I'm trying to work out how much risk I'm willing to accept by using Coinbase. If one of their programmers intentionally wanted to become a bad actor (say for example they catch wind that they are going to be fired), could a Coinbase developer easily cause billions of dollars in damage by somehow transferring coins out of the client accounts?
Any money/btc you have in coinbase should be money you are happy to lose. It is an IOU note from coinbase to you, but without the strong guarantees you'd get with a bank. With bitcoin especially it is possiblef or someone (State, Criminal, Software Bug) to run off with all their money and leave them bankrupt in a matter of seconds. It could happen in the next 10 seconds. This is unlike conventional business!
So I'd think of it like this. Say you want to buy $10000 of BTC. You are only 'happy' to lose $1000.
Transfer $1000 in to Coinbase. Get BTC. Transfer that to your own offline wallet. Once confirmed, transfer the next $1000 in to Coinbase.
I say this as someone who has lost some Etherium in BTC-e, which I transferred 6 hours before they were seized. Luckily I got the lions share of it back (about 80%) from Wex but that was just lucky. If it is in an exchange it can be lost.
Finally only keep in Bitcoin money you are happy to lose. I won't go into why but it should be obvious you cannot guarantee 100% you will remain in "control" of your address (due to hackers, amnesia, tech failure and untrustworthy friends/family), although you could get to 99.999% by taking precautions.
I don't know how good those insurances are. I assume FDIC is good. Although you'd have less of a 'reason' to keep fiat on an exchange unless you are trading.
For the crypto - well it depends on the insurance I can't really say how effective it would be. I'd worry it would pay out in fiat what the coin was worth at the time, which could be disappointing during a rally, plus you have to wait for the payout, plus it might be a taxable event? And of course the insurance may just not pay out. What if they decide it was your fault your coins were lost?
Coinbase fully insures all digital currency against losses resulting from a breach of Coinbase’s physical security, cyber security, or by employee theft.
If you're in the US, fiat deposits are covered by the FDIC just like bank deposits up to $250k:
Depends on how good their security protocols are at the point of attack.
If their security is really really really good they should be able to publish (and advertise) the details of every step and still be secure.
Unless I completely misunderstand the essentials of security, which I might. Can someone school me?
In the end though their security is only ONE point of detail to concern yourself with when investing. The really really really important detail though is your belief in the rock stead control of your emotions. That should be 60% (or more) of your calculated risk. Because, as we know, humans are always the weakest link in any system.
I've heard this over and over, and I totally understand your concern.
But I think there's at least one reason to stay on Coinbase though, and it's their insurance against security breaches, including employee theft (note my comment above).
I'm not individually insured against bitcoin theft, and I also think there's a non-zero risk of making an irreversible mistake with my own offline storage. I'm not incompetent, but I can't claim mastery of the bitcoin protocol either, therefore I assume I can mess things up.
So yeah, you don't get your private keys, but insurance on your full balance is worth something to some people, in some cases far more than the assumption that nothing will ever go wrong with your own wallet (if you feel comfortable with that assumption, great).
So I'd think of it like this. Say you want to buy $10000 of BTC. You are only 'happy' to lose $1000.
Transfer $1000 in to Coinbase. Get BTC. Transfer that to your own offline wallet. Once confirmed, transfer the next $1000 in to Coinbase.
I say this as someone who has lost some Etherium in BTC-e, which I transferred 6 hours before they were seized. Luckily I got the lions share of it back (about 80%) from Wex but that was just lucky. If it is in an exchange it can be lost.
Finally only keep in Bitcoin money you are happy to lose. I won't go into why but it should be obvious you cannot guarantee 100% you will remain in "control" of your address (due to hackers, amnesia, tech failure and untrustworthy friends/family), although you could get to 99.999% by taking precautions.