5.2.3 Validator Enter/Exit (Churn)

According to rated.network, in the past 30 days, 2,950 validators have entered and 6,759 have exited.

• Coinbase Validator Enter (activation) and Exit:

Source: Rated.Network | Date: 6/29/2023

5.2.4 Stake Distribution Across Geographic Jurisdictions

The white paper describes geographic and hosting diversification with node operator(s) collectively running validators in multiple hosting environments (e.g., bare metal, AWS, GCP) and in multiple regions to reduce the risk of correlated slashing.

We are unable to corroborate Coinbase’s claim.

5.2.5 Node Software Diversity

We can see from this post from May 2022 that Coinbase values and intends to pursue greater client diversity. They state a goal of having no more than 33% of nodes running on any single client.

The current Coinbase client software distribution according to rated.network:

- Lighthouse: 41.74%

- Nimbus: 5.84%

- Prysm: 29.20%

- Teku: 23.21%

5.3 Economic Performance

5.3.1 Revenue Source

Coinbase caters to three primary target markets. There are several product offerings for each market:

1. Consumers: Coinbase App, Web3 Wallet, Coinbase Wallet

2. Institutions: Coinbase Prime, Coinbase Spot market, Coinbase Derivatives Exchange

3. Developers: Coinbase Cloud (crypto payment, trading APIs, data access, and staking infrastructure), Coinbase Pay & Coinbase Commerce

Coinbase divides its revenue sources into two categories: transaction revenue and subscription and services revenue.

Transaction revenue is subdivided into retail and institutional trading. Subscription and services revenue is broken down into blockchain rewards, custodial fees, interest income, and misc subscription and services.

5.3.2 Revenue

As of the most recent quarterly report from Q1‘23, Coinbase has earned $736.4m in the most recent quarter and $2.72b in the past four quarters. Revenues are still down from the previous year, but Coinbase has experienced two quarters of Q/Q net revenue growth with 22% growth from the previous quarter.

Roughly half of Coinbase’s revenue comes from subscriptions and services, and 10% from blockchain rewards. Blockchain rewards as a percent of net revenue is up from 7% in Q1‘22. Blockchain rewards are recognized on a gross basis, so when accounting for 75% of rewards passed on to users (Coinbase takes a 25% fee), blockchain rewards make up 3% of net revenue ($18.43m). Staked ETH makes up the largest share of Coinbase’s blockchain reward revenue.

Source: Coinbase Shareholder Letter, Q1 2023

5.3.3 Net Profit

Coinbase experienced significant growth from 2020 - 2021, as well as a precipitous decline, consistent with the crypto market, in 2022. The high correlation between Coinbase’s revenue and crypto market performance presents a challenge to its sustainability.

There was a net loss of roughly $2.6 billion in 2022. This has contributed to the decision to lay off 20% of staff earlier this year.

Source: Annual Meeting of Stockholders 2023 report

The expense tightening is apparent in the Q/Q operating expenses. Q1‘23 saw a 24% decline in total operating expenses. Expenses were reduced in nearly all categories with the notable exception of a $144m restructuring expense (a non-recurring expense).

Source: Coinbase Shareholder Letter, Q1 2023

One bright spot for Coinbase’s performance is the increase in subscription and services revenue from $517 million to $792 million, primarily due to the revenue-sharing agreement they have with Circle (interest-bearing customer custodial funds in USDC driven by an increase in interest rates). Subscription and services revenue has increased 53% YoY while transaction revenue dropped 66%.

Source: Annual Meeting of Stockholders 2023 report

Coinbase’s consolidated PnL showing results of operation is below:

Source: Annual Meeting of Stockholders 2023 report

5.3.4 Risk Factors

• Coinbase total revenue is substantially dependent on the prices of crypto assets and the volume of transactions conducted on their platforms

• Revenue from transactions, subscriptions, and services is dependent on transactions in Bitcoin, Ethereum, and interest income in connection with USDC. Declining revenues in these areas could adversely affect the company.

• Interest rate fluctuations could negatively impact the company.

• Adverse economic conditions may adversely affect the business.

• Cyberattacks and security breaches of the platform.

• Uncertain regulatory landscape.

• Coinbase growing international expansion could put them at odds with US and non-US regulators related to sanctions, export control, and anti-money laundering.

• Coinbase’s consolidated balance sheet may not contain sufficient amounts/types of ‘regulatory capital’ to meet changing requirements of regulators worldwide.

• Certain crypto assets being deemed a “security”.

• Loss of banking or insurance relationships (ref. Operation Chokepoint 2.0)

• Theft, loss, or destruction of private keys under Coinbase Custody.

• Coinbase depends on major mobile operating systems and third-party platforms for distribution of their products (i.e., Google Play, Apple App Store)

• Coinbase is a remote-first company subjecting them to increased operational risk.

5.4 Legal

See also our general LSD Legal Framework Considerations

5.4.1 Legal Structure

Coinbase has several Coinbase User Agreements (legal structures) due to the nature of their growing international expansion that could put them at odds with US and non-US regulators related to sanctions, export control and anti-money laundering. The different user agreements pertain to:

1. Customers who reside outside Australia, Canada, the United States of America, United Kingdom, European Economic Area, Andorra, Faroe Islands, Gibraltar, Guernsey, Isle of Man, Japan, Jersey, Monaco, New Zealand, San Marino, Singapore and Switzerland (Coinbase Ascending Markets Kenya Limited (‘Coinbase Kenya’))

2. Customers who reside in the UK and select countries outside the European Economic Area (Switzerland, Andorra, Faroe Islands, Gibraltar, Guernsey, Isle of Man, Jersey, Monaco, San Marino, and New Zealand). (CB Payments, Ltd (‘Coinbase Payments’), Coinbase Europe Limited (‘Coinbase Europe’))

3. Updated User Agreement effective from July 12, 2023 onwards. For customers who reside in the UK and select countries outside the European Economic Area (Switzerland, Andorra, Gibraltar, Guernsey, Isle of Man, Jersey, Monaco, San Marino, and New Zealand). (CB Payments, Ltd (‘Coinbase Payments’), Coinbase Europe Limited (‘Coinbase Europe’))

4. Coinbase Cloud Terms of Service require users to disclose private keys associated with blockchain addresses for end users’ digital assets as may be required by the relevant protocol in connection with Coinbase’s staking services. (This appears to be especially relevant for users who have chosen to have Coinbase setup dedicated staking services on their behalf.)

5. Coinbase User Agreement pertaining to Ethereum Staking and Wrapping (US) key details:

   • Staking services are voluntary and can be stopped at any time. The staking does not affect the ownership of digital assets.

   • Users can earn rewards if Coinbase successfully validates a transaction. Rewards are distributed after being received by Coinbase, minus a commission.

   • staked ETH held by Coinbase on behalf of cbETH holders are subject to risk of slashing.

   • Depending on when you began staking ETH with Coinbase, users may lose certain slashing protection by wrapping their staked ETH (cbETH).

   • Only certain Coinbase customers in certain jurisdictions have access to wrapping or cbETH.

   • Holders of cbETH can instruct Coinbase to unwrap their cbETH, redeeming it for ETH plus any rewards and minus any Coinbase fees and slashing penalties. Certain eligibility and geographic restrictions apply, and requests to unwrap may not be processed immediately.

   • Risks associated with electing to wrap into cbETH include:

     • Coinbase does not guarantee the value of staked ETH principal or associated rewards.

     • Coinbase is not responsible for decrease in values

     • There is no guarantee of successful exchange or sale of cbETH. Coinbase will not guarantee liquidity.

6. Coinbase User Agreement pertaining to Ethereum Staking and Wrapping (EEA) key details:

   • Users who want to stake ETH on Coinbase Europe must meet certain eligibility requirements.

   • No guarantees provided regarding the success of the Ethereum network upgrade.

   • Rewards earned from staking ETH will remain locked on the Ethereum blockchain until the completion of Phase 1.5 of the Ethereum network upgrade.

   • Once wrapped staked ETH cannot be redeemed or awards claimed. Wrapping staked ETH as cbETH keeps the economic value, risk, and rewards of staked ETH intact.

   • cbETH in user’s Coinbase Europe Digital Currency Wallet represents ownership of the staked ETH (including rewards and minus any fees and penalties).

   • With the sale or transfer of cbETH, one transfers ownership of the staked ETH and the right to redeem it. The recipient is entitled to the economic value, risk, and rewards of the staked ETH.

   • The Coinbase Group holds staked ETH and associated rewards that have been wrapped as cbETH on behalf of cbETH holders, but the ownership doesn’t transfer to any entity in the Coinbase Group.

Relations with customers residing in Europe are subject to EEA User Agreement according to which the contract is concluded between the user and each of Coinbase entities:

• Coinbase Ireland Limited (“Coinbase Ireland”), a private limited company incorporated in Ireland with company number 630350, regulated by the Central Bank of Ireland; and

• Coinbase Europe Limited (“Coinbase Europe”), a private limited company incorporated in Ireland with company number 675475.

User Agreement provides a disclaimer that Coinbase Europe does not operate under the regulatory oversight of financial services and is not registered, regulated, or accredited by the Central Bank of Ireland or any other regulatory authority in Ireland. Consequently, users won’t have access to the regulatory safeguards typically associated with regulated entities, including investor or deposit protection schemes and recourse to the Financial Services and Pensions Ombudsman (“FSPO”) concerning Digital Currency Services.

Beyond the primary services, which are the E-Money Services and Digital Currency Services, Coinbase Europe, Coinbase Ireland, or another entity within the Coinbase Group may offer a range of supplementary services to users who meet certain qualifying conditions. Staking services (as outlined in Appendix 7) are among the enlisted offerings.

Coinbase Group consists of Coinbase Europe and its corporate affiliates, including Coinbase, Inc., a Delaware corporation, which provides Digital Currency storage and wallet services. This is the entity that contracts users based in the United States as per current US User Agreement.

Since the use of services offered by Coinbase on US territory is governed by this agreement we should mention an important provision of the preamble stating that “Coinbase is not registered with the U.S. Securities and Exchange Commission and does not offer securities services in the United States or to U.S. persons”. By signing up to use a Coinbase account or service through coinbase.com, the User acknowledges Digital Assets are excluded from the protective coverages or insurances offered by the Federal Deposit Insurance Corporation or the Securities Investor Protection Corporation.

5.4.2 Licenses

• Coinbase, Inc. has a Money Transmitter license across a number of US jurisdictions.

• For their institutional clients, they’ve set up Coinbase Custody Trust Company, LLC, chartered by the New York Department of Financial Services.

• They have LMX Labs as a designated contract market with the U.S. Commodity Futures Trading Commission.

• They also have international licenses for Canada, the United Kingdom, Germany, Ireland, Australia and Singapore.

• The different entities of Coinbase are duly registered and authorized by various financial authorities in different European jurisdictions such as Germany, Ireland, Netherlands, and Italy. This suggests that Coinbase operates under the strict guidance and regulation of these authorities, with ability to offer various virtual asset services.

• Certain limitations exist in certain EU jurisdictions with respect to monitoring financial operational risks and providing specific financial consumer protection.

• Coinbase expressly notifies that Coinbase Europe Limited and Coinbase Custody International Limited are listed in the Dutch National Bank (DNB)’s public register as crypto service providers. While they are supervised by DNB for compliance with the AML/CTF Act and the Sanctions Act, these entities are not under DNB’s prudential supervision or conduct supervision by the Dutch Authority for the Financial Markets.

5.4.3 Enforcement Actions

On June 6, 2023 the SEC Charged Coinbase with operating as an Unregistered Securities Exchange, Broker and Clearing Agency.

Some charges that could be particularly harmful to Coinbase with implications for the wider industry (see SEC Complaint for reference):

Coinbase operating as an unregistered broker through Coinbase Prime (“Prime”) and Coinbase Wallet (“Wallet”), which routes orders through third-party crypto asset trading platforms to access liquidity outside the Coinbase Platform. (p. 2)

• Could potentially set a precedent that hot wallets (e.g. Metamask) and hardware wallets (e.g. Ledger) are “unregistered brokers” and validators are broker dealers by routing on-chain orders. The latter having more direct consequences for cbETH.

The Coinbase user agreement (“User Agreement”), which applies to some of Coinbase’s services (including the Coinbase Platform and Staking Program), states that crypto assets and fiat currency transferred by a customer to Coinbase are “custodial assets held by Coinbase for [the customer’s] benefit. (p. 22)

• SEC argues that Coinbase acts as a securities custodian which implies maintaining a different level of regulatory compliance.

…blockchain requires users to stake a minimum of 32 ETH (currently approximately $60,000) to run a validator node. But the Coinbase Staking Program allows investors to participate in staking without having to meet such thresholds (p. 84)

• The particular allegations of deliberately lowering the validators’ staking threshold may be harmful to the entire business model of delegated staking.

The Staking Program includes five stakable crypto assets, and the Staking Program as it applies to each of these given assets is an investment contract, and therefore a security (p. 4)

• While Coinbase intends to fight, pinpointing the staking program brings uncertainty to cbETH for the foreseeable future.

Investors understand that Coinbase will expend efforts and leverage its experience and expertise to generate returns (note: referencing the “Staking Program”) (p. 3-4)

• The SEC is making the case that customers use Coinbase staking product, including wrapping to cbETH, with “expectation of profit…from the efforts of others” (Howey Test).

Persons have offered and sold crypto assets in capital-raising events in exchange for consideration, including but not limited to, through so-called “initial coin offering” or “ICOs”, “crowdsales”, or public “token sales” (p. 13-14)

• Here the SEC is referencing historical ICOs as evidence of investment contracts, suggesting the things sold are intrinsically securities.

Coinbase regularly solicits customers by advertising on its website and social media the features of the Coinbase Platform, Prime and Wallet - especially those that allow customers to trade in crypto assets. (p. 19-20)

As of approximately March 2023, Coinbase’s website encouraged investors to stake their ETH with the Coinbase Staking Program and “get” or “earn 4.07% APY on all [their] staked ETH” in addition to a 10% bonus for staking at least $100 in ETH. (p. 86)

• Marketing the staking program with abbreviations typical for tradfi provides a premise to support the SEC thesis or makes the reasoned defense challenging.

Through its Staking Program, Coinbase has engaged in the unregistered offer and sale of securities in violation of Section 5 of the Securities Act. (p. 81)

• Even a remote chance that Coinbase acquiesce and shuts down their staking product would jeopardize cbETH.

While the lawsuit is likely to have significant implications for Coinbase’s products and operations, the specific outcome concerning Ethereum (ETH) as a result of the court proceedings is not clear from the sources reviewed. As it stands, the lawsuit is ongoing, and a definitive resolution cannot be predicted at this point.

As of the date of writing, Coinbase answered the SEC’s complaint with multiple defense strategies including, that SEC actions violate due process and constitute an abuse of discretion. The exchange informed the Judge that it would seek a “motion for judgment on the pleadings”. Thus, Coinbase is aiming to present documents useful for its argument to the Judge through the response - a frankly innovative move endorsed by legal commentators.

Coinbase’s legal team noted in a recent letter to the court that there’s a more basic issue with the SEC’s case, which the Chair acknowledged two years prior and currently entitles Coinbase to an immediate judgment based on the court filings: the issue in question is beyond the SEC’s purview.

We should not miss the arguments regarding staking services in the Preliminary Statement of Coinbase’s Answer.

Coinbase makes available to its users “staking” services by which it facilitates their participation as validators for certain proof-of-stake networks.

39 As noted, proof-of-stake blockchain networks depend for their functionality on token holders’ validation through staking, which involves running public open-source software on a computer to validate transactions. Holders who stake their assets receive compensation, paid out by applicable blockchain protocols, in the form of the network’s digital asset. This system of staking and attendant rewards has existed since at least 2012, and Ethereum has since emerged as the world’s largest proof-of-stake network. Coinbase runs software and provides certain administrative services to allow customers to stake Ether and other select digital assets that operate on a proof of-stake network. As a fee for this service, Coinbase receives a fixed percentage of participating customers’ staking rewards.

40 Three of the five assets available for staking mentioned in the Complaint were offered by Coinbase or discussed with the SEC prior to the DPO.

5.4.4 Sanctions

Coinbase has proprietary software e.g., Interdiction Solution that helps them intercept and freeze assets to and from crypto addresses that are subject to US sanctions laws. The Interdict Solution allows Coinbase to do real-time screening of all transactions and proactively block and tag all sanctioned addresses.

Some specialized tools include: - use of commonspend for UTXO blockchains (Bitcoin, Litecoin and their forks) - demixing transactions that use coinjoin to get around commonspend

The consent order issued on January 4, 2023 by the New York Department of Financial Services (NYDFS) to Coinbase involved several key components:

• Failures in Compliance Program: The NYDFS found significant failings in Coinbase’s compliance program, including in its Anti-Money Laundering Program, Know Your Customer/Customer Due Diligence, Transaction Monitoring, and Suspicious Activity Reporting Systems.

• Know Your Customer and Due Diligence: The NYDFS disclosed that Coinbase had a pending list of 14,000 users awaiting background checks. The agreement noted that Coinbase approached KYC requirements, which necessitate firms to gather and retain specific user information, as a mere formality. It further stated that Coinbase should have solicited additional information from users, allocated risk ratings for determining the suitable level of continuous transaction scrutiny, conducted comprehensive diligence (EDD) for high-risk users, and performed extra checks for politically exposed individuals or those from sanctioned jurisdictions.

• Transaction Monitoring: Suspicious transactions frequently marked in Coinbase’s system were reportedly not reviewed promptly, leading to a backlog of over 100,000 unchecked transactions by the end of 2021. When third-party reviewers were employed by Coinbase to expedite the process, the NYDFS alleges that these reviews were sometimes incorrectly carried out.

• Suspicious Activity Reporting: According to allegations, Coinbase was often late in filing Suspicious Activity Reports (SARs), sometimes several months after the identification of the suspicious activity, and at times provided insufficient data, due to its inefficient transaction monitoring practices.

• Independent Monitor: In the course of the investigation, the NYDFS installed an Independent Monitor to immediately evaluate the situation and begin working with Coinbase to fix the outstanding issues. Under the terms of the Consent Order, the Independent Monitor will continue to work with Coinbase for an additional year, extendable at the Department’s sole discretion.

5.4.5 Liability Risk

Coinbase has gone to great lengths in its various User Agreement(s) to uphold Limitation of Liability:

Release of Coinbase; Indemnification. If you have a dispute with one or more users of the Coinbase Services, you release Coinbase, its affiliates and service providers, and each of their respective officers, directors, agents, joint venturers, employees and representatives from any and all claims, demands and damages (actual and consequential) of every kind and nature arising out of or in any way connected with such disputes. You agree to indemnify and hold Coinbase, its affiliates and service providers, and each of its or their respective officers, directors, agents, joint venturers, employees and representatives, harmless from any claim or demand (including attorneys’ fees and any fines, fees or penalties imposed by any regulatory authority) arising out of or related to your breach of this Agreement or your violation of any law, rule or regulation, or the rights of any third party.

Users agree to be bound by the Arbitration Agreement provided in Appendix 5 of the User Agreement (US)

Dispute Resolution: PLEASE BE AWARE THAT SECTION 7 (CUSTOMER FEEDBACK, QUERIES, COMPLAINTS, AND DISPUTE RESOLUTION) AND APPENDIX 5 OF THIS AGREEMENT,CONTAIN PROVISIONS GOVERNING HOW TO RESOLVE DISPUTES BETWEEN YOU AND COINBASE. AMONG OTHER THINGS, APPENDIX 5 INCLUDES AN AGREEMENT TO ARBITRATE WHICH REQUIRES, WITH LIMITED EXCEPTIONS, THAT ALL DISPUTES BETWEEN YOU AND US SHALL BE RESOLVED BY BINDING AND FINAL ARBITRATION. APPENDIX 5 ALSO CONTAINS A CLASS ACTION AND JURY TRIAL WAIVER. PLEASE READ SECTION 7 AND APPENDIX 5 CAREFULLY.

The Appendix stipulates that both the user and Coinbase willingly relinquish any constitutional and statutory rights to pursue legal action in court and have a trial overseen by a judge or a jury. It’s important to note that arbitration doesn’t involve a judge or jury, and any arbitration court review is subject to very limited scrutiny.

5.4.6 Adverse Media Check

Coinbase makes great efforts to be regulatorily compliant where possible and to ask for rule making where appropriate regulations are absent. Nevertheless, the enforcement actions brought against Coinbase may have adverse consequences on user trading activities on their platform.

One piece of adverse news is related to a class action lawsuit against Coinbase for its alleged misleading business practices. In a ruling on June 23, the United States Supreme Court gave a verdict in favor of Coinbase putting a stop to legal proceedings against the company in two Californian cases. The complainants in the class-action lawsuits contended that Coinbase did not adequately address users’ losses and supposedly participated in misleading advertising. Coinbase appealed to the district courts supervising the cases to nullify them, asserting that users had agreed at the time of account creation to resolve any disputes through arbitration, rather than lawsuits.

The following cases illustrate Coinbase’s vulnerabilities to malicious actions of third parties not having an official affiliation with Coinbase group of entities:

• A sophisticated phishing scam was reported in which a prominent crypto trader almost fell victim. The scam involved social engineering techniques, appearing to originate from a legitimate Coinbase account. The scam aimed to gain access to and drain the trader’s Coinbase account.

• In a similar case, a Coinbase user lost $11.6 million in an alleged scam after receiving a fraudulent notification, which appeared to be from Coinbase, stating that their account had been locked.

Section 6: Risk Management

This section will summarize the findings of the report by highlighting the most significant risk factors in each of the three risk categories: Market Risk, Technology Risk, and Counterparty Risk.

6.1.1 Market Risk

LIQUIDITY: Does the LSD have a liquid market that can facilitate liquidations in all foreseeable market events?

cbETH ranks second in LSD marketshare after Lido stETH, but it is by a large margin. cbETH commands around 11% of the market compared to Lido’s 74.4%. While stETH has ~$600m liquidity across DEXs, cbETH has $44.16m pool TVL in DeFi with 9,501.45 cbETH. Over 97% of cbETH is on Coinbase.

The DefilLlama Liquidity Tool estimates a cbETH>ETH swap size of 9000 cbETH (worth ~$18.1m) would produce a 1% slippage. By comparison, a $300m stETH swap would produce a comparable figure. This ranks cbETH at around 6% of the on-chain liquidity depth of stETH.

cbETH may face greater liquidity challenges in the future. Its fees are the highest of the primary LSD competitors, resulting in consistently lower yields for users. Regulatory scrutiny has caused Coinbase to cease promotional activites or incentive programs to help drive cbETH adoption in DeFi.

VOLATILITY: Has the LSD had any significant depeg event (post merge)?

Following the Shapella upgrade along with some withdrawal demand, cbETH did experience some increased volatility that caused it to trade slightly below its fair value for a brief period. Overall, it has stabilized relative to ETH following the upgrade.

Arriving to the upgrade, Coinbase had warned customers that they “anticipate the Ethereum protocol will take weeks to months to process unstaking requests immediately following the upgrade.” Although withdrawal demand is quite low currently, falling yields or network issues may precipitate large withdrawal demand that cannot be immediately arbitraged.

One advantage of a centralized LSD service is the possibility Coinbase can expedite user withdrawals from the business’s cash flow, potentially averting a withdrawal bottleneck. However, section 1.7(j) of the User Agreement states “Coinbase will not backstop or otherwise intervene to guarantee cbETH liquidity”.

6.1.2 Technology Risk

SMART CONTRACTS: Does the analysis of the audits and development activity suggest any cause for concern?

Custody of the underlying ETH is managed by Coinbase internally, and therefore the smart contract security is significant only for accounting purposes.

The system Coinbase deployed was forked from Centre’s FiatTokenV2_1, which is used with USDC and has significant SC maturity, having been on mainnet for multiple years. The additional contracts introduced with cbETH (ExchangeRateUpdater and MintForwarder) have been audited and have access controls centralized to Coinbase.

DEPENDENCIES: Does the analysis of dependencies (e.g. oracles) suggest any cause for concern?

Because cbETH operations are entirely centralized to Coinbase, the most significant risk to users is counterparty risk involving failure of the node operator, lost or stolen private keys, etc.

Withdrawal times are advertised as a minimum of 27 hours and Coinbase has warned users that in times of high network-wide withdrawal demand, processing times can be in the weeks to months.

Coinbase does have a reliable Chainlink pricefeed available for the cbETH/ETH pair.

6.1.3 Counterparty Risk

CENTRALIZATION: Are there any significant centralization vectors that could rug users?

Coinbase has complete centralized control over the cbETH system and user funds. While ownership of staked ETH remains with the user (as per the User Agreement), Coinbase discloses risks that could cause losses for users.

• Staking involves the risk of slashing. In some cases, Coinbase will reimburse users, but not “if slashing was the result of a hack, your own actions, or a bug in the protocol itself” (source)

• Cyberattacks and security breaches of the platform.

• Theft, loss or destruction of private keys under Coinbase Custody.

• Various economic and regulatory uncertainties could threaten Coinbase as a business, and therefore the continued operation of cbETH.

LEGAL: Does the legal analysis of the protocol suggest any cause for concern?

On June 6, 2023, the SEC Charged Coinbase with operating as an Unregistered Securities Exchange, Broker and Clearing Agency. A complete list of allegations is in the SEC Complaint. Coinbase responded on June 28th with an Answer to the Plaintiff’s Complaint that outlines various defense strategies.

The enforcement actions and regulatory scrutiny generally have apparently caused Coinbase to exercise caution with promoting cbETH for fear it could be considered a securities offering. It is too early to know for sure how the enforcement action will play out, but in the short term it has dampened the growth of cbETH relative to competitors and there is some uncertainty about the future of the product offering.

6.1.4 Risk Rating

Based on the risks identified for each category, the following chart summarizes a risk rating for cbETH as collateral. The rating for each category is ranked from excellent, good, ok, and poor.

• We rank cbETH ok on liquidity because although it ranks 2nd by LSD marketshare after stETH, >97% of liquidity is on Coinbase and an $18.1m on-chain swap produces a similar slippage as a $300m stETH swap.

• We rank cbETH good in volatility because a centralized service provider should be capable of expedited withdrawal processing during times of high demand than a decentralized protocol. This would strengthen the LSB in certain circumstances. However, Coinbase does not claim to expedite withdrawal requests.

• We rank cbETH excellent in smart contracts because the contract architecture is straightforward, managed by permissioned Coinbase addresses, based on battle-tested contracts, is audited, and the contracts themselves do not handle user funds.

• We rank cbETH good in dependencies for having a reliable pricefeed available. A centralized service can be an advantage when managing system accounting, withdrawal processing, and unforeseen network issues (high withdrawal demand, Ethereum network issues, etc.)

• We rank cbETH poor in decentralization because it is a centralized service operated by Coinbase and users are thus exposed to counterparty risk. The User Agreement does offer assurances that users retain legal ownership of their staked ETH. Coinbase does make an effort to reduce centralization of its validators by diversifying across several software clients.

• We rank wstETH ok in legal for recently receiving an enforcement action from the SEC alleging that Coinbase’s staking program constitutes a securities offering. See section 5.4.3 for details. Despite regulatory scrutiny, Coinbase has a long history striving for regulatory compliance and appears prepared with a solid legal basis to defend itself.