Enhanced Account Reports

Apr 22nd, 2014

Today we are launching updates to our account reporting tools.  You can now generate a one-time report as usual, or a recurring report that will be generated on an interval of your choice, such as once per month.

In addition, a record of the reports you generate is now kept on Coinbase, so you can look through reports you’ve previously generated.  We keep a download link for each report for 7 days so that if you need to find it again, you can do so easily.

You can also now generate reports dynamically through the Reports API. And when a new report is generated, whether one-time or recurring, through the Coinbase website or the API, you can specify an optional callback url to handle the report programmatically.

Give it a try!

We’ve Moved To A New Office

Apr 14th, 2014

Coinbase headquarters have moved! Our new office is located in the heart of San Francisco, with some nice views of the city. And since we can’t be working on digital currency all the time, we’ve outfitted the office with ample ways to decompress - a game room, nap room, free meals, and a fully stocked fridge.

Since completing our fundraise this past December, we’ve more than doubled in size. We now have 23 full time employees and 35 remote contractors. You can read more about our outstanding team here, and apply if you’re interested in joining us.

image

image

image

image

image

image

image

image

photos by Brittany McLaren / www.brittanymclaren.com

"Heartbleed" and Coinbase

Apr 8th, 2014

A group of researchers revealed a widespread internet vulnerability recently dubbed “Heartbleed”, which is an attack against a popular cryptographic library most websites use for SSL. Coinbase is not vulnerable to this attack and will be taking extra precautions shortly to eliminate any further risks. Visit the Cloudflare Blog for more details on our risk.

For more information on the bug, please visit these links below:

Bitcoin Adds Value: GameTimeZone Results

Apr 7th, 2014

The bitcoin ecosystem is growing at an exceptionally rapid pace, and the number of consumers seeking to pay with bitcoin has grown in tandem.  These customers are spending bitcoin in a significant way, driving sales and new revenue for the businesses that have opted to accept it. We’ve already written about the benefits Overstock.com has experienced since partnering with Coinbase, and today we are pleased to highlight GameTimeZone’s excellent results, as well.

Since October, GameTimeZone has been using Coinbase to accept bitcoin for game subscriptions and pre-paid codes for massive multiplayer online games, console games, and free-to-play games. In the five months since integrating with Coinbase, GameTimeZone has grown its top-line revenue 53%. Moreover, bitcoin now represents over 20% of total daily sales, and the average order size from bitcoin customers is a phenomenal 290% higher than the average order size from USD customers.


Average Order Size is 290% Greater for Bitcoin Customers


image

The data clearly show bitcoin is having a huge impact on customer acquisition and revenue growth, and we’re increasingly excited about the value bitcoin is bringing to merchants!

Merchant Highlights: Betabrand and Chicago Sun Times

Apr 3rd, 2014

One of the most exciting aspects of the bitcoin ecosystem is that new use cases for spending bitcoin emerge every day. E-commerce and content focused companies continue to be early leaders in merchant adoption, and this week we are excited to highlight Betabrand and Chicago Sun Times.

Betabrand offers some of the coolest clothes on the web, and you can now spend bitcoin on Betabrand with two-clicks using your Coinbase wallet. With the exception of crowdfunded prototypes, all Betabrand products are now shopable in bitcoin; some of our favorites include Executive Hoodies and Dress Pant Yoga Pants. We’re very excited to bring Betabrand’s crowdfunded, one-of-a-kind products to bitcoin users worldwide.

This week, Chicago Sun Times became the first major newspaper to accept bitcoin for print and digital subscriptions. Chicago Sun successfully experimented with bitcoin in February, using Bitwall to power a bitcoin-enabled paywall. The 167-year-old newspaper has further demonstrated its commitment to bitcoin by enabling consumers to buy a digital subscription for the newspaper at https://btc.suntimes.com/.

E-commerce and content companies are just two of the many types of businesses utilizing bitcoin to improve top-line and bottom-line revenue. If you are interested in learning more about how Coinbase’s Merchant Services can improve your business, email us at merchants@coinbase.com.

 

Update on Coinbase Data Security

Apr 1st, 2014

Despite speculation on a few forums, there has been no data breach of names or emails at Coinbase.  We wanted to take this opportunity to address any concerns.

Specifically with regard to the ‘request money’ feature of Coinbase, it is highly inaccurate to suggest that names or emails were leaked or that there has been a breach.  Our new Director of Security Ryan McGeehan responded accordingly in our whitehat responsible reporting tool.  Here are the high level points:

Requesting money as spam

It is intentional that Coinbase users are able to send invoices to an arbitrary number of email addresses.  Allowing lists to be invoiced is core functionality of our service, and this functionality is intentionally built into our API, which is rate limited:

https://coinbase.com/api/doc/1.0/transactions/request_money.html

This process simply sends an email with a request. It does not initiate any bitcoin transfer without confirmation from the recipient, and would not be any more effective than more traditional phishing methods, which we spend a considerable amount of time preventing.

Email address / user enumeration on Coinbase

It’s important to note that using an email address to determine if someone has an account on a service is the norm across most internet sites today. You’ll find that user enumeration is possible on Facebook, Google, Dropbox, and nearly every other major internet site.

You’ll also find many leading payment services allow user enumeration, including Paypal, Venmo, Square Cash, and many others.  One simply needs to try sending or requesting money using one of these services to an email address to see this in action.  The name of the user or business will be revealed on the next step.

Using user names in our service is an important component in providing a positive and responsive user experience. And to be clear - a sender would need your email address in advance to be able to send you a request for money.

We’ve spent a good amount of time investigating this behavior and we believe that the risks are minor.

Information disclosure of coinbase accounts (first and last name)

For individuals who list a name, our product and Privacy Policy make it explicitly clear that this contact information can be displayed - and in turn, make Coinbase a more human user experience.

We’d also like to address the claim of a “leaked” list of Coinbase emails and user names.  This list (the size of which is less than one half of one percent of Coinbase users) was not the result of a data breach at Coinbase.  This list of emails was likely sourced from other sites - probably Bitcoin related ones.  It’s clear there was no data breach because no other user information is provided.

Conclusion

Though we believe this type of spam and user enumeration activity doesn’t represent a significant risk to Coinbase customers, we absolutely recognize that it can be an inconvenience and cause confusion.  We have already implemented a number of things which make this type of activity less convenient for would-be spammers.  For example, we employ rate limits around sensitive actions, such as requesting money, to prevent them from being abused at scale.  We’re fine tuning this existing rate limiting to make it more restrictive.  To those who have received spammy requests, we apologize.

We are continually striving to make Coinbase as safe and secure as possible for all of our users, and in the coming weeks, we will perform a more extensive overview of the existing controls we have in place to see how they can be improved.

We will continue to update this blog post as more information is made available.  As always, if you have any questions or concerns about the security of your account please visit us at http://support.coinbase.com/ .

Announcing the Coinbase BitHack Winners

Mar 28th, 2014

We’re thrilled to announce the winners of BitHack, our first online hackathon designed to inspire developers globally across platforms to build solutions with bitcoin on Coinbase’s API. Of over a hundred app entries, we selected three winners.

1st Place, $10,000 prize - CoinPlanter

image

CoinPlanter is a mobile Bitcoin geotagger that allows you to share, store, or hide bitcoins based on location. Once you’ve hidden a few of your own coins get out there and find someone else’s!

2nd Place, $5,000 prize - Aircoin

Aircoin

Aircoin is the quickest way to send bitcoin to a nearby person using your mobile device. Owe $7 for half a pizza or want to contribute $5 gas money for a ride? With Aircoin sending money is now quicker than sharing photos, and it’s free!

3rd Place, $3,000 prize - Coinery.io

Coinery.io>image

Coinery makes it simple to sell your digital products online and accept Bitcoin. There are zero fees and your products are delivered instantly. Simply upload and describe your digital product, and Coinery handles the rest.

Congratulations to the winners and their developers: CoinPlanter (Zach Alam), Aircoin (Didier Hilhorst and Raphael Schaad), and Coinery (Zach Ferland)!

The Runner Up Apps

We were very impressed by the level of innovation we saw in the applications. We’d like to make a special mention for the following apps: Bitfluence, Coinbasis, Coin Grab, and Leaven. In the coming weeks, we’ll be showcasing the best apps in Coinbase Appsour own app store for apps built using Coinbase platform and APIs.

Judging Process

Winners were selected from 112 entries submitted. It was very important to us to create a fair process for judging the apps. We first did a screen of apps to ensure eligibility according to the BitHack rules, including that the Coinbase API was used and that the app was previously unpublished. We then split all eligible apps into three groups which were each scored by a pair of judges from the Coinbase team (including Charlie Lee, Craig Hammell, and Olaf Carlson-Wee) on our evaluation criteria: creativity, usability, and execution. Each pair of judges submitted the top apps from its group onto the final round of judging, where a team of twelve judges reviewed each app. Each member of the team selected their top three apps anonymously on a voting slip, and the total number of votes determined our winners.

Special thanks to Chris Dixon and Gavin Andresen for their contributions to BitHack’s judging.

BitHack Moving Forward

A huge thank you to all who participated. We enjoyed reviewing your apps and were deeply impressed by the level of technical and design talent in the bitcoin community. If you didn’t win a prize this time around, there will be more chances to win at the next BitHack, where we’ll introduce a crowd-voting element. Stay tuned for more our blog and follow us on Twitter to get the latest updates about our next BitHack!

Introducing Coinbase Apps

Mar 28th, 2014

image

We’re excited to announce Coinbase Apps - our own app store for apps built using Coinbase platform and APIs.

image

As developers ourselves we set out to build Coinbase to be developer friendly from day one. Our API has been used for thousands of apps, all the way from small evening projects to integrations in apps like Pounce and Gliph. Even our own Android application is build completely on our public API.

If you’re an app developer and want to submit your application to Coinbase Apps, visit your OAuth2 applications page. If your app isn’t using OAuth but still features Coinbase integration, send us a note. To learn more about developing for Coinbase platform, head to our developer site.