UK Markets close in 6 hrs 56 mins
  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.

Security tips for investing in cryptocurrency

In this article:
  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.
  • COIN
  • ETH-USD
  • DOGE-USD
  • BTC-USD

Coinbase Chief Security Officer Philip Martin told Yahoo Finance how to stay secure while investing in cryptocurrency.

Video transcript

[MUSIC PLAYING]

ZACK GUZMAN: Welcome back to Yahoo Finance Live. In this week's Crypto Corner, the dust has settled since crypto exchange Coinbase made its public debut earlier this month with their direct listing. The stock's traded slightly lower, as analysts have come on to this program with price targets at $500, $550, even 600 bucks a share. But one point they've all returned to has been maybe one of the most overlooked value props that Coinbase brings to the table in their eyes, which would be custody and security in a space that's rife with examples of big crypto hacks when it comes to centralized exchanges.

So how has Coinbase been able to build up its security fortress? And what should new adopters in the crypto space know about the threats that may be mounting behind the scenes? Well, here to break that down for us is Coinbase chief security officer Philip Martin. And Philip, appreciate you coming on here to chat, man. There's a lot of misconceptions--

PHILIP MARTIN: Yeah, thank you for having me.

ZACK GUZMAN: --I think about when it comes to hacks in the crypto space because people might think about Mt. Gox and what happened there with kind of centralized hacks of platforms. But it seems like the same concerns that might hit your bank account and password hacks and logging into individual accounts are kind of the same there. So talk to me about what you see and what people should know.

PHILIP MARTIN: Yeah, and thanks for that introduction. I think that's actually the most important message that I have today, is that a lot of the same risks that consumers deal with in their online lives, over the rest of the services they use, are also present in cryptocurrency. I think the two most important things to tell consumers here is that-- or to remind them of, is, number one, scams exist in cryptocurrency, just like they exist everywhere else in the world. If it's too good to be true, it probably is.

And two is some basic hygiene measure to really improve your own personal security, both in cryptocurrency and broadly across your sort of internet service portfolio. That is very, very briefly, number one, use a password manager. Use unique passwords across every single website that you interact with. And a password manager can make that just super easy. And number two, use two-factor authentication. That is a situation where you have both a username and password and a second form of authentication, like a code in a text you get, which you should only use if that's your only option, or better would be a code from an app you use or a hardware token like a UB key.

ZACK GUZMAN: Yeah, and I mean, in the cases-- in the rare cases that we've heard of complaints from customers when these things happen, when somehow bad actors have been able to work around maybe things that are put in place like two-factor authentication, it's different than what we might see with banks and credit card fraud because banks generally would return that. With crypto, obviously, irreversible transactions, so interesting for that. So how does Coinbase maybe look at that piece of it and the role that they can play in maybe, A, preventing some of these bad actors, but then also, B, making customers whole, since it's a bit different than traditional banking?

PHILIP MARTIN: Yeah, Zack, you're exactly right. The irreversible nature of transactions in cryptocurrency are really a key difference between what happens post-attack in traditional finance versus cryptocurrency. And in cryptocurrency, we spend-- Coinbase in particular spends just a ton of time and effort and care building in pre-loss controls detecting when bad things are happening and stopping them from happening once they happen, right?

And I think we are very, very focused on ensuring that not only are we stopping bad things from happening, but we're also working with our partners across the crypto economy to say, hey, look, if these funds have left Coinbase, the perform, and go to yours, these are the results of a crime. And we want them back, right? So we're extremely active in building that kind of a community within cryptocurrency.

AKIKO FUJITA: Philip, ransomware attacks getting a lot of attention from the government right now. When you consider that about $350 million was collected last year, triple what it was the previous year, you've got a government task force now looking at how to regulate this space. There's no question it's coming in some form. When you know the vulnerabilities and where they are, what do you think that regulation should look like?

PHILIP MARTIN: Yeah, I think that's a really interesting question, Akiko. I think for ransomware in particular, there are some very interesting parallels you can draw to the development of traditional sort of kidnap for ransom activities that have been developing for, I assume, for hundreds of years. And I think that we can bring regulation to bear around minimum levels of security or establishing standards for security. I think that's the right way for us to push. I think we push the other side into trying to regulate the payment of ransom. That's where we get into a very tricky area of incentives that I think is going to be a minefield to walk through.

AKIKO FUJITA: What about looking at some of the regulations that we've seen in traditional exchanges? A lot of people look at KYC, for example, Know Your Customer rules. Should that be extended to those like Coinbase?

PHILIP MARTIN: So this is a very common misconception that we don't do that. We, in fact, are subject to the same AML, KYC standards as any other bank. Remember, FinCEN and-- across-- around the world, right, we are both meeting standards in the US and every other country in which we operate and have fiat banking rails.

ZACK GUZMAN: Lastly, I mean, when we look at the security issues here, obviously, Coinbase has been pretty, you know, protective. And they have got a policy in place when it comes to adding assets to the platform. There are ones that haven't been added that are traded quite common. I would think about Dogecoin maybe being one of them. How does security plan to-- maybe a piece of that decision. What do you look at when it comes to project-specific factors in adding assets to the platform?

PHILIP MARTIN: Sure, that is such a great question. I obviously can't address any specific cryptocurrency, but generically, I think we look at what we call-- from a security perspective, what we call a custody ability, right, which is the principle-- asking ourselves, when we receive one of whatever cryptocurrency this is, do we believe the cryptocurrency protocol is built such that we will be able to give one back to whoever-- whichever customer gave it to us, and then not have something other than-- so something in the underlying protocol prevent that or cause a loss related to the protocol. It's very, very in-depth, technical, hard work. And the team does a great job of making sure we're listing safe, secure assets.

AKIKO FUJITA: Phil Martin, Coinbase Chief Security Officer, joining us from Sunnyvale today. Thanks so much for your time.

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting