Deep Chain Reorganization Detected on Ethereum Classic (ETC)On 1/5/2019, Coinbase detected a deep chain reorganization of the Ethereum Classic blockchain that included a double spend. In order to protect customer funds, we immediately paused movements of these funds on the ETC blockchain. Subsequent to this event, we detected 8 additional reorganizations that included double spends, totaling 88,500 ETC (~$460,000)
Note: We will continue to monitor the status of the network and update this article with the most recent information we have. Current ETC network status can be found here.
Page 3 of Satoshi Nakamoto’s whitepaper, Bitcoin: A Peer-to-Peer Electronic Cash System, states the following:
“If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains.”
The “honest[y]” of more than half of miners is a core requirement for the security of Bitcoin and any proof-of-work cryptocurrencies based on Bitcoin. Honest action, in this context, means following the behavior described in the Bitcoin white paper. This is sometimes described as a “security risk” or “attack vector,” but is more accurately described as a known limitation to the proof-of-work model.
Failure to meet this requirement breaks several core guarantees of the Bitcoin protocol, including the irreversibility of transactions. Many other cryptocurrencies, such as Ethereum Classic, have also adopted proof-of-work mining.
The function of mining is to add transactions to the universal, shared transaction history, known as the blockchain. This is done by producing blocks, which are bundles of transactions, and defining the canonical history of transactions as the longest chain of blocks*. If a single miner has more resources than the entirety of the rest of the network, this miner could pick an arbitrary previous block from which to extend an alternative block history, eventually outpacing the block history produced by the rest of the network and defining a new canonical transaction history.
This is called a “chain reorganization,” or “reorg” for short. All reorgs have a “depth,” which is the number of blocks that were replaced, and a “length,” which is the number of new blocks that did the replacing.
This, on its own, might end up being nothing more than a minor inconvenience. After all, the transactions all still exist, but they might have been put into a different order, perhaps delaying some of them. However, imagine a miner who also owns a large number of coins. The miner could send those coins to a merchant in a transaction, T, while also secretly extending an alternative block history. The miner’s secret blocks do not include T, but rather include a transaction that sends the same coins used in T to a different address. Call that transaction T’. When the miner reveals this secret history, it will contain T’, not T. Because T and T’ attempted to send the same coins and T’ is now in the canonical history, this means that T is forever invalid, and the recipient of the coins sent in transaction T never even received them in the new, now-canonical history. More info on this can be found here.
What we observed
We observed repeated deep reorganizations of the Ethereum Classic blockchain, most of which contained double spends. The total value of the double spends that we have observed thus far is 88,500 ETC (~$460,000).
Note: A full blockchain analysis is beyond the scope of this article. Further research into the addresses sending the double spend transactions, the history of sends/receives from the addresses, the block fields such as timestamp, and the subsequent movement of miner rewards from attack blocks may shed light on the threat actor or actors behind these attacks.
We observed the following deep chain reorgs:
Common ancestor: 7245623. Depth 4 / Length 7. No double spends were observed in this reorg. We noted that this was a reorg of unusual depth for ETC.
Common ancestor: 7248488. Depth 5 / Length 6. No double spends were observed in this reorg. We noted that a second reorg of unusual depth was highly suspicious, but did not necessary indicate an attack as there was no double spend and the depth was still below the ETC confirmation limit for most services.
The Coinbase team is currently evaluating the safety of re-enabling sends and receives of Ethereum Classic and will communicate to our customers what to expect regarding support for ETC. Coinbase takes security very seriously. As part of that commitment, we monitor blockchains for activity that could be harmful to our customers and take prompt action to safeguard funds. We want to emphasize to customers that Coinbase strives to be the most trusted and safest place to buy, sell, or store cryptocurrency.
* It is actually the chain with the most accumulated work, rather than the chain with the most blocks, that defines the canonical history. In most cases, these chains will be the same
** The block explorer does not properly handle reorgs and labels the transaction as confirmed. Click on the block to see that the block is orphaned.
This website may contain links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of Coinbase, Inc., and its affiliates (“Coinbase”), and Coinbase is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. Coinbase is not responsible for webcasting or any other form of transmission received from any Third-Party Site. Coinbase is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by Coinbase of the site or any association with its operators.
Unless otherwise noted, all images provided herein are by Coinbase.
Last week, I sent a note to the Coinbase team about what we accomplished in Q4. I’m sharing it here with our customers and the crypto community more broadly as I’ve done in the past .
I spent time at the last All Hands of the year reflecting on 2018 as a whole. This year we added a lot of headcount. As expected, this put some strain on communication, decision making, and even trust. We’re a largely new team that still needs to come together and gel, and this will be a major focus of 2019. At the same time, we had incredible successes including everything we launched (see below), outstanding hiring, and a well timed fundraise that sets us up for success.
Below, I’ll do my best to capture everything we accomplished in Q4.
In Q4, we launched everything from new products to requested features to integrations that scale our ability to serve customers. Together with the assets, rails, and geographies we’re adding, we’re building the infrastructure to continue our role as the bridge from fiat to crypto for people all around the world:
PayPal integration: Giving US customers the opportunity to make fast, free withdrawals to PayPal accounts.
USDC: A digital, programmable dollar, launched in partnership with Circle.
Coinbase Earn: Creating opportunity for more people to understand and use crypto by learning about it and earning it.
There is so much work that goes on at Coinbase that enables us to launch features, products, and add assets, all while ensuring we live up to our reputation as most trusted and easiest to use. The following are just a few examples of this kind of work from Q4:
We put security first — we successfully completed an on-blockchain migration of approximately $5 Billion (as valued the week ending Dec. 7, 2018) of cryptocurrency from Generation Three to Generation Four of our cold storage infrastructure.
We established Coinbase Custody as a limited purpose trust company under New York State Banking Law to operate as an independent Qualified Custodian, allowing us to compliantly store more assets and potentially add new features like staking.
Our investments represent our commitment to advancing the ecosystem toward the utility phase of crypto, and fueling projects that get us closer to an open financial system. This quarter, we invested in another round of organizations, including:
Risk Labs (UMA)
Our goal is to maintain the trusted experience our customers have come to expect while adding the assets our customers have come to demand. This quarter, we added more assets than in our entire prior history as a company, and expanded our services to more people in different countries.
Custody now supports ~79% of crypto assets by market cap
…And Coinbase is now available in the following additional regions:
Isle of Man
SO IN CONCLUSION…
I continue to be so impressed by the ability of this team to execute on aggressive timelines, all while solving problems that have never been solved before. This was a year of scaling Coinbase up to meet the demand of the market and efficiently executing to serve our customers.
We asked a lot of everyone on the team. I’m proud of how we rose to the occasion to meet the challenges and opportunities before us this year. I hope everyone has a wonderful holiday with family and friends. Can’t wait to do it all again in 2019.
As with last quarter, I’ll be sharing some of this externally in a blog post in the next couple of days.
Prioritizing security is not just a part of Coinbase’s culture, it’s necessary to our success. Traditional financial institutions have always required a high level of security to protect their customer’s privacy and prevent fraud, but due to the nature of cryptocurrency Coinbase faces an even higher level of risk.
Possession of a private key is control over the currency secured by that key, which removes a step in the monetization of a theft. Rather than needing to sell stolen data, or perform identity theft to turn a data breach into a profit, theft of a private key leads to an immediate financial reward for the attacker. Once a crypto transaction is confirmed, there’s no recourse, no reversals.
Part of any good security program is good visibility into the environment, which runs counter to the notion that sensitive information, like private keys, should be inaccessible. For incident response purposes, Coinbase needs to be able to collect any information off of even our most sensitive services. We needed a remote, real-time forensics acquisition solution built for security. In order to solve this problem we turned to one of our guiding security principles, consensus, and created a new forensics framework called Dexter.
There are already several great forensics acquisition projects out there for every major operating system, and it doesn’t make sense to invest time re-inventing the wheel. Dexter is designed to wrap other tools, where available, to perform forensics tasks. The place that Dexter advances beyond the capabilities that were already available in other tools is the secure approval process for investigations, and the secure retrieval process for forensic artifacts.
Architecture and Use
We started by defining our security requirements. The last thing we wanted to build was remote code execution as a service, so we decided that all forensics tasks must be codified in the application and added through our code review process. We also wanted to ensure the artifacts collected by forensics tasks were end-to-end encrypted back to the investigators that had permission to read them, removing any trust in our infrastructure. In order to achieve our goals for consensus, each member of the response team is identified by a public key and an investigation must receive a number of signatures that correspond to the sensitivity of the tasks defined in the investigation.
Dexter runs as a daemon, ready to collect forensics artifacts when an investigation reaches the required consensus threshold. This daemon is designed to work in a variety of environments, from a linux production environment in EC2 to an OSX or Windows fleet in the office. Investigators interact with Dexter using the command line, where they can issue investigations and retrieve reports, all backed by S3.
The same binary used to start the daemon is used on the command line. To get an investigation into a Dexter daemon, an investigator will use the command line to generate an investigation, sign it, and upload to S3. When creating an investigation, an investigator will decide what tasks to run, and what facts about a host will be used to scope the investigation. The investigator can also instruct Dexter to kill the running containers on a host, or shut down a host, after the investigation is complete. Finally, the investigator can choose which investigators are allowed to read the results of this investigation.
The investigations that get uploaded are simple JSON documents. In this example we see the random ID for the investigation, the forensics tasks to run, and the facts used to scope the hosts that will run this investigation. Dexter has an ability to obscure arguments to some facts using a hash salted with the investigation ID. In this example, the user is obscured so that other hosts that are not in scope would have a hard time determining which user is under investigation.
As other investigators approve this investigation, they will append their signature to the Approvers key, and upload the updated version to S3. Once the investigation reaches consensus, all the hosts in scope will run the selected tasks and create encrypted reports for the selected investigations. When interacting with investigations and reports on the command line, only a minimal amount of the investigation’s ID must be specified to disambiguate the investigation.
Control over who can read investigations is done with a KEK/DEK model (Key Encryption Key, Data Encryption Key). For each investigator who is approved to read the results, Dexter generates a new random AES key, encrypts the report, then encrypts the key with the investigator’s public key. Each investigator can then access their report with their private key.
You can learn more about using Dexter from the repository. The command line is also fully documented here. Dexter is extended by creating new tasks and facts, based on the example task and example fact files.
We’re building a larger vision of incident response at Coinbase that uses automation to reduce the amount of time it takes to get an investigator in front of relevant data. Dexter provides the mechanism to securely collect data. In the future, Dexter will be operated in part by our internal IDS, and once an incident is detected, a secure analysis environment will be created in EC2 to investigate the Dexter reports. This environment can be rich with tools, and have extra protections in place to make sure sensitive data doesn’t make it back to an employee machine. We still have a way to go before our vision is realized, but we’re building it every day.
Dexter is still in its infancy and just beginning to be rolled out, but it was important to me to share this project as soon as possible in order to get feedback from the broader security community. Earlier this year we released Salus, which brings the best application security scanners under one roof. If you think you’d enjoy working in an environment where security is a top priority, reach out to Coinbase, we’re always looking for talented security professionals in all fields.
We’re launching Coinbase Earn in invite-only mode today
Coinbase’s mission is to create an open financial system, where anyone in the world can participate on equal terms from their computer or smartphone. To bring this vision about, we’ll need to make blockchain technology more accessible, both in the sense of making cryptocurrencies easier to obtain and easier to understand.
Coinbase Earn allows users to earn cryptocurrencies, while learning about them in a simple and engaging way. The idea is for users to understand more about an asset’s utility and its underlying technology, while getting a bit of the asset to try out. To manage demand, we’re launching Coinbase Earn today in invite-only mode with a single asset: ZRX. Over time, we plan to add more educational content as well as the ability to earn other cryptocurrencies.
If you’ve received an invite to Coinbase Earn by email, you can go to the Coinbase Earn ZRX page to earn small amounts of cryptocurrency by completing educational tasks like short video lessons and quizzes. But if you haven’t received an invite yet, don’t worry — you can still view all educational content on the Coinbase Earn page for free, and can sign up on the waitlist to be notified as more educational tasks are available.
Learn: simple and engaging cryptocurrency education
In a survey of Coinbase customers and non-customers alike, we found that one of the biggest barriers preventing people from exploring a new digital asset was a lack of knowledge about that asset. Many of the people we surveyed expressed a strong desire to begin learning about new and different crypto assets beyond Bitcoin, but didn’t know where to begin.
That’s why we’re launching Coinbase Earn with tasks related to asset education. The educational content will be publicly available for any curious party to learn more about an asset, even if they haven’t yet received an invite to begin earning.
Earn: a new way to access cryptocurrency
Traditionally, the two ways people have obtained cryptocurrency are through mining or buying. Mining cryptocurrency typically requires technical knowledge and high upfront costs, while buying cryptocurrency can require disposable income to exchange for cryptocurrencies.
Earning cryptocurrency is a third option. It has the potential to expand the blockchain user base from the tens of millions of people with the resources to mine or buy crypto to the billions of people who now have smartphones. This is because one can — in theory — earn crypto simply by clicking buttons on a phone or laptop.
Coinbase Earn solves many of the practical issues required to turn this theory into practice. We give verified, invited users a series of useful tasks to complete from anywhere to earn digital currency. For this first set of tasks, funding is coming from the 0x external development pool, with 100% of the funds going directly to users. In the future, we may experiment with other kinds of tasks from different types of senders, not necessarily always created by asset developers themselves. For example, there may be tasks paid in Bitcoin that aren’t sent by Satoshi Nakamoto!
We think Coinbase Earn could help open up blockchain access to a new group of users: people who are curious about digital assets, but who’d like to try them out for free just like a normal web or mobile app. By serving that need, we hope to make blockchain more accessible in the process. Please check out the Coinbase Earn page for ZRX today.
Coinbase recently moved 5% of all BTC, 8% of all ETH and 25% of all LTC in circulation (among many other assets) in what we believe is the largest crypto migration on record. Our VP of Security is publishing the case study below to shed light on the specific ways we build security into our platform at every stage — as well as engage with the community around sharing best practices for crypto security.
In the world of cryptocurrency, security must be a core value and top priority of any organization looking to serve customers over the long-term. Today, we’re sharing what we learned from our recent migration of crypto with the broader ecosystem in an effort to build trust for the entire industry.
At Coinbase, our commitment to security is expressed in a number of ways, from consumer security protections to internal development practices to third-party audits and tests. Our most critical responsibility is the security of the assets that our customers entrust to us. The gold standard of cryptocurrency asset security is offline, or “cold,” asset storage. Coinbase stores 98% or more of our customer assets in our cold storage system. Coinbase’s cold storage has gone through a number of evolutions through the years as the cryptocurrency space has evolved and matured.
Last week we successfully completed an on-blockchain migration of approximately $5 Billion (as valued the week ending Dec. 7, 2018) of cryptocurrency from Generation Three to Generation Four of our cold storage infrastructure. To our knowledge, this is the largest movement of cryptocurrency (certainly in USD terms, potentially in absolute terms) ever undertaken.
TRULY SECURE CRYPTO THROUGH TRUE COLD STORAGE
Cold storage can cover a number of storage techniques, ranging from HSMs to bunkers in the Swiss Alps. Assets placed in cold storage are completely offline and disconnected from any automated system. As with many terms in a rapidly developing industry like cryptocurrency, there is no clear standard for cold storage.
Coinbase’s standard for truly cold storage is that multiple geographically separated humans in the real world should be forced to perform physical actions actions to enable a transaction after reviewing transaction details. If that isn’t true, we don’t think it’s actually cold storage.
Coinbase’s cold storage has been through a number of iterations over the last six years. The first version, as we’ve talked about previously, was keys in a safety deposit box.
Coinbase cold storage, circa 2012
While that was fine for back then, as asset values increased and cryptocurrencies started to diversify, we needed to build a system that ensured broad consensus on movements from cold storage and could flexibly support many types of assets. In our latest version, which initially rolled out with Coinbase Custody and now handles all cold storage at Coinbase, we start with a secure foundation with a highly controlled and audited key generation process and continue with a globally distributed key storage and transaction approval system.
USHERING IN THE NEXT GENERATION OF COLD STORAGE
This system protects against key loss, key misuse (including insider threat and application level attacks) and supports world class key governance and audit while being currency agnostic. That means we can store any cryptocurrency using the same system, without making compromises in the level of security provided to any single cryptocurrency.
The idea of moving $5 Billion on-blockchain was one we approached with a very high degree of caution. While we believe in the security of the blockchain, the number of moving parts combined with our absolute responsibility to ensure the security of funds in our custody meant that we needed to cover every possible scenario.
We began planning months before the actual move date and involved almost every team at Coinbase in the process. We conducted risk assessments, honed monitoring plans and conducted test migrations until we were positive that the live migration would go off without a hitch.
One of the risks we identified early on in the process was the potential for our migration to be mistaken for an exchange breach or a large trader preparing to sell a significant amount of cryptocurrency. Either way, we were worried that the market uncertainty would result in price movements. On the other side of the equation, we were worried that giving potential attackers too much notice would let them plan for and execute attacks during the migration. Once we were ready to conduct the migration, we put out a brief blog post to calm fears without giving away too much information about our plans. This piece helped steer a significant amount of the resulting discussion on online forums and in trade blogs (like this one).
After that blog post was out, we proceeded to restore our existing cold storage addresses one by one, waiting until the previous address had been swept to the new cold storage before moving the next address. This approach made the migration take longer (it lasted 4 working days), but resulted in much higher assurance that our customers’ funds were secure every step of the way.
In the end, what all this means is that we’re continuing to push the pace of the industry in providing secure, auditable, asset-agnostic offline storage for cryptocurrency. Our customers reap the rewards in terms of better security, more assurance and faster asset additions. This new cold storage system is a core part of our strategy to expand our asset offerings while never compromising on the level of security we provide our customers. If that sounds like an interesting set of challenges, we happen to be hiring…
Ethereum tokens Dai (DAI), Golem (GNT), Maker (MKR), and Zilliqa (ZIL) are launching on Coinbase Pro in select jurisdictions
Support for GNT and DAI will initially be available for Coinbase Pro users in the US (excluding NY), the UK, EU, Canada, Singapore and Australia. MKR and ZIL will not be available to customers in the US, but will be tradable in the UK, EU, Canada, Singapore and Australia on Coinbase Pro.
Each of these tokens has associated functionality, some of which may be in beta. Moreover, each token’s associated functionality is not currently directly accessible via the Coinbase Pro platform. For example, the Golem GNT token provides access to a distributed compute farm, the Zilliqa network can be used to experiment with high-performance smart contracts, and the MKR and DAI tokens form a paired set of assets in which MKR provides governance, and DAI is a type of algorithmic stablecoin. In particular, direct access to smart contract functionality will not be immediately available through Coinbase Pro. As a result, users who want to engage in MKR governance, use their GNT tokens to submit rendering tasks to the Golem beta network, utilize functionality like Compound, or exit DAI positions in the event of global settlement will need to move their assets from Coinbase Pro to a local wallet.
Other digital assets and ERC20 tokens may follow, as described in our relatedposts regarding exploration of new assets. Our US Pro platform, operated by Coinbase, Inc., will support trading in DAI and GNT only. International Coinbase affiliates will support trading in MKR and ZIL for clients in select jurisdictions outside of the US.
We recognize that there are popular assets that we have not yet added to our platform. Our decision to add ERC20 tokens first arises in part from the relative ease of integrating the standard with our existing infrastructure, particularly from a security standpoint. However, as noted in our earlier post, we are exploring the addition of many new assets beyond ERC20 tokens on a jurisdiction-by-jurisdiction basis.
Dai (DAI), Golem (GNT), Maker (MKR), and Zilliqa (ZIL) are launching on Coinbase Pro
At some point after 11:45am PT on Tuesday, December 18, we will begin accepting inbound transfers of DAI, GNT, MKR, and ZIL on Coinbase Pro. We will accept deposits for at least 12 hours prior to enabling trading. Once sufficient liquidity is established, trading will begin on each respective USDC order book. Support for GNT and DAI will initially be available for Coinbase Pro users in the US (excluding NY), the UK, EU, Canada, Singapore and Australia. MKR and ZIL will not initially be available to customers in the US, but will be tradable to users in the UK, EU, Canada, Singapore and Australia. Additional jurisdictions may be added at a later date.
Please also note that these assets are not yet available on Coinbase.com or via our mobile apps. We will make a separate announcement if that occurs.
The Stages of this Launch
There will be four stages to the launch as outlined below. We will follow each of these stages independently for each new order book. If at any point one of the new order books does not meet our assessment for a healthy and orderly market, we may keep that particular book in one state for a longer period of time, or suspend trading as per our Trading Rules.
We will send tweets from our Coinbase Pro Twitter account as each order book moves through the following phases:
Transfer-only. At some point after 11:45am PT on Tuesday, December 18, customers in applicable regions will be able to transfer DAI, GNT, MKR, and ZIL into their Coinbase Pro account. Customers will not yet be able to place orders and no orders will be filled on these order books. Order books will be in transfer-only mode for at least 12 hours.
Post-only. In the second stage, customers can post limit orders but there will be no matches (completed orders). Order books will be in post-only mode for a minimum of one minute.
Limit-only. In the third stage, limit orders will start matching but customers are unable to submit market orders. Order books will be in limit-only mode for a minimum of ten minutes.
Full trading. In the final stage we may choose to leave the order book in limit-only mode or we may make full trading services available, including limit, market, and stop orders.
One of the most common requests we receive from customers is to be able to trade more assets on our platform. With the recent announcement of our new listing process, we anticipate listing more assets over time that meet our standards.
Sign up for a Coinbase Pro account to start trading.
Since Coinbase was founded in 2012, we’ve always prioritized listening to our customers as we’ve built our products. The earliest adopters of crypto came to us largely sold on crypto already — their primary questions tended to focus on the “what,” “which,” and “when.” But more recently, as the space has gotten more attention and moved into the mainstream, we’ve started to see people visit Coinbase to learn more about “why” crypto exists.
Coinbase launched its user research department in April 2018 with its first full-time user researcher (me). Today, our team of three is dedicated to understanding our customers (and potential customers)–and we use the learnings to design and continuously improve our products. Our job is to understand customers’ needs, goals, and motivations, as well as uncover how to serve a growing audience we have come to call the “crypto-curious” — new entrants to crypto who are interested in learning about the basics. We bake all of our consumer insights into products as they’re being built by collaborating with product managers, engineers, designers, and writers.
To see how this works in action, we wanted to share an end-to-end view of Coinbase Learn, an educational resource we launched in September 2018 that we created based on insights that came directly from our customers.
Where we started
Since I joined Coinbase, we’ve conducted more than 200 interviews to understand what will lead the way to mass adoption of cryptocurrency. We’ve talked to folks who’ve been crypto enthusiasts for years, as well as people who experimented with buying $10 of bitcoin to see what all the fuss was about. And, perhaps most importantly, we’ve talked to many people who have never purchased any crypto at all.
Across all audiences, people were telling us that they wanted a better understanding of how it all works. Cryptocurrency is complicated, and there are lots of loud voices in the room, so it can be hard to know where to turn for information. Many of our research participants told us they had tried Googling for answers, but that the “beginners’ guides” they found were too complicated.
We realized that if we aspire to be the most trusted place to get started with cryptocurrency, we have to do more to educate people — not only those who are potentially interested in buying cryptocurrency, but also folks who are just beginning to explore. Therefore, our goal with Coinbase Learn was to provide a single, accessible place for anyone to learn about cryptocurrency in plain language from a trusted source.
STEP 1: Organize the questions
To start, we compiled a list of all of the questions that crypto-curious people had ever asked in research sessions. We’ve heard everything from “Can I use a credit or debit card?” to “What’s the deal with Satoshi and Dogecoin?” (Fun fact: Based on our research, Dogecoin is one of the most widely-recognized cryptocurrencies in the US.)
It soon became clear that the questions fell naturally into five major themes:
Then, we had to narrow down the list. Each theme has an enormous range of sub-questions within it, including questions about hardware wallets and cryptography from more tech- and finance-savvy participants. But in order to reach the largest audience, we needed to start at the very beginning. Why does cryptocurrency exist? Why should people care about it?
We settled on 21 of the most common and important questions. We felt that number covered all of the most critical areas of confusion, but did not overwhelm beginners with an encyclopedia of all things crypto. We could always build a bigger library later for folks who want to know more.
STEP 2: Make it simple and searchable
We then set out to answer those 21 questions as clearly and simply as possible — no technical jargon, no sales pitch. It’s harder than it sounds!
Our copywriters worked tirelessly to strike a balance between clarity and accuracy. On one hand, simplicity was our number one priority, and we strictly avoided blockchain language such as “collision resistant hash function”. On the other hand, we had to ensure that crypto experts agreed with our answers from a technical perspective. They put their drafts through many rounds of feedback with crypto experts at Coinbase, and we carefully deliberated over every. single. word.
We also had to ensure that we were meeting people on their own level: Did our questions and answers match the terms people were Googling for? Not only does this ensure our beginners can find our answers when they search, but it kept us accountable to address the most common areas of inquiry, in language that people were already using and would understand best.
We tried to tailor our language around common search terms and optimize our page for searchability. For example, we avoided the term “digital currency”, because very few beginners use that phrase. Instead, we use the term “cryptocurrency”, which is far more commonly searched. Each topic is also individually SEO-optimized, so searchers with a specific question will land directly on the modal that addresses it, rather getting dropped at the top of the page and having to dig to find their answer.
STEP 3: Design for exploration
When designing the page itself, our goal was to support a journey of exploration into crypto. What kind of design would empower people to choose their own adventure with the topics that were most interesting to them, but also provide soft guidance if folks weren’t sure where to begin?
Early design explorations of Coinbase Learn
From a structural perspective, it was important to keep everything on the same page, rather than send people on a wild goose chase to multiple sources through inconsistent experiences. One place, one trusted source. The order of the topics, with the light grey path starting at the top and winding slowly further down, tells a story that starts with the very basic level of understanding and gently guides the reader from broad explanations to progressively more specific and action-oriented instructions. The questions themselves are “snackable”, in that you can skim and easily pick only what you like.
Even our illustrations were chosen to support the theme of exploration. We brainstormed with our staff illustrator on visual designs that would inspire discovery. One of our initial ideas was a scuba diver theme: Dive into crypto to uncover the nuggets of information beneath! Ultimately, we found ourselves going back again and again to a theme we love for crypto — exploring in space. Crypto is a universe of endless possibility, and we’re discovering new worlds together.
An early sketch for Coinbase Learn. Dive into crypto with us!STEP 4: Consult the crypto-curious
We did multiple prototype testing sessions of the Coinbase Learn design with our target audience: folks who have heard of bitcoin, but don’t know much about it and want to know more. The sessions gave us valuable feedback on the navigation and content, allowing us to iterate multiple times and make improvements to the experience.
Users’ overall reaction to the page validated our initial strategy. Participants told us that they liked the level of information and the modular design of the clickable topics. One participant said, “I like that it’s not a whole bunch of information, and I don’t feel completely overwhelmed.” Simplicity: check! They also liked that it “felt honest” — not like we were selling something — and that it “doesn’t make [me] feel like an idiot.” They reported feeling a higher degree of comfort with crypto after viewing the page, so we knew we were on the right track.
A user testing session over video chat
The sessions also uncovered a number of seemingly subtle UX fixes that had an outsized impact on the navigation experience. For example, initial versions of the site didn’t have an X at the top of each modal, so people had no idea how to “escape” a topic and felt a little trapped. The grey path was also a more recent addition. In the first version, it wasn’t clear that you had to scroll down to get to the answers, so people didn’t know where to go when they first landed.
All in all, the short and sweet answer strategy worked so well that we actually left users wanting more. Participants really understood and enjoyed the shorter and simple answers, so they learned a lot about crypto. The more they learned, the more interested they became — to the point where they requested more information to be accessible from the page. We’ll count that as a success! Eventually, we’d like build a bigger learning hub to support the next level of that journey.
STEP 5: Continuously listen and improve
Launching the product in September allowed us to get a new kind of insight from customers — seeing what they’re engaging with the most. Analyzing the page’s data, for example, told us the top two most-clicked questions on the page. They tell an interesting story about people’s biggest crypto questions–can you guess what they are?
When is the best time to buy cryptocurrency?
Which cryptocurrency should I buy?
This is consistent with trends we’ve seen across many research studies: Although the majority of crypto-curious people prefer to start with the basics of how it all works (and we designed the page with them in mind), people who are ready to buy are more interested in knowing how to buy and sell more intelligently.
For precisely this reason, we’ve added informational asset pages to help people learn the difference between currencies and what to consider before making a purchase. We’ve also added a price list for major cryptocurrencies to help folks track the market and “watch” price movements for currencies they’re interested in. And we launched the Coinbase Bundle, which simplifies the decision of which coin to buy by offering a preset basket of major currencies to purchase.
The best innovation doesn’t always come from complex moonshots and whiteboarding in rooms — it comes from listening to people and doing your best to meet their needs. We’re proud of the process we followed for Coinbase Learn, and we hope this is just the beginning of a journey to educate the world about crypto.
It takes a village to launch a product, so a huge thank you to everyone who helped us throughout this entire process:
Day 8 of 12 Days of Coinbase: Direct crypto conversions on Coinbase
As a crypto-first company, it’s important that we build features that let people take advantage of the unique attributes of cryptocurrency. That’s why we’re beginning to roll out a new feature called Convert, which customers can use to convert one cryptocurrency into another.
Initially, customers can convert between Bitcoin (BTC) and Ethereum (ETH), Ethereum Classic (ETC), Litecoin (LTC), 0x (ZRX), or Bitcoin Cash (BCH). Converting is available on Coinbase.com and in the iOS and Android apps. Conversions complete instantly and at a lower cost than if done via two separate transactions. For more details, please visit the Coinbase Pricing & Fees Disclosures webpage
We’ll be gradually rolling out the ability to convert cryptocurrencies to customers in all 34 countries in which Coinbase offers native payment access. We’ll gather customer feedback along the way and continue to iterate on the feature over time. Our product teams are thinking deeply about new ways to democratize the best of cryptocurrency, and the ability to easily convert one asset to another is an important step on this path.
When Coinbase was founded, the only products that connected wallets to the Bitcoin blockchain were technical and complex. We set out to build an easy-to-use, highly secure, and trusted experience for anyone to buy or sell Bitcoin. By focusing on ease of use, and designing for simplicity, we’ve tried to make crypto more accessible to everyone. This latest feature that allows customers to convert from one crypto directly into another is a natural progression of this journey.