Coinbase’s Segwit Implementation Leads to Lost Bitcoins

Just two weeks after Coinbase announced Segwit’s implementation, a bug of sorts has apparently been found whereby bitcoins are sometime lost in the tracking system when you pay a merchant through Coinbase Commerce.

The problem appears to be a protocol for communication between a merchant and their customer, called BIP70. Coinbase apparently has not updated it.

“They have not updated the BIP70 to use segwit addresses and your coins are sent to a non-segwit address and are subsequently lost in their tracking sytem,” says a brand new redditor who sounds like a bitcoin developer.

That leads to situations whereby after you send your segwit bitcoin, the merchant sees no confirmation, with it all thus residing somewhere on Coinbase.

There has not yet been any clarification by Coinbase on what exactly is the case, but this little known BIP70 has apparently been causing problems for some time.

Payment failures because of BIP70 have been reported since at least 2016. Patrick Patton, Bitcoin product tester and UX specialist, described his experience where:

“The last few times he has used a Coinbase-generated payment request, his wallet has encountered a fatal error with the BIP 70 process, requiring either a fallback to BIP 21 [an older BIP70 version] or failing without recourse.”

Moreover, security vulnerabilities connected to BIP70 were also reported in 2016. Coinbase had taken steps to mitigate them.

As such what appears to be the case here, based on the limited information we have, is that Coinbase’s modified implementation of BIP70 probably missed a trick somewhere when they implemented segwit.

That segwit implementation was apparently rushed due to constant pressure by Bitcoin Core supporters, but segwit itself is quite a complex piece of code, especially when it comes to such frontline services like merchant payments processing.

Segwit’s adoption, therefore, remains at just 30%, despite now closing onto a year since its activation. The reason is probably that with such complex entities which serve millions of customers and more than 100,000 merchants, making changes to irreversible money payment systems can be very costly.

Great care, therefore, is taken in testing and in precautionary measures. But it seems where merchant processing is concerned, the complexity was just too much.

The good news, however, is that the funds do not appear to be truly lost, but just parked somewhere on Coinbase as the unicorn tries to keep up with the many rapid changes to bitcoin that have now led to the currency having some three address versions: a segwit, a plain, and a bech32.

Source: Read Full Article

Leave a Reply