Innovation Matters: Coinbase Breaks New Ground with MPC Security Technology

Cryptocurrency is a fundamental new building block for the financial system. It enables 24/7 cross border payments, provides access to the global financial system to anyone with a cellphone and internet connection, and enables users to have complete control over their own assets without an intermediary. But just like every new technology before it, crypto demands new tools to protect it from ever evolving cyber threats. As the largest custodian of cryptocurrency in the world, Coinbase invests enormous time and resources to build novel, cutting edge tools for the benefit of our customers. To do this, we have invested in a unique bench of talent, combining expertise in cryptography, engineering, security and cryptocurrency to create a unique set of capabilities.

We also care deeply about the overall crypto ecosystem, so where possible and helpful we are committed to open sourcing the tools we build for the benefit of all.

Today, we are open sourcing our Multi-Party Computation (MPC) cryptography library. Imagine a safe that requires multiple combination codes to unlock. Each person in a group knows only their part of the combination, and they never share their piece with anyone else. To open the safe, everyone inputs their respective code simultaneously. The safe unlocks without any individual ever knowing the complete combination. 

This represents MPC: different parties contribute fragments of the key -- called shares -- to collaboratively perform a signing operation, while preserving the privacy of their shares. Importantly, during the MPC operation, the shares are never combined, and so are never exposed on any single device.

By open-sourcing this technology, we’re raising the bar for security across the industry. Now, others can adopt, test, and improve on this method—leading to a safer and more resilient crypto ecosystem.

What’s Included?

We’re sharing a full suite of MPC tools, including:

• Secure methods for protecting crypto keys

• Code that enables multiple parties to sign transactions securely

• Technical documentation and examples to help developers implement MPC correctly

While this technology already helps safeguard Coinbase assets, we’ve adapted it to be flexible so that other developers and institutions can use it for their own security needs.

Why Open Source?

By making our MPC technology public, we’re reinforcing our commitment to security, transparency, and collaboration.

• More Eyes, Better Security: Open-source code allows independent experts to review and validate our security measures.

• Faster Innovation: Organizations that want to use MPC don’t have to start from scratch—they can build on our work.

• Strengthening the Crypto Ecosystem: The more companies that use strong security tools, the safer crypto becomes for everyone.

How to Report and Update on Vulnerabilities

Security is an ongoing effort, and we encourage the community to report any vulnerabilities they discover. Here’s how:

• Bug Bounty Program: Coinbase runs an active bug bounty program where security researchers can report vulnerabilities and earn rewards.

• Direct Reporting: For those who prefer, you can reach out to our security team directly at [email protected].

We take these reports seriously—our cryptography and security teams monitor, review, and update the repository as needed.

How to Get Involved

We encourage developers, security researchers, and institutions to explore our MPC library, contribute improvements, and help make crypto even more secure. The code is available now on our GitHub.

Coinbase is committed to setting new standards for security in crypto. By sharing our expertise, we hope to inspire a future where digital assets are not just innovative—but also protected by the best security in the world.