in future chains, we can just pay those out directly to our clients on-chain, but this way, we get to own all the infrastructure and control everything there.”
  • “Texos is actually producing the software that we are running. What we’ve done is sort of stamp the Coinbase effect on there, if you will.”
  • “We sort of drop a Tezos node, if you will, into our infrastructure, into the way we know how to run these nodes at scale… We actually took the private key out of it, so that we could hold that elsewhere, so it’s a bit more secure in terms of baking blocks and controlling our bond.”
  • “There’s a sort of emerging best practice in Tezos and now Cosmos, and it’s called “remote signing”, which means you can actually pull the private key out of the baker on Tezos and the validator on Cosmos, and hold that elsewhere. And the upside here is that if your baker happens to get compromised, the attacker doesn’t have access to your private key and can’t actually move the funds in your bond somewhere else.”
  • “Coinbase has obviously built up its proprietary hot wallet technology over the lasts seven years. We call a secure key enclave Knox.”
  • “We hold the private key for our bond and for our baker in Knox, and the way this actually works from the internet into the internals of Coinbase is we are running what we call an ‘edge node’.”
  • “This is just a very typical Tezos node that’s actually talking to the internet, and it’s going to be talking to the Tezos blockchain. It will inject blocks that we bake back into the Tezos blockchain. Behind that edge node sits our baker. It’s not actually directly talking to the internet.”
  • “Our baker is really only responsible for assembling blocks that we choose to bake or endorsing blocks when it gets chosen to endorse.”
  • “It will take the header of a block that its’s about to bake, and pass that off to Knox.”
  • “Knox will take the private key that is in there. It does a few checks. It checks to make sure this is only a baking or endorsing transaction. It also checks to make sure that it hasn’t signed anything for this block height. We want to make sure we are not double baking. If it hasn’t, it will sign that header, hand it back to the baker.”
  • “The baker will instruct the rest of the block, and hand it to the edge node, and that will broadcast it out to the network.”
  • “And so, by decomposing a lot of these pieces, an attacker can get into a couple of different places, and we are OK.”

You can listen to Laura’s interview with Sam either via the “Unchained Podcast” website, via the “Unchained Podcast” YouTube channel, or by downloading this episode of the “Unconfirmed” podcast using a podcast player (such as Google’s “Podcasts” app for Android).

Featured Image Courtesy of Coinbase