Could Coinbase become a DApp?
Whenever I hear someone complain about Coinbase, I like to ask them how many support requests they have responded to. The answer is usually 0 or some small number. As someone who has fielded thousands of customer emails across a few different projects, I have some empathy for what the team at Coinbase are going through.
Onboarding millions of people onto the open financial system is an absolutely enormous task. People get weird when it comes to money. They get even weirder when the money doesn’t come from a government. There is so much to learn and understand before you truly believe in protocol-based financial products. That’s why so many people refer to the process as “going down the rabbit hole”. We all have our stories of being exposed to the ideas and then taking time to grasp their implications.
One of the common complaints about Coinbase from hardcore HODLers is that the company is centralised and antithetical to the mission of these protocols. I find this argument pretty hollow. First up, it shows an absolutely incredible lack of gratitude for what Coinbase has done for them. Nearly all of these people could knock a digit or two off their net worth if Coinbase didn’t exist. They made it easy for normal people to buy, store and manage Bitcoin. Secondly, if someone can point me to a single piece of decentralised, non-custodial wallet software that is easy-to-use, I will be singing from the rooftops about it. Coinbase is a centralised digital currency bank that is helping the world transition to the new way of doing things. I think they are doing a pretty incredible job given their staggering growth.
With all that said, I have been thinking a lot about what it would take to build a distributed application that replicated many of the functions of the company. A company is a set of rules executed by a set of people. I want to explore if it would be possible to encode all of this in a set of smart contracts. This is not because I think the company needs to be *disrupted* or destroyed. It is simply an interesting thought experiment to pursue: what would great decentralised wallet software actually look like?
There are so many aspects to what Coinbase does but I think it comes down to five key areas: Recoverability, Usability, Custody, Security & Identity
In my opinion, the killer feature for Coinbase is the ability to reset your password — that’s it. Every day, hundreds of people contact the creators of non-custodial wallets asking them one simple question: “How do I reset my password?”. The canned support responses will dress it up as nicely as possible but the reality is: “You are screwed.”
When I bought my Dad some Bitcoin in 2014 there was absolutely no way I was going to send it to non-custodial wallet and trust him to remember the password. Last year he wanted to check his Coinbase account. He had forgotten the password but it took two minutes to reset it and log in. If he had tried to open some clunky desktop wallet and tried to regain access, he would have been sorely disappointed to find out that his assets were inaccessible.
When people type a password into any other piece of software, they are able to reset it. That is not the case for non-custodial wallets. The ability to recover the access to your funds is crucial.
Coinbase pools customers’ funds and keeps the majority of them offline. When someone buys Bitcoin on Coinbase, they are buying a database entry in the company’s ledger. Your Bitcoin wallet address is simply an access point for money to flow in to the Coinbase pool. This drives crypto-purists nuts because it is totally centralised and requires you to trust Coinbase. The hard thing for these people to grasp is that lots of people want to trust someone else with their money. Banks were started for a reason. Storing and protecting all of your own wealth is not easy. Coinbase takes all of the fear away. That is why they can charge transaction fees for their services.
Custodial services can act as training wheels for people who are new to the community. I started with Coinbase and then I learnt about desktop wallets, brain wallets, paper wallets and hardware wallets. We all have to go down the rabbit hole at our own pace. Some never will. Custodial services help people learn.
Protecting customers’ funds from hackers is no easy task. Building a public custodial service that targets retail investors makes the service a huge honey pot for thieves. So far Coinbase has not had a major breach which means their investments in security talent and processes are working. There is always a big tradeoff between security and usability. It is easy to build an impossible-to-use Fort Knox. It is really hard to make something secure, simple and accessible.
Everyone who creates a Coinbase account has to identify themselves. This is a requirement of the government, not the protocol. To bridge the closed and open financial system, Coinbase has put in place processes for Knowing Your Customer (KYC) and Anti-Money Laundering (AML). These processes help them make sure that people aren’t using Bitcoin for illegal activities. This final piece upsets the HODLers the most. That’s understandable, given that much of the theory and cryptography behind Bitcoin was forged in the fires of the cypherpunk movement.
Coinbase has invested a lot in making the process of acquiring digital assets relatively simple. You sign up, link your card or bank, and buy Bitcoin at a certain price. There are no bids, asks, market orders or limits to be seen. Just a few options and some simple graphs. The customer never knows anything about private keys, UTXOs, Bitcoin nodes, or any of the complex underlying system. Designing great user interfaces is just as hard as designing great application programming interfaces. There is an art to building great UI on top of solid APIs.
Another huge part of making something usable is providing customer support. Thousands of emails flood in to Coinbase’s support system every day. They now have phone support. The cost of those functions is enormous. It is really hard to find great support staff. It is even harder to find people who understand enough things about crypto-currency to help those in need. When you do find a person with that skill set, they could probably make more money going to help one of these new over-funded ICOs. Support is also a crucial function for creating a feedback loop for the people building a product, who can then make it more usable.
What would a decentralised alternative look like?
Let’s imagine that we were trying to build out an alternative to Coinbase on Ethereum through a set of smart contracts. There are already a few projects tackling different pieces of this puzzle. They all solve some of the problems in different ways by making a different set of trade-offs.
Recoverability vs. Custody
These two areas are usually at opposite ends of the spectrum. If you choose a non-custodial wallet and forget the password, you are on your own. If you choose a custodial wallet, you can regain access but have to trust a third party.
One way to solve this is to allow people to specify a set of people they do trust. They can split their private key into pieces with a technique called Shamir’s secret sharing. That is the approach taken by the team at KeySplit, the team who won ETHDenver.
The team at Gnosis have built a multi-sig wallet with Social Recovery Extensions that allow a group of people to reset your wallet. They have also explored the idea of building a decentralised network of KYC providers who could act as “verifiers” of your identity. This would connect to the Gnosis multi-sig wallet and be run through a set of smart contracts. If people lost access to their funds, they could pay this network of providers to verify their identity and change the keys on their wallet. There are lots of aspects to this system that would need to be fleshed out but the concept is really exciting.
Uport, Civic and the ERC-725 Standard are all establishing different takes on helping people identify themselves to a piece of software. This piece is important for government compliance and recoverability.
Smart contracts are incredibly hard to write securely. A decentralised wallet would need to have incentive mechanisms for the developers of the software to really want it to survive. There needs to be a community of people who take pride in building and improving the software. There also needs to be a way to compensate security researchers who find exploits and share them responsibly. Projects like Ethlance, Open Bounties and Gitcoin are working on this area.
The entire community is aware that all of these things are hard to use. Creating a wallet, storing a pass phrase, and just sending a token are all frustratingly complex processes. Lots of projects are pushing to make these tools more usable and accessible to non-technical people. There are even early attempts at decentralising customer support with projects like Kauri.
Even if you could weave together all of the code and projects currently being built into a magical system, you are bounded by the transaction volume that Ethereum can handle. I don’t think it is possible to build a decentralised service that replicates Coinbase just yet. However, I do think there are lots of ways we can improve the wallet software we have today by introducing different trade-offs between trust, recoverability, custody and usability.
If you want to get into our private beta, please sign up: balance.io