Coinbase has distanced itself from exchanges with a loose grip on customer funds—cough, cough, Quadriga—by, for the first time, disclosing how its insurance policy operates.
The recent Quadriga saga (which saw an exchange owner die while supposedly in sole possession of the crypto keys to unlock $190 million of customer assets) underscores how vulnerable cryptocurrency exchanges are. So today, amid rising concerns over lax or non-existent coverage for high-risk crypto assets, Coinbase security chief Philip Martin revealed in a blog post that the exchange has, since November 2013, insured up to $255 million worth of funds—those stored in customers’ online “hot wallets”—with Lloyd’s of London syndicates (the, er, centuries old insurance brokers with the longstanding culture of sexual harassment).
“If the worst happens and Coinbase loses customer funds, customers deserve certainty that they will be made whole,” wrote Martin.
In the “traditional banking world” insurance is a standard. In the U.S., for instance, it’s taken care of by the FDIC— a U.S. government corporation. However, FDIC insurance is only designed for fiat insolvency, so can only be used to cover customers’ fiat deposits.
To fill the void, Coinbase has developed an insurance plan that focuses on a pressing threat for cryptocurrency owners—protection from hacking. It further covers loss of funds due to “insider theft, fraudulent transfer… in addition to the physical damage or theft of private key data in cold storage.”
The policy doesn’t, however, cover any “failures of the underlying currency,” like 51 percent attacks. Bizarre, dystopian threats like that are, we presume, part of the fun of owning cryptocurrency.
Philip went on to explain that funds are protected by insurance companies that operate in a tiered structure that decreases exposure to centralized risk:
“If a loss occurs, insurers at the lower layers of the tower would pay first, followed by those in higher layers,” he says. “Multiple insurers may take positions in a single layer, in which case they share a loss. This structure exists to enable insurers to build a diversified portfolio of risk and avoid any one loss wiping out an entire insurer.”
All in all, writes Martin, the money Coinbase has spent on insurance should be enough to cover the regular outflow of funds to the exchange and the funds contained in hot wallets, and take into account price spikes. Cold/offline assets are insured on a “per-customer basis,” he said, though losses to funds in cold storage tend to stem from personal mishaps—misplacing or breaking a hardware device, for instance—meaning the coverage is “limited.”
It’s not “fully comprehensive,” to use the industry’s own lexicon, but the Coinbase offering is a damn sight better than QuadrigaCX’s insurance policy, which, er, didn’t exist.