A breakdown of our core staking security practices.
November 14, 2025
Overviews
3 min read
Written by
Coinbase is setting the industry standard for how institutions securely stake digital assets. Our unparalleled security and cutting-edge staking architecture have earned us a consistent track record of client asset security and made Coinbase the most trusted platform for institutional investors.
This article covers the key security practices, for both our cloud hosted and bare metal networks, that make Coinbase Prime the most secure place to stake crypto.
Protecting customer assets is our highest priority. Our commitment to this begins with robust, multi-layer security measures built into our staking product. These practices, upheld by our Blockchain Security Team, help safeguard funds, prevent unauthorized access, and maintain platform reliability.
Cold storage
Customer assets never leave our secure cold storage and we do not leverage third party APIs for transaction crafting. All of our staked assets utilize the controls and security guarantees of our custody services. Coinbase crafts the transactions, assigns staking initialization, and implements rigorous key protections throughout the entire staking process. This is done utilizing industry best practice MPC key security, ensuring that transactions are independently signed and verified throughout the fund movement process. As always, we never transfer custodial private keys or ownership to third parties.
Consensus required to make changes
To ensure that no individual can make direct changes to our production environments or source code (e.g., via a personal access token), we enforce consensus-based change management. Consensus requirements scale based on the criticality and risk of a given service. We also supplement this with strong identity and authentication patterns, such as codified access controls, hardware 2FA, and verification of developers’ devices. This setup operates around zero-trust principles, proactive secure code scanning, and secrets scanning and management. This mitigates many of the risks that the compromise of a personal access token could permit.
Double signing protection (DSP)
We employ a layered security approach that combines local state tracking, infrastructure-level primitives, and remote signing with high watermarks. Each validator client maintains a local anti-slashing database to record all signed actions and prevent conflicting signatures. At the infrastructure level, Kubernetes primitives ensure that a validator's keys are loaded on only one node at a time, preventing multiple instances from running concurrently.
For our Ethereum validators, a highly secure remote signer stores validator private keys and uses a high watermark (a record of the last valid action) to reject any new signing requests that are older than or conflict with that record, ensuring that all validator actions are both consistent and progressive. For more on our double signing and slashing protections, see this article.
Other slashing protections
In addition to DSP, we utilize metrics and alerts to avoid any downtime induced penalties. This allows us to closely monitor what validators are doing at any given time and automatically restarts validators if they go down. If validators are brought down by an error that renders our systems unable to do this, alerts immediately notify us so we can resolve the issue. We also incorporate additional prevention measures on a per network basis, depending on each network’s specific slashing conditions. This setup helps us maintain our 99% uptime guarantee and flawless track record of never being slashed on any of the networks we operate.
Coinbase Prime integrates staking with secure custody, trading, financing, and other prime services to provide a turnkey solution for institutions. We uniquely own the complete tech stack, providing a fully integrated workflow and a full line of sight support channel. The marriage of ultra secure staking with an equally robust custody solution makes Prime a one-stop shop for institutions looking to seamlessly stake their assets with a trusted provider.
Disclaimer
This document is intended only for sophisticated investors; it is for informational purposes only and does not constitute the provision of investment advice. Client assumes full responsibility for its trading activity and should consult its advisors for its specific situation. Coinbase is not registered as an investment advisor and Coinbase assumes no liability, obligation, or responsibility for client decisions regarding its Coinbase Prime Broker Account. Please consult your Coinbase Prime Broker Agreement and www.coinbase.com/Prime for additional details.
2025 © Coinbase, Inc. All Rights Reserved. Coinbase and related logos are trademarks of Coinbase, Inc., or its Affiliates. The views and opinions expressed herein are those of the author(s) and do not necessarily reflect the views of Coinbase and summarizes information and articles with respect to cryptocurrencies or related topics. This material is for informational purposes only and is only intended for sophisticated investors, and is not (i) an offer, or solicitation of an offer, to invest in, or to buy or sell, any interests or shares, or to participate in any investment or trading strategy, (ii) intended to provide accounting, legal, or tax advice, or investment recommendations, or (iii) an official statement of Coinbase. No representation or warranty is made, expressed or implied, with respect to the accuracy or completeness of the information or to the future performance of any digital asset, financial instrument, or other market or economic measure. The information is believed to be current as of the date indicated and may not be updated or otherwise revised to reflect information that subsequently became available or a change in circumstances after the date of publication. Coinbase, its affiliates, and its employees do not make any representation or warranty, expressed or implied, as to accuracy or completeness of the information or any other information transmitted or made available. Certain statements in this document provide predictions and there is no guarantee that such predictions are currently accurate or will ultimately be realized. Prior results that are presented here are not guaranteed and prior results do not guarantee future performance. Recipients should consult their advisors before making any investment decision. Coinbase may have financial interests in, or relationships with, some of the assets, entities and/or publications discussed or otherwise referenced in the materials. Certain links that may be provided in the materials are provided for convenience and do not imply Coinbase's endorsement, or approval of any third-party websites or their content. Any use, review, retransmission, distribution, or reproduction of these materials, in whole or in part, is strictly prohibited in any form without the express written approval of Coinbase. Coinbase, Inc. is licensed to engage in virtual currency business activity by the New York State Department of Financial Services. Coinbase, Inc., 248 3rd St #434, Oakland, CA 94607.
Coinbase Custody Trust Company, LLC is chartered as a limited purpose trust company by the New York State Department of Financial Services to engage in virtual currency business.
Copyright 2025 | Coinbase, Inc.
Coinbase One members in the U.S. and Institutional clients receive exclusive 7-day early access to our Research reports – featuring weekly insights, monthly deep dives, quarterly updates, and more all delivered directly to your inbox.
