Happy New Year and best wishes for 2015 to all.



This morning I watched Olaf Carlson-Wee, 1st employee and currently Head of Risk at Coinbase discuss the ways in which Coinbase as a custodian stores private keys (customer funds). The video only has 67 views so far. It’s early days for Bitcoin after all. As a non-technical person, it was impressive to learn that Coinbase utilizes a multi-sig, multi-country, multi-bank, multi-employee setup.



From working at Kraken, and since joining OKCoin, I have had the good fortune of meeting many of the most influential people in the Bitcoin ecosystem this year in all parts of the world. It’s been incredible and inspiring. There’s much more we can do to work together to increase Bitcoin adoption.

Fundamentally, I don’t believe Bitcoin companies should be in the business of convincing customers who is more secure.



Go onto any Bitcoin company website, and you will see slogans that read something like:



“All customer funds are kept in deep cold storage.”

“We use encrypted servers and the highest levels of enterprise security.”

“We have never lost customer funds.”

“Insert Name verified our proof of reserves as 100%.”

“All customer funds are fully insured by insert company name.”

“We have funding from insert venture capital firm.”

It’s hard for me to understand what that means and I don’t think other mainstream users do or should be asked to either. Rather than security as a marketing project, we as an industry should take serious steps to collaborate to ensure all of us are acting as trusted custodians. While holding private keys is an option for some individuals, it’s likely that mainstream users will rely on third party custodians. That has major implications.



Coinbase being more secure than say Morgan Stanley isn’t enough. The global Bitcoin ecosystem must be more secure than the existing global financial system.

Individuals making deposits in the US don’t bother comparing the security practices of bank vs. bank. That is because $250,000 of funds are insured by the FDIC. The moral hazards of such a scheme notwithstanding, the fact that FDIC is labeled onto all chartered banks ensures that customers do not have to think about security. In addition, the Federal Reserve acts as a lender of last resort in case of any failures in the system.



The Bitcoin world has no such ‘failsafe’.



Bitcoin protagonists like to say faith in math is better than faith in people (central bankers) but the truth is that the security of most funds in the Bitcoin ecosystem are relying on people and will continue to rely on people. We should all manage that reality in a manner that instills faith in the Bitcoin ecosystem.



Our industry should not compete on security. There is no lender of last resort like the Fed, and no FDIC for Bitcoin. Therefore, all players should seek to improve their security practices and share / collaborate with fellow industry members to ensure the security of the entire ecosystem.

Every player in our industry has a vested interest in making sure best security practices are followed by other participants. If one wallet provider learns of an innovative new phishing attack that it has thwarted, the method of prevention should be shared with other wallets and exchanges in a timely way. Let’s all compete to our hearts content on execution, on speed, on UI/UX, on marketing, on use cases, on features, on team, on anything else. Let’s not compete on security for it hurts all of us collectively and individually.

I look forward to a great 2015 and am excited for what’s to come.



Please feel free to reach out to me @liujackc on Twitter