Claims on a Reddit thread that Coinbase may have lied that it stores 97% of user funds in multisig addresses has been refuted by the platform.

Founded in June of 2012, the wallet and platform where merchants and consumers transact Bitcoin prides itself as the world’s most popular way to buy, sell, and use Bitcoin. Hence, any negative claim against it generates huge interests.  

What started the accusations?

The lead comment on the thread by Willidungl reads:

“It looks like Coinbase may have openly lied about the number bitcoins they store to their users and perhaps even to their investors.

They claim that 97% of user funds are stored in multisig addresses. For instance here. The CEO of Coinbase, Brian Armstrong published this blog post in which he shamelessly claims that Coinbase is now storing 'about 10% of all bitcoin in circulation'.

The issue now is that, as we can see on p2sh.info at the time of this post only around 10% of all Bitcoins were held in p2sh addresses.”

A query to Coinbase’s press section via email returned with a Twitter link to platform’s official response from Christina Valencia of theoutcastagency.com. She also wrote that Brian Armstrong is responding within the Reddit thread highlighted to her in the previous mail.

With the username bdarmstrong, Armstrong wrote:

“Is all the FUD really necessary?

  1. yes what I wrote in the blog post is true

  2. not all cold storage uses multisig, we also use key splitting as described here

  3. we have done financial audits (which our investors are privy to) which demonstrate proof of reserves

  4. in addition, here is one we did publicly a long time ago

Finally, the most important point is that if you want to store your bitcoin in a way that does not require any trust of Coinbase at all, you can do so on Coinbase with our multi-sig vault!

I understand you're upset, but before jumping to conclusions, making outlandish claims, and criticizing me personally, please consider that you may not have full information and there may be a much simpler, reasonable explanation.”

Questions upon questions

However the effort does not seem to have addressed what some curious users wanted to know. Willidungl adds that considering the many users of multisig addresses, the percentage of user funds that Coinbase holds in multisig are likely to be far lower than 5% of all bitcoins.

Willidungl writes:

“Coinbase additionally has their 'cold storage' which seems to use some version of key splitting (shamir's secret) which would contain funds owned by Coinbase as well as the remaining user funds that are not in the hot wallet. Is it likely that Coinbase's own Bitcoin funds constitute multiple % of all bitcoins in existence? I don't think so.

If their 'cold storage' does in fact also use multisig, then their lie would be even greater.

So has Brian Armstrong lied to his investors and users? Has he exploited their lack of understanding of Bitcoin to make highly inflated claims?

Considering that many other services use multisig and the total number of bitcoins in p2sh addresses is around 12%, something doesn't quite add up.

Kraken, OKCoin, Bitstamp, Huobi, Bitfinex, Xapo... they all use multisig afaik.

So are you honestly trying to tell us that the funds of all other Bitcoin services and private people that use multisig combined only adds up to 2-3% while Coinbase's funds constitute 10% of all Bitcoins?? Oh the webs we weave...

If repeating your claims is FUD then you should contemplate about this. Why not counter the 'FUD' and simply state the exact number of bitcoins Coinbase holds?"

These questions generated more questions about trust issues on the platform as well as other claims of dishonesty.

shadowrun456 writes in response to Armstrong’s post:

“If what you told was true, then why did you edit a year old post today, after you were called out on being dishonest? How does editing a post from 2015 prove your honesty? I don't know about others, but for me, the mere fact that you sneakily edited a year old post after you were called out on it, proves that you are a dishonest person. If what was posted in that 2015 year post was not true / correct, you should have made a new post explaining and fixing the details, not silently editing it and hoping that no one will notice."

How can Coinbase restore users’ trust?

For those seeking a wallet they can control on their own, Armstrong suggested Coinbase multisig vault saying it remains one of the biggest misconceptions about Coinbase, especially amongst the /r/bitcoin crowd, for a 100% control of private keys on the platform.

CydeWeys says about the thread:

“This is veering deeply into unsubstantiated ad hominem territory. Is Coinbase really failing? Do you have any evidence? I don't think there's much of a connection between user base and block size, especially for a large centralized service like Coinbase that can do a lot of its transactions off-chain.

Has Coinbase always lied? What specifically are you referring to? If they aren't one of the leaders in this space ... then who is? As far as I'm concerned, they and BitPay are the "face" of Bitcoin to casual users. Every time I've bought something online using Bitcoin from a retailer, it's always using one of those two.

You are using lots of strong invective without backing it up that goes against my personal experiences. The one bit of signal that's being lost in all the noise is a request for proof-of-reserves. I think that's entirely reasonable, and I would encourage Coinbase to do it. Unfortunately it's getting completely lost in a fog of unsubstantiated accusations.”

In a subsequent thread, Armstrong admits there was a mistake in one of Coinbase’s posts.

He wrote:

“Our support rep misunderstood the difference between multi-sig and key splitting using shamir's secret sharing, and updated their post to reflect that. It is an easy mistake to make, the distinction is quite subtle and I would guess most people don't fully understand the difference.

Both are potential options for storing funds offline with their own pros and cons. Multisig has the benefit of the keys never being generated all in one place. Key splitting requires you to generate keys in a secure environment, but allows you to use higher numbers for M and N which is beneficial.

Our cold storage uses key splitting for a variety of reasons (one of them being the pro I mentioned above) but Coinbase also allows customers to create multisig vaults where they are in full control of their private keys.

We count both of these in our numbers around helping people store bitcoin. Hopefully this clears things up and apologies for any confusion.”