Coinbase is a hot mess (plus MongoDB, Bank of Nova Scotia, MCB, and others)

The r/Coinbase subreddit has been flooded with customers complaining about Coinbase:

  1. Taking money out of their bank accounts via debit (see comments here).  Adding insult to injury, users are furious at overdraft fees charged by their bank and not being able to pay rent.
  2. Not crediting funds deposited via wire transfer (example)
  3. Not being able to transfer assets out of Coinbase (search this thread for “wallet” or “withdrawal”; or see Twitter)

The problem I see is that draining bank accounts is not a viable business model.  Those transactions will be reversed.  Eventually, Coinbase will be cut off from accepting credit cards and debit cards because nobody will want to pay for the customer service and fraud investigation costs that erroneous transactions generate.  It is clearly unsustainable.  To be fair, this might simply be a case of buggy software causing the erroneous transactions.  Anti-fraud practices and growing pains might explain some of Coinbase’s other issues.  However, the inappropriate transactions don’t look like the work of shoddy IT.  So here’s my crazy theory: one of the world’s most popular and reputable exchanges is borrowing money from consumers (without their permission) to stave off a liquidity crisis.  I can’t definitively prove this so you’re going to have to look at the evidence and make up your own mind.

Preamble: CFPB complaint data

The CFPB database is available to the public.  I’ve copied the data into a Google Spreadsheet (make a copy of it if you’d like to play around with it).

CFPB complaints rose in the middle of 2017.  They spiked even more in January following the December peak in Bitcoin’s price and Google Trends search interest.

Unfortunately, there are no consumer complaint narratives for Dec 25/26, 2017 onwards so there is not much detail on Coinbase’s current woes.  Past complaints have covered a wide range of issues:

  1. The most serious issue are users reporting that they are unable to withdraw assets from Coinbase.  Some example complaint IDs are 2724325, 2669635, and 2660137.
  2. A few instances of double charging.
  3. Deposits not being credited.
  4. Compromised accounts.
  5. Users locked out of their accounts.
  6. Users being stupid (sending unsupported cryptocurrencies to Coinbase wallets).

One interesting thing to note is that Coinbase has an unusually high number of complaints.  Of all the consumer complaint narratives that mention the word Bitcoin:

  • Coinbase accounts for 145 complaints (92.36%)
  • The only other cryptocurrency exchange with a complaint is Kraken, with 1 complaint (0.64%).
  • Other financial companies account for the 11 other complaints (7.01%).

Coinbase’s complaint rate is not consistent with its US market share.  Unlike its competitors, Coinbase’s customer service has not been responsive to various customer issues.

Coinbase is incompetent

MongoDB is inappropriate for financial transactions

Coinbase has been criticized for using MongoDB because the database system loses data and is therefore inappropriate for financial transactions.  In general, many view MongoDB as overhyped and inferior to PostgreSQL in almost every way (see herehere, and here).  The product is not very good.  Worse still, MongoDB’s flaws have been exploited at other exchanges and led to the downfall of Flexion as well as problems at Poloniex.

From what I can tell, Coinbase continues to use MongoDB.  Coinbase’s outage reports (for May 22-24November 29 to Dec 1, and Dec 6-7) cites MongoDB scalability issues as a contributing factor.  Instead of using a commercially-available database system suitable for financial transactions, Coinbase’s blog suggests that it is building its own layer of software (presumably on top of MongoDB) to solve problems.

It is unclear to me if MongoDB’s theoretical problems (e.g. data loss, etc.) have been solved by Coinbase… Coinbase hasn’t explicitly blamed MongoDB for any bugs affecting the integrity of its database.  We do know however that users have reported these bugs on Reddit:

Many of these bugs would be unacceptable if they occurred with NYSE, NASDAQ, or your broker.  But instead of using existing technology with a proven track record, Coinbase’s mentality seems to be to use trendy new technologies such as MongoDB.  And while MongoDB has been hyped as being “web scale” (a Youtube video with half a million hits savagely debunks MongoDB’s “web scale”), Coinbase has struggled with multiple service outages.  Basically, Coinbase has reinvented the database.  Unfortunately, the end result is a database with poor availability and erroneous record-keeping.  Their database is awful.

Put on your tinfoil hat

While incompetence could very well explain why Coinbase customers are being inappropriately charged, there are some things that don’t add up.  Firstly, individual users have been double or triple billed with Coinbase using different names/accounts.

  • The Reddit user Syncfx, a Scotiabank customer, has a screenshot showing Coinbase withdrawing under “OPOS COINBASE CHEAP” and “OPOS COINBASE UK CHEAP”. (link)
  • The Reddit user Brandoio, another Scotiabank customer, says that he was charged with three different Coinbase names.  The third variant was “POS Purchase OPOS COINBASE UK TRAV”. (link) or “[POS] Purchase OPOS COINBASE UK TRAV CHEAP” (link)
  • M_sanity reports being charged by COINBASE CHEAPSIDE GB and COINBASE TRAV FUNDS CHEAPSIDE GB. (link)

It seems unlikely that a software bug would cause consumers to be billed by different Coinbase accounts.

Secondly, there are two different types of erroneous billing occurring.

  1. Double charging within 0-1 days of the user-authorized transaction.  There were reports of double billing back in November and December such as complaint ID 2718918 in the CFPB data (November 2, 2017) and these Reddit posts: aaronts222 (Nov 9), UTP-OTB-HJ (Dec 12),  L0rth0s (Nov 30), etc.  More cases can be found by searching the Coinbase subreddit.
  2. What I call ‘zombie charges’, where the consumer is billed several days or weeks after the user-authorized transaction.  Old withdrawals come back to life and show up again.  The Reddit user Brandoio says that he was double charged, the double charged was reversed, and then he was zombie billed a third time.

Again, it is unlikely that a software error would look like this.  Coinbase would have had plenty of time to fix any software bugs since double charges were happening back in November.  If the same bug were to re-appear, it is unlikely to manifest itself differently with a much longer delay.  As well, one Reddit user commented that the zombie billing seems to have clustered around February 14 and 20.

Coinbase’s response

Coinbase’s blog has these relevant posts:

The earliest post blames the change in the MCC code (Merchant Category Code) used for Coinbase transactions.  The MCC was changed around January 22 (or 23).  However, erroneous billing was occurring well before January 22.  As a sidenote, I would point out that the new MCC code does change the attractiveness of Coinbase’s business model.  The new categorization defaults many credit card issuers into charging ridiculous cash advance fees on Coinbase deposits (while other issuers automatically block the new MCC code and therefore disallow Coinbase).  Consumer outrage at the surprise fees creates a lot of customer service costs for their credit card issuer, which often gives the fees back to the consumer.  It’s a lose-lose-lose situation for the consumer, credit card issuer, and Coinbase.  Coinbase no longer accepts credit cards for new accounts.

The second Feb 16 post lays the blame on Visa and Worldpay (a publicly-traded payment processor).  It doesn’t explain why Mastercard users are also affected.  It doesn’t explain the erroneous billing issues that occurred before January and only explains the charges from Feb 14 to 16 (“Over the last two days”).  And it doesn’t explain why the issue has not been fixed, as there was a cluster of zombie charges on February 20 after the February 16 statement.  On top of that, the statement’s advice seems dubious (emphasis mine).

If you continue to have problems with your credit or debit card account after this reversal period, including issues relating to card fees or charges, we encourage you to contact your card issuing bank.

If you are a merchant, you want the customer to go to you first!  This is because payment processors (like Worldpay) tend to charge inflated fees for chargebacks.  If the customer talks to their card issuing bank and requests a chargeback, the merchant does not receive any money and has to pay the payment processor a sizable chargeback fee.  If the merchant initiates a refund for the customer, the merchant does not have to pay a chargeback fee.  The bad advice strikes me as a bizarre public relations move.  Sure, the consumer might confuse their card issuing bank with Visa.  As many consumers say that they “talked to Visa” when they have actually talked to their credit card issuer, the consumer might mistakenly confuse the two and erroneously believe that Visa is to blame.  It is unclear as to how this will help Coinbase unless the company is able to raise more capital from venture capital funds.  Compare all of this to the Feb 15 blog post, which sensibly asks users to contact Coinbase’s support (emphasis mine):

Our processor confirmed that any erroneous charges will be refunded over the next few days; however, if you believe you were affected by this issue or believe you experienced additional, unreimbursed fees or charges, please contact Coinbase’s support team at support.coinbase.com so we can address your issue.

So it’s strange that Coinbase has gone from ‘please contact our support’ to ‘please contact your card issuing bank’ overnight.  The Feb 20 and 27 posts also ask customers to contact their bank before contacting Coinbase.

Coinbase’s non-response

Coinbase’s blog is silent on issues users face when trying to withdraw assets from Coinbase.

The London virtual office

Coinbase uses a London virtual office that’s managed by a company called OHS Secretaries Ltd (reddit).  The address is 9th Floor, 107 Cheapside, London, United Kingdom, EC2V 6DN.  This is presumably why the street name Cheapside appears on many consumer’s credit or debit card bills.

Some UK-based Reddit users have reported that they have sued Coinbase and won because Coinbase didn’t show up to court (here and here).  They are trying to figure out how to collect because they have difficulty tracking down Coinbase assets in London that can be seized.  While Coinbase is advertising positions in the UK and stated its intention of opening a London office in May 2017, Coinbase does not seem to have offices in the UK.

Overall, it seems unusual that a company with offices in the United States is billing US customers from a UK-based entity.  On top of that, UK customers that would like to send/receive money to Coinbase must do so through a bank based in Estonia (see Coinbase’s website).

I wonder if Metropolitan Bank has figured out that Coinbase may be a compliance nightmare.  Coinbase’s structure is unusual and looks like what somebody would do if they wanted to circumvent rules or regulations.  While Coinbase’s structure may be legitimate, Metropolitan’s compliance department certainly has its work cut out for them as the onus is on them to verify that Coinbase is in compliance with applicable laws.

Scotiabank (Bank of Nova Scotia does business under the Scotiabank name)

Scotiabank customers have been disproportionately affected by Coinbase billing issues.

  1. A Coinbase employee on Reddit (justin_coinbase) has provided a Feb 22 update for Scotia Bank / Scotiabank customers (current post, archive.org).  It specifically notes that Scotiabank is likely a separate issue:

    We are investigating a potential issue for Scotia Bank customers leading to incorrect charges. We believe this to be isolated at this point, and separate from the Worldpay and Visa issue outlined above.

  2. A Reddit thread on the double charging issues has an unusual number of USAA and Scotiabank customers.

I would guess that Scotiabank customers have been hit hard due to Scotiabank’s sloppy business practices.  Instead of helping their customers file disputes, some Scotiabank customer service reps tell customers to talk to Coinbase and/or to wait for Coinbase to reverse erroneous charges.  I have no idea as to why Scotiabank employees do this; it’s possible that Scotiabank trains its employees to avoid refunding overdraft fees as overdrafts are a key profit center for banks.

My theory is that Scotiabank (and a few other banks) was specifically targeted by Coinbase because Coinbase knows that Scotiabank’s customer service does not have its priorities straight.

USAA

USAA is pro-crypto (its Coinbase integration helps USAA members buy cryptocurrencies) and is an investor in Coinbase.

  • This might explain why Coinbase recognized an issue with Scotiabank but not USAA.
  • It can also explain why USAA isn’t blocking Coinbase.  USAA customers may be having more issues because USAA isn’t stopping Coinbase shenanigans.

Support employees differ somewhat from Coinbase’s official stance

On Reddit, coinbase_tom made a Feb 4 post asking for customers to report double charges.  Coinbase’s support employees likely saw an influx of double charges prior to Feb 4 (consistent with CFPB and Reddit complaints).  Coinbase_tom’s post notes some possible patterns to the problem, notably: “At this time, this issue only appears to be affecting a small number of banks, and only when using cards.”

Justin_coinbase on Reddit identified an unusual amount of incorrect charges for Scotiabank customers in a Feb 22 post (current post, archive.org).  Coinbase’s Twitter accounts (@coinbase and @CoinbaseSupport) do not mention the word Scotiabank in any of their Tweets.  While the employees have picked up on the pattern, Coinbase did not officially recognize a problem with Scotiabank (Coinbase annoyingly calls it “Scotia Bank”) until a Feb 27 blog post.

While it is very likely that Coinbase has known about incorrect billing problems for a long time, it is difficult for me to believe that these issues were caused by software errors that have gone unfixed for weeks.

Fraud may eventually make it even more difficult for Coinbase to operate

Bitcoin and other cryptocurrencies naturally attract fraud.  They’re easy to steal and the theft can’t (easily) be reversed.  Not surprisingly, Coinbase has a huge problem with fraud.  If thieves can gain access to a consumer’s credit card or bank account, they can use it to buy cryptocurrency and immediately transfer it out of Coinbase.  There are some safeguards but thieves figure out ways around them.  A Coinbase employee even describes how it loses money- check out this half-hour video and watch it with its accompanying slides.  The thievery imposes costs onto the traditional financial system (e.g. customer service costs) and makes institutions shy away from allowing cryptocurrency transactions.  So even without the unauthorized billing going on, Coinbase may naturally lose its ability to accept credit and debit cards.  The card issuers may get sick and tired of having to provide customer service to consumers whose accounts have been hacked into.  They may raise their fees to try to compensate, but this generates yet more customer service costs.  Many institutions have decided to outright block cryptocurrency transactions.  I think more and more institutions will join that trend.  The concept of allowing consumers to conveniently buy crypto via credit and debit cards may not be a viable business model to begin with.

Fraud could also potentially cause Coinbase to experience liquidity issues, although it’s unclear as to how much Coinbase loses to fraud versus how it money it makes.  In the video on Coinbase fraud (accompanying slides) that I linked to earlier, the presenter mentions that 2-factor authentication via text messages (SMS) to cell phones is easily broken by thieves.  Cell phone carriers have little incentive to make their systems more secure and easily give out access to consumer accounts to thieves.  Yet, Coinbase still allows 2-factor authentication via text messages according to its online support center (archive.org).  Other crypto exchanges like Kraken require stronger security and don’t allow 2-factor authentication methods as weak as text messages.  They don’t allow accounts to be funded via credit or debit cards.  It remains to be seen as to whether or not Coinbase’s approach of higher convenience and lower security will succeed.

Arguments against Coinbase having liquidity issues

  1. I couldn’t find evidence that Coinbase is continuing this practice at near the same scale.  User reports of double charging and zombie charges in the past few days seem to be much lower.  If there is a liquidity issue, then one would expect Coinbase to continue shoring up its liquidity.
  2. Worldpay is oddly silent despite Coinbase insisting that “This issue was not caused by Coinbase” and insisting that Visa and Worldpay are to blame.  If Coinbase is being deceptive, then it doesn’t necessarily make that much sense for Worldpay to stay quiet.  (It’s possible that Worldpay doesn’t want credit risk from Coinbase and therefore doesn’t want to hurt Coinbase’s reputation as it figures out how to avoid becoming the bagholder.)
    • Visa has also been somewhat silent.  Various online press outlets (e.g. The Register) have reported that a Visa spokesperson stated: “Visa does not reverse or resubmit transactions. That is not Visa’s role in the payment system.”  However, Visa has not refuted Coinbase on its own website, social media accounts, or through a press release.
  3. Maybe Coinbase really is that incompetent and/or crazy.
  4. The unauthorized withdrawals may have a very different goal (e.g. to influence accounting).  This seems highly unlikely though.

This bubble is amusing

Coinbase is actually one of the better exchanges out there.  It doesn’t allow its customers to trade Tether (unlike the majority of its competitors) and it has tried to comply with banking regulations.  Despite being one of the better exchanges, Coinbase has serious operational issues.  Its multiple service outages, choice of MongoDB, and buggy record-keeping reflects poorly on the company’s engineering.  But thanks to venture capital, Coinbase has plenty of capital to piss away.  Or perhaps it had plenty of capital, since Coinbase’s current liquidity situation is unclear.  Who knows.

Ultimately, the crypto bubble will collapse because blockchain is a useless technology.  The current VC enthusiasm is similar to the early 2000s, except this time around the VCs are backing useless technology and have no chance of finding the next Paypal.  Will Coinbase be one of the first companies to break?  We’ll find out soon.  (I could very well be wrong… we’ll find out soon right?)

*Disclosure:  No position in BNS (Bank of Nova Scotia / Scotiabank), MCB (Metropolitan Bank), LON:WPG (Worldpay), or MDB (MongoDB).

 

 

Links

The Curious Tale Of Tethers – An explanation of why it’s unlikely that Tether is backed by USD and is therefore a sketchy cryptocurrency.

NoSQL Meets Bitcoin and Brings Down Two Exchanges: The Story of Flexcoin and Poloniex – A technical explanation of why MongoDB is a dumb idea for crypto exchanges.

Circle Acquires Poloniex – Circle is a VC-funded startup whose crypto exchange failed.  Circle decided to buy Poloniex.  Poloniex is an exchange that used MongoDB.

 

Tips for Coinbase customers

  1. If you’re worried about Coinbase taking money out of your account, get a new debit card.  Or talk to your bank / card issuer to see if there is a way to block Coinbase.
  2. Removing banking information from Coinbase did NOT stop Coinbase from erroneously billing accounts.  If you really want to do this, do this last.
  3. Transfer your assets out of Coinbase before disputing Coinbase transactions.  If you talk to your bank to file a chargeback or dispute, Coinbase will likely freeze your account.  So, transfer assets out first.  Cryptocurrency transfers are generally irreversible after enough confirmations.  Wire transfers tend to be irreversible after 1-2 business days.  It is possible to defraud Coinbase and to steal their assets if you transfer too much out of Coinbase.  I would avoid doing that as it would be unethical (and likely illegal) to take what isn’t yours.
    • Take into account fluctuations in cryptocurrency prices.  Coinbase may/will try to make you pay for their loss on the market value of a cryptocurrency if you dispute a transaction.
  4. Debit and credit card transactions can be reversed.  Talk to your card issuer and tell them that you did not make the erroneous transactions in question.  They can perform a chargeback or fraud investigation on your behalf.  I would be surprised if you don’t win these disputes.
  5. Filing a complaint with the CFPB is likely the fastest way to get a speedy resolution if your problem can’t be solved by your bank.  Talking about Coinbase on social media is only somewhat effective.  Daniel Fernandez was able to have his issue (partially?) resolved sometime between Feb 8 and Feb 12, after the very popular Youtuber Ethan Klein tweeted to @coinbase on February 5.  Fernandez seems to have first pinged Coinbase on Dec 7.  Reddit users have had little luck in having their issues resolved.  I wouldn’t rely on social media unless you have hundreds of thousands of followers or if you have very famous friends.
  6. Cash advance fees, interest on cash advances, overdraft fees, and ATM/international fees go to the company that issued your card.  You can talk to your card issuer to get these charges reversed.  The customer service representatives may not necessarily want to do this since these fees make money for the card issuer.  Politely explain that you should not be paying these fees on transactions you did not make.  If that doesn’t work, try talking to a supervisor, another representative, or express interest in cancelling your credit card to talk to the company’s retentions department.
  7. Cryptocurrencies are worse than systems that have been tried in the past.  It is unlikely that the world will use buggy, insecure systems controlled by China as a store of value.  If you would like to speculate on cryptocurrencies, you will likely lose everything.

US wire transfers not being credited:  Talking to Metropolitan Bank may help.  Have your wire information ready.

12 thoughts on “Coinbase is a hot mess (plus MongoDB, Bank of Nova Scotia, MCB, and others)

  1. I appreciate the analysis but you are missing the forest for the tree: cryptocurrency exchanges are CRAZY profitable. Binance, one of the top exchanges, burned $34 million worth of its token as part of its policy to use 20% of its QUARTERLY profit to burn their tokens. That’s $170 million in profit in 3 months.

    Coinbase/GDAX is also one of the top exchanges and has a much higher profit margin than Binance. There is no way they are not profitable or have liquidity issue. Not possible at all.

    • Another example: Quadriga, a small Canadian exchange, got $18 million worth of cryptocurrency locked up/lost forever in June 2017 and they were able to stay afloat despite the hit. Imagine the profitability of Coinbase which is probably 50-100x the size of Quadriga.

  2. What amazes me with all the problems that this coinbase has , the people do not have or do not close the account . I do not like this coinbase . Also for the arrogance of his CEO who has towards customers. Close the account with coinbase , what are you waiting for?

  3. Just for clarity, how many complaints does coinbase have officially logged against them? And how many users?

    … Look, you make a lot of good points, very detailed. This is what I call actionable information. But I have to be honest – this article is so obviously a hit job on cryptocurrencies in general based on what seems to be the assumption the CoinBase is the genesis domino. I don’t mind this kind of content because I can parse it out, but fear for those with difficulty appraising context.

  4. Coinbase Global, LLC -[CBG] is an international criminal syndicate of epic proportions. Involved in Money Laundering, Tax Evasion, Cyber Assaults, blackmail and intimation of victims Thief of over a Million Americans Fiat and Digital Assets.
    [Ref https://www.consumerfinance.gov/- over 1,000,313 total complaints as of March 1, 2018 at this agency alone] Corruption of KNOWN US Government Officials, Financial Institutions such as Cross River Bank and USAA Federal Savings and loan Association, BOD, Committee Members and 1000’s of their employees hold multiple “Wallets.” at Coinbase! I alone have over 3 meters of PROOF. Since mid-July 2017 when I had filed two ICE Reports that had been confirmed then following January 2018 by Homeland Security! NOT ONE US Federal Official has come to review any of the evidence, Ready for this, “I KNOW WHY, WHO. WHERE “is involved! They KNOW IT! Reference my profile at Linked
    Michael K, Zimmerman. That is the Platform when an Imposter Profile had been constructed with the data and information that had been Hacked /stolen from the KNOWN, RECORDED , documented and date timestamped that Coinbase Globe’s software engineers had initiated perpetual cyber assaults and had stolid proprietary data, information and had acquired a multitude of encrypted files and folders. Some propriety of The United States of America. Along with two Sovereign Countries and States!

  5. Its incredible to me how people post such strong opinions, specifically the ones on MongoDB in this article, as fact when they clearly have no idea what they are talking about.

    If you need MongoDB to store transactional data for total durability configure using a proper write concern:
    https://docs.mongodb.com/manual/reference/write-concern/

    Its also well documented that losing data in MongoDB is not a problem:
    https://news.ycombinator.com/item?id=13590457

    Do more that 5 seconds of research before spreading misinformation please.

    • So the data issues alluded to in Coinbase’s blog post shouldn’t exist in the first place. Coinbase did not need to implement Redis to implement locks on the database.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.