As a part of our mission to build a safe and open financial system, we actively monitor for any security threats not only to Coinbase but to the crypto ecosystem as a whole. As we have discussed in our previous blog post on industry-wide crypto security threats, malicious threats against any crypto user or business are bad for the industry. With this community mindset, we do our best to inform and to defend our community from bad actors.
Over the past month, Coinbase Threat Intelligence, Special Investigations, and Global Intelligence teams have been tracking an ongoing phishing campaign on Ethereum, Polygon, Binance Smart Chain, and other EVM-compatible platforms which has unfortunately resulted in the theft of more than $15M in various crypto assets to date. The phishing campaign does not affect customers who custody funds on Coinbase.com. However, anyone who uses self-custody wallets (e.g. Coinbase Wallet, Metamask, etc.) may be at risk.
The campaign works by airdropping fictitious coins into victim wallets and enticing them to visit specially-crafted malicious websites. Below is an example of one such coin:
Source: Polygonscan
When users attempt to interact with the airdropped tokens such as transferring them to a Decentralized Exchange (DEX), they are presented with an error message encouraging them to visit a malicious phishing website:
Source: Polygonscan
The website presents users with a Decentralized Application (DApp) interface supposedly meant to connect their wallets and approve trading of the airdrop tokens. However, when users approve any transactions on the phishing website, in reality they are unknowingly approving a transfer of their personal tokens to the scammers.
Source: Phishing Site
The scammers change airdrop token names and phishing websites frequently to evade blocklists; however, they still use the same tactics to steal tokens using fake airdrops and malicious Dapps. Nevertheless, you can take the following security steps to defend your assets:
Be wary of airdrop tokens received from an unknown source. It is highly likely these unsolicited tokens are part of a phishing campaign.
Do not visit or connect self-custody wallets to any websites advertised by airdropped tokens through error messages, token names, or other methods.
Do not interact with airdropped tokens (e.g. approving, transferring, swapping, etc.). As annoying as it sounds, it’s best to just leave them sitting in your wallet.
Do not hold high value assets in the same wallet used to regularly interact with Dapps. Use cold storage or custodial solutions such freely available Coinbase Vault or Custody.
Coinbase is working with industry partners to help limit the damage caused by the scam and we are planning to publish a more detailed analysis of the campaign in the near future.
Starting today, Assemble Protocol (ASM) is available on Coinbase.com and in the Coinbase Android and iOS apps. Coinbase customers can now trade, send, receive, or store ASM, KRL, LCX and TRAC in most Coinbase-supported regions, with certain exceptions indicated in each asset page here. Trading for these assets is also supported on Coinbase Pro.
Assemble Protocol (ASM) is an Ethereum token that powers Assemble, a platform where users and merchants can aggregate, manage, and spend reward points. On Assemble, point providers and retailers can run special events or promotions, providing benefits like discounts for ASM
One of the most common requests we hear from customers is to be able to buy and sell more cryptocurrencies on Coinbase. We announced a process for listing assets, designed in part to accelerate the addition of more cryptocurrencies. We are also investing in new tools to help people understand and explore cryptocurrencies. We launched informational asset pages (see ASM), as well as a new section of the Coinbase website to answer common questions about crypto.
Customers can sign up for a Coinbase account here to buy, sell, convert, send, receive, or store e Coinbase Android and iOS apps. Coinbase customers can now trade, send, receive, or store ASM today.
###
Please note:Coinbase Ventures may be an investor in the crypto projects mentioned here, and additionally, Coinbase may hold such tokens on its balance sheet for operational purposes. A list of Coinbase Ventures investments is available athttps://ventures.coinbase.com/. Coinbase intends to maintain its investment in these entities for the foreseeable future and maintains internal policies that address the timing of permissible disposition of any related digital assets, if applicable. All assets, regardless of whether Coinbase Ventures holds an investor or Coinbase holds for operational purposes, are subject to the same strict review guidelines and review process.
This website contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of Coinbase, Inc., and its affiliates (“Coinbase”), and Coinbase is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. Coinbase is not responsible for webcasting or any other form of transmission received from any Third-Party Site. Coinbase is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by Coinbase of the site or any association with its operators.
Crypto is a new type of asset. Besides potential day to day or hour to hour volatility, each crypto asset has unique features. Make sure you research and understand individual assets before you transact.
By Joe Waltman, Group Product Manager, GiveCrypto.org
Hope everyone had a wonderful summer. GiveCrypto just concluded its first full quarter as a part of Coinbase, so we wanted to share an update with those who are following our progress. As always, we’d love to hear from you.
Coinbase Integrations
As mentioned in previous updates, we’ve been experimenting with ways to make it as easy as possible for Coinbase users to donate to charity. Coinbase has over 68 million verified users, many of whom transact significant sums of crypto on a regular basis. We see a golden opportunity to facilitate charitable donations inside this ecosystem.
Example of the previous, multi-step flow required to donate in the Coinbase app
We have tried to integrate a donation function into Coinbase’s UI before, but we limited those past attempts to banners on Coinbase’s web and mobile properties. Those banners didn’t drive much traffic, and when they did, the user would have to go through a multi-step flow to donate. Because of that, donation volume has been relatively low.
Though these modest attempts weren’t the most effective, we chose to take this cautious approach for good reason: We wanted to be sure that we didn’t confuse users or impact Coinbase conversion rates. We also wanted to minimize the technical complexity of integrating a more prominent donation function until we and Coinbase were fully ready to do so.
We now understand that the real opportunity lies in integrating donation options into primary transactional flows like buy and sell. From integrating back-end services to solving a variety of other technical challenges, we know this won’t be simple. But finding a way for Coinbase users to seamlessly donate crypto would be a big accomplishment — not just for us, but also for the crypto community.
Mock-up of a donate one percent integration in the sell flow
The current plan is to experiment with a ‘donate one percent of your transaction’ mechanic within Coinbase’s “sell” flow. At first, only a small percentage of Coinbase users will be exposed to this experiment as we observe how they impact key guardrail metrics. We’ll then analyze those results to determine our path forward.
As an aside, I’d like to take this opportunity to express how exciting it is to be involved in the innovation we’re witnessing in this industry. We have long believed that Coinbase has the potential to become a leader in the world of philanthropy, and our experience working together has only reinforced that belief. Perhaps one day we’ll be able to promote the verb “give” to a first-class citizen, so to speak, equal to the likes of “buy” and “sell.”
Ambassador Program
Before we give an update on the current status of the ambassador program, it probably makes sense to review the program’s history.
We launched the ambassador program in 2019 and spent the first half of 2020 implementing an RCT in Venezuela. We spent the second half of 2020 experimenting with a crypto donation marketplace that would be similar to GoFundMe or DonorsChoose but fully crypto-based. Ultimately, this didn’t accomplish what we hoped it would, so we decided to pivot back to the ambassador program in early 2021.
Our goal for 2021 was to automate as much of the program as possible so that it could be scaled in the near future. To minimize the manual workload, we started out by automating most of the program’s operational components, but we only invited people we felt we could trust. Giving away money on the internet tends to attract scammers, and we needed some assurances that people would use our funds in good faith.
We quickly learned that it would be hard to recruit ambassadors at scale if we only acquired them through high-trust channels such as labor marketplaces and social media networks. Once we realized that we would need to cast a wider net, we launched a version of the ambassador program that allows anybody to apply.
Before launching this updated version of the ambassador program, we developed fraud detection metrics designed to mitigate Sybil attacks. In simple terms, this helped us ensure that the ambassadors who applied to the program were who they said they were.
In the same update, we also tried to devise a trust score, which is a way of programmatically identifying which ambassadors are acting in good faith. We defined a good-faith ambassador as one who meets two criteria: they select recipients who are actually in need; and their recipients actually do what they say they’ll do with the funds.
Once we recruited a few hundred ambassadors, we found we needed to augment the automated scoring with significant manual investigation and intervention to thwart bad-faith behavior. We’ve thus realized that until our automations have undergone further maturation and validation, we’ll need to filter down the incoming audience.
For these reasons, we have decided to make the following changes:
Focus on the following countries: Venezuela, Colombia and El Salvador
Hire a manager in each country, whose primary job is to recruit trusted ambassadors. We will closely monitor these ambassadors and use the data to inform our automation process.
Monitor the activities of each ambassador’s recipients. We plan to give “good” ambassadors more invites and to extend the length of payment periods for “good”’ recipients.
Begin measuring the impact of donations via self-reported questionnaires and spot checks, which will be overseen by the local manager as well as high-quality ambassadors.
This revised approach will provide the following benefits.
Provide locations with different characteristics (i.e. inflation, crypto adoption, smartphone penetration and regulatory acceptance) but still have high levels of need and minimal logistical challenges (i.e. timezone and localization)
Reduce our team’s need to manually supervise the program
Improve the ratio of high-quality ambassadors signing up
Allow us to facilitate redemption options for recipients, such as stores and cash-out partners
Train and validate our data models on what good behavior looks like across various geographies
We have already started rolling out components of this plan and look forward to more enhancements in Q4. Between this program’s growth and the new donation options, we’re thrilled to see our work paying off.
GiveCrypto Q3 Update was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.
Starting today, Bounce (AUCTION) is available on Coinbase.com and in the Coinbase Android and iOS apps. Coinbase customers can now trade, send, receive, or store AUCTION in most Coinbase-supported regions, with certain exceptions indicated in each asset page here. Trading for these assets is also supported on Coinbase Pro.
Bounce (AUCTION) is an Ethereum token that powers Bounce, a decentralized auction protocol for token and NFT sales. AUCTION supports incentives on the protocol, provides benefits and governance rights for holders, and is used to pay for certified listings.
One of the most common requests we hear from customers is to be able to buy and sell more cryptocurrencies on Coinbase. We announced a process for listing assets, designed in part to accelerate the addition of more cryptocurrencies. We are also investing in new tools to help people understand and explore cryptocurrencies. We launched informational asset pages (see AUCTION ), as well as a new section of the Coinbase website to answer common questions about crypto.
Customers can sign up for a Coinbase account here to buy, sell, convert, send, receive, or store e Coinbase Android and iOS apps. Coinbase customers can now trade, send, receive, or store AUCTION today.
###
Please note:Coinbase Ventures may be an investor in the crypto projects mentioned here, and additionally, Coinbase may hold such tokens on its balance sheet for operational purposes. A list of Coinbase Ventures investments is available athttps://ventures.coinbase.com/. Coinbase intends to maintain its investment in these entities for the foreseeable future and maintains internal policies that address the timing of permissible disposition of any related digital assets, if applicable. All assets, regardless of whether Coinbase Ventures holds an investor or Coinbase holds for operational purposes, are subject to the same strict review guidelines and review process.
This website contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of Coinbase, Inc., and its affiliates (“Coinbase”), and Coinbase is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. Coinbase is not responsible for webcasting or any other form of transmission received from any Third-Party Site. Coinbase is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by Coinbase of the site or any association with its operators.
Crypto is a new type of asset. Besides potential day to day or hour to hour volatility, each crypto asset has unique features. Make sure you research and understand individual assets before you transact.
Starting Today, Wednesday October 20,transferASMinto your Coinbase Pro account ahead of trading. Support forASMwill generally be available in Coinbase’s supported jurisdictions with certain exceptions as indicated in each asset pagehere. Trading will begin on or after 9AM Pacific Time (PT)Thursday October 21, if liquidity conditions are met.
Starting Today, Wednesday October 20 we will begin accepting inbound transfers of ASM to Coinbase Pro. Trading will begin on or after 9AM Pacific Time (PT)Thursday October 21, if liquidity conditions are met.
Once sufficient supply of ASM is established on the platform, trading on our ASM-USD and ASM-USDTorder books will launch in three phases, post-only, limit-only and full trading. If at any point one of the new order books does not meet our assessment for a healthy and orderly market, we may keep the book in one state for a longer period of time or suspend trading as per our Trading Rules.
We will publish tweets from our Coinbase Pro Twitter account as each order book moves through the phases.
Assemble Protocol (ASM) is an Ethereum token that powers Assemble, a platform where users and merchants can aggregate, manage, and spend reward points. On Assemble, point providers and retailers can run special events or promotions, providing benefits like discounts for ASM
ASM is not yet available on Coinbase.com or via our Consumer mobile apps. We will make a separate announcement if and when this support is added.
You can sign up for a Coinbase Pro account here to start trading. For more information on trading ASM on Coinbase Pro, visit our support page.
### Please note:Coinbase Ventures may be an investor in the crypto projects mentioned here, and additionally, Coinbase may hold such tokens on its balance sheet for operational purposes. A list of Coinbase Ventures investments is available athttps://ventures.coinbase.com/. Coinbase intends to maintain its investment in these entities for the foreseeable future and maintains internal policies that address the timing of permissible disposition of any related digital assets, if applicable. All assets, regardless of whether Coinbase Ventures holds an investor or Coinbase holds for operational purposes, are subject to the same strict review guidelines and review process. This website contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of Coinbase, Inc., and its affiliates (“Coinbase”), and Coinbase is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. Coinbase is not responsible for webcasting or any other form of transmission received from any Third-Party Site. Coinbase is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by Coinbase of the site or any association with its operators.
Crypto is a new type of asset. Besides potential day to day or hour to hour volatility, each crypto asset has unique features. Make sure you research and understand individual assets before you transact.
Starting today, ARPA Chain (ARPA) and Perpetual Protocol (PERP) are available on Coinbase.com and in the Coinbase Android and iOS apps. Coinbase customers can now trade, send, receive, or store ARPA and PERP in most Coinbase-supported regions, with certain exceptions indicated in each asset page here. Trading for these assets is also supported on Coinbase Pro.
ARPA Chain (ARPA) is an Ethereum token that powers ARPA Chain, a computation network that enables privacy-preserving smart contracts, data storage, and scalable off-chain transactions. The ARPA token can be used to pay for data and computation in addition to governing the future of the network.
Perpetual Protocol (PERP) is an Ethereum token that powers Perpetual Protocol, a decentralized exchange for perpetual contracts. Using perpetual contracts, users can open leveraged long or short trading positions for a variety of assets.
One of the most common requests we hear from customers is to be able to buy and sell more cryptocurrencies on Coinbase. We announced a process for listing assets, designed in part to accelerate the addition of more cryptocurrencies. We are also investing in new tools to help people understand and explore cryptocurrencies. We launched informational asset pages (see ARPAandPERP), as well as a new section of the Coinbase website to answer common questions about crypto.
Customers can sign up for a Coinbase account here to buy, sell, convert, send, receive, or store e Coinbase Android and iOS apps. Coinbase customers can now trade, send, receive, or store ARPA and PERP today.
###
Please note:Coinbase Ventures may be an investor in the crypto projects mentioned here, and additionally, Coinbase may hold such tokens on its balance sheet for operational purposes. A list of Coinbase Ventures investments is available athttps://ventures.coinbase.com/. Coinbase intends to maintain its investment in these entities for the foreseeable future and maintains internal policies that address the timing of permissible disposition of any related digital assets, if applicable. All assets, regardless of whether Coinbase Ventures holds an investor or Coinbase holds for operational purposes, are subject to the same strict review guidelines and review process.
This website contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of Coinbase, Inc., and its affiliates (“Coinbase”), and Coinbase is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. Coinbase is not responsible for webcasting or any other form of transmission received from any Third-Party Site. Coinbase is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by Coinbase of the site or any association with its operators.
Crypto is a new type of asset. Besides potential day to day or hour to hour volatility, each crypto asset has unique features. Make sure you research and understand individual assets before you transact.
Facebook has chosen Coinbase as its custody partner for its pilot of Novi, a new digital wallet that enables people to send and receive money abroad instantly, securely, and with no fees.
For the pilot, Coinbase is supporting Novi via Coinbase Custody, which keeps user funds secure with our proprietary, fully segregated cold storage capability for managing private keys.
Novi users who can participate in the pilot can acquire Pax Dollar (USDP) through their Novi account, which Novi will hold on deposit with Coinbase Custody. Novi users will then be able to transfer USDP between each other instantaneously.
Novi users’ funds will be held within Coinbase Custody Trust Company, a qualified custodian and a New York limited purpose trust company. Coinbase Custody Trust Company is regulated by the New York Department of Financial Services and is a fiduciary under New York state banking law. Novi users also benefit from Coinbase Custody’s leading insurance program, which includes a $320 million commercial crime policy.
Coinbase Custody is a leading crypto-native platform and custodian that securely manages $180 billion (as of 6/30/21) of crypto assets on its platform. Over the past nine years, Coinbase has developed deep expertise in secure and scalable crypto infrastructure, which we initially built to power our own first party applications. We then productized this infrastructure and now supply our secure infrastructure solutions to the rest of the market. This includes our leading custodial solutions, multi-venue algorithmic trade execution, staking support, financing, defi access, compliance, and market and on-chain data analytics.
We believe that in the future, every company will be a crypto company, including fintech platforms, banks, social media, gaming companies, and consumer brands. Our goal is to arm them with the best tools possible so their own users have a first-class experience and participate in the cryptoeconomy.
To learn more about Coinbase Institutional’s full suite of products and services click here.
Please note:Coinbase currently supports Pax Dollar (USDP) under its original ticker Paxos Standard (PAX) which was rebranded on August 24, 2021.
