Philip Martin

The latest quantum papers from Google and Caltech are an important signal for the industry. Timelines are still debated, but the time to act is now. The good news: post-quantum cryptography exists. This is a solvable problem, and many chains already have roadmaps. Bitcoin needs to catch up though. The bad news: post-quantum cryptography is relatively new and it would be fairly easy to create new security risks if implementation is rushed. The industry needs to align on what happens to wallets that fail to migrate before a CRQC appears. At Coinbase, we’ve been working on this for a while, auditing and upgrading our internal infrastructure, researching post-quantum cryptography and establishing a Quantum Advisory Council. It’s clear Bitcoin needs to make some fast progress here, so Coinbase is taking the role of rallying the troops and getting the right people in the room - Bitcoin core devs and the broader community - so they can start tackling this. But no one developer or company can do this alone. Real progress will require coordinated action across the ecosystem. If you’re working on post-quantum approaches for Bitcoin, we want to support you, and connect you with others that are working on it too. Please DM me directly and I’ll get you added to the working group. Bitcoin can and will upgrade, but it will take the entire community working together.

Thanks for flagging. I can confirm this is an isolated issue due to a change we made with one of our corporate DEX wallets, which led to unauthorized transfers. No customer funds were impacted. We’re revoking token allowances and are moving funds to a new corporate wallet. Big thanks to members of the security community who jumped in to offer a hand.

Looks like @coinbase was recently drained of ~$300,000 after using @0xProject swapper incorrectly. They approved all the tokens accrued as fees to their router, getting drained immediately by MEV bots 🧵

Thanks for flagging. I can confirm this is an isolated issue due to a change we made with one of our corporate DEX wallets, which led to unauthorized transfers. No customer funds were impacted. We’re revoking token allowances and are moving funds to a new corporate wallet. Big thanks to members of the security community who jumped in to offer a hand.

@coinbase was just hacked The shadowy supercode coomers added vapid scamcoin USELESS to their roadmap and are ignoring the People’s $BITCOIN Dump all $COIN stock, $BRETT, $ZORA, and any other Coinbase/Base adjacent assets at risk of contagion as they are at risk of facing VIOLENT sell pressure and cascading liquidations. The safest thing to do right now is to go ALL-IN on the People’s $BITCOIN ASAP! #HarryPotterObamaSonic10inu

@zachxbt Thanks for the thread, I know you’ve chatted with the team some already and we’re looking forward to engaging more with you and anyone else seeking to make crypto safer for all.

1/ Over the past few months I imagine you have seen many Coinbase users complain on X about their accounts suddenly being restricted. This is the result of aggressive risk models and Coinbase’s failure to stop its users losing $300M+ per year to social engineering scams.

My team is hiring! I’ve just opened 8 new roles, including for application security testers and red teaming & adversary emulation. If you have a passion for securing the world’s most important organizations and want to be a part of a team with amazing culture, great benefits, and opportunity for growth, here is the link to apply: jobs.lever.co/coalfire?depar…

Scams are a scourge, and education is one of the most important tools we have. Maybe *you* already know everything there is to know about scams, but do your friends and family? My ask: share this video with at least one person in your life that might be vulnerable.

Only scammers demand you pay only with gift cards. Only scammers demand you pay only with Zelle. How about instead: “Only scammers pressure you to do things before you understand them”? If in doubt, take a beat, talk to a friend, be skeptical.

Excited to chat with @teddyfuse and @hongkim__ about how Coinbase does institutional grade custody!

hey @GaryGensler and @SECGov, serious offer: as a crypto exchange we've had a lot of experience with security protocols around social media, and as a veteran and patriot I love to help my country. If you'd like any suggestions feel free to reach out.

Check out a new in depth look at the Euler exploit coming out of our Unit 0x team. Part one (looking at the exploit) is below, part two coming early next week! coinbase.com/blog/euler-com…

@TalBeerySec @ZenGo @CoinbaseWallet We'll fix the process that lead to that message going out the door. Good luck on your presentation!

@TalBeerySec @ZenGo @CoinbaseWallet Hey @TalBeerySec, I lead security at Coinbase. We appreciate security researchers from around the world working with us to keep Coinbase products and customers safe. That message doesn't reflect how we want to engage with the security research community. 1/

Yikes! Tomorrow @ZenGo will publish about a vulnerability we had found in @CoinbaseWallet and others. We had responsibly disclosed to CB many weeks ago, they fixed and awarded us multiple bug bounties. Today we informed them we are going to publish. This is the reaction we got:

10/ They may also cherry pick cold storage addresses and ask us to restore those if they didn’t see enough cold storage activity in a given period…but you all tend to keep us busy enough that we haven’t needed to go there.

9/ Come audit time, the auditors verify the controls are functioning as intended, verify the signed messages and review cold restores over the audit period to make sure we moved enough funds over time to provide appropriate assurance.

1/ I don't have inside knowledge of what is happening inside @binance. That said, their on-chain movement of funds for audit purposes isn’t out of the norm and @coinbase did something similar many years ago when we first started 3rd party auditor review of custodial assets. 🧵