> meanwhile bank execs are dropped off at work by private guards specializing in counter-kidnapping operations
Perhaps there are some bank executives for which this is true, but it is absolutely NOT the case for all banking executives. I work with some bank executives and they drive themselves to work in their own cars. The buildings DO have alarm systems and it is quite possible for the FBI to respond to physical threat incidents (because it is treated as a bank robbery) but otherwise there is little that is special in the way of physical security.
And for Coinbase, I believe the lack of special physical guards is appropriate. A high percentage ("up to 97%" according to https://coinbase.com/security ) of their coins are in cold storage and while I am not privy to the details of Coinbase's arrangements, keysharing and multiple physical storage locations that are off-premises are a reasonable precaution. They are vulnerable to hostage-taking or "3 thugs with guns" to the exact same extent (no greater) as any other company with a similar amount of protection.
I can't comment on protection against hardware keyloggers: it's a threat that they need to be prepared for. Cold storage is one major way of protecting against this threat, business insurance is another.
They should at least have a level of physical protection equal to a large bank branch.
An armed guard, 24/7 security cameras (obvious and hidden) actively being watched by a human being, established passphrases for when the security service calls to check in, etc.
They are at as least as much risk as a physical bank branch, it's a bit of denial on their part if they aren't treating it that way.
Any other company doesn't need to worry since robbing their head office and demanding online bank transfers is a waste of time. A cryptocoin fixed rate exchange with millions in storage you can instantly transfer is a different story. It's like Ft. Knox being located in a regular office building with gold piled on the desks. Bank vaults have physical security so why don't Bitcoin based businesses.
I did read through their security about the backups being spread around different locations, but those are backups. They would need access to the cold wallet on a regular basis if 97% of funds are truly in there. Unlikely to happen but then again police here didn't expect criminals would remove huge concrete barriers with a stolen tractor, ram a shopping mall entrance, drive through the mall and ram a gated jewelry store but they did.
> They would need access to the cold wallet on a regular basis if 97% of funds are truly in there.
Not true. First of all, that would only be true if their net daily turnover were more than 3% of their total amount stored -- which it may not be. Even then, I would expect graduated levels of cold wallets: imagine one with another 2% that is down the street in a bank safe deposit box, 5 wallets with 50% of the deposits stored in a way that can only be accessed with cooperation of 4 people in different parts of the country ... that sort of thing.
I am, of course, just speculating: I don't know how Coinbase runs their system, I just know that they seem competent and that this is how I would run such a thing.
Perhaps there are some bank executives for which this is true, but it is absolutely NOT the case for all banking executives. I work with some bank executives and they drive themselves to work in their own cars. The buildings DO have alarm systems and it is quite possible for the FBI to respond to physical threat incidents (because it is treated as a bank robbery) but otherwise there is little that is special in the way of physical security.
And for Coinbase, I believe the lack of special physical guards is appropriate. A high percentage ("up to 97%" according to https://coinbase.com/security ) of their coins are in cold storage and while I am not privy to the details of Coinbase's arrangements, keysharing and multiple physical storage locations that are off-premises are a reasonable precaution. They are vulnerable to hostage-taking or "3 thugs with guns" to the exact same extent (no greater) as any other company with a similar amount of protection.
I can't comment on protection against hardware keyloggers: it's a threat that they need to be prepared for. Cold storage is one major way of protecting against this threat, business insurance is another.