Here come the wallets: Centralized encryption fears lead to an arms race for custody solutions


Tthe crypto space has always struggled with hackers, exploits, scams, and other forms of swindling. However, its advocates have mostly maintained a positive impression of the industry, arguing that blockchain-based assets – borderless, frictionless, without intermediaries – are worth the trade-offs.

This positive impression was put to the test last year when the collapse of several trusted industry giants left investors seriously out of pocket. In the case of the largest trading platform, FTX, $8 billion of client money was lost due to a simple accounting error, according to CEO Sam Bankman-Fried. Even the most up-and-coming crypto supporter could be forgiven for doubting SBF’s sincerity – and the industry’s ability to recover.

If there is a silver lining to the collapse of FTX and other centralized platforms, it is the awareness among retail investors and even everyday users that funds are not safe unless you manage them yourself. In other words, instead of leaving your crypto assets in an exchange’s “hot” wallet – where they can be mixed with other funds and the platform used to bet on the market – you store them offline using leverage. wallet.

How secure is your seed phrase?

After FTX, it’s no surprise that crypto solutions are coming into the spotlight. After all, they promise to offer customers better security and stability, which will help them avoid being victims of the next FTX-style fraud. Those who still believe in “third party custody” are asking for trouble.

Even assuming the motives of the exchange holding your crypto are pure, there are serious drawbacks to holding funds. These include temporary loss of account access if the exchange goes offline for maintenance; the possibility of being locked out due to an incorrect password; and the risk of your account being suspended for some unexpected reason.

Several companies operate in this space, designing solutions that offer both security and functionality. It is certain that the rise of web3 wallets pre-dates FTX – although there is no doubt that the topic has gained wider attention since that disaster. These include both hot wallets (connected to the Internet) and cold wallets (offline, similar to USB drives), some of which require you to hold on to your private keys.

If you choose the latter and own your own “private keys”, you’re in the driver’s seat: it’s like having the only key to a bank vault. If you don’t lose or mismanage your private keys, no one can access your account or otherwise prevent you from accessing your funds.

Private keys are typically represented by an initial phrase of 12, 18 or 24 completely random words. Some users prefer to memorize these words, although most write them down on a piece of paper that they keep in a safe place. (Saving them on any Internet-connected device, like a Notes file on a laptop, is a big no-no.) Others go a step further, using cryptographic techniques like Shamir’s secret sharing to distribute the initial sentence to a network of trusted confidants. .

Whichever method you favor, deriving your seed sentence is kind of scary. As terrifying as holding the only key to the aforementioned bank vault containing all your savings. It’s a huge responsibility on your shoulders. What if you misplace a piece of paper, like the Welsh IT guy who famously discarded the disk containing the initialization needed to access his bitcoin fortune? What if someone breaks into your home and steals it? What if it is destroyed by fire or flood? Interestingly, to combat this possibility, some ingenious users stamp their seed sentences on a refractory metal sheet.

Seedless wallet solutions have arrived

While retaining sole control of your seed phrase (and therefore your funds) has long been considered the safest option, renowned Bitcoin developer Udi Wertheimer recently titled seed phrases “violence by wallet developers who were too lazy to design a secure solution,” adding that users “deserved better.”

If you agree with Udi that seed clauses are too heavy to worry about, what are your options? One name that has gained popularity recently is ZenGo, a non-freedom wallet with no seed phrase vulnerability. Instead of seeding, ZenGo uses advanced biometrics and state-of-the-art MPC encryption, meaning anyone can secure their wallet in seconds from any iOS or Android device. According to ZenGo, accounts are always recoverable thanks to three pioneering technologies: MPC encryption, built-in web3 firewall and 3-factor authentication recovery model.

Another recent success is Ambire, a seedless, open source “smart contract” wallet. CEO Ivo Georgiev explains what exactly that means: “When you log in, two keys are generated: one is generated client-side using your email/password and an extra seed as entropy, and the other key is generated by the Ambire backend.

“In order for a transaction to be sent immediately, both keys must sign it. The Ambire backend automatically signs transactions with you, but before doing this it can also perform additional security checks: for example, checking if the transaction is to a known contract/address, checking if it exceeds a configurable daily limit, or even enforce 2FA via OTP or email.

As with ZenGonk, the primary benefit is clear: the user does not need to master or remember their seed phrase. Account recovery is possible if you forget your password. In traditional hardware wallets, there is no such thing as account recovery if the all important private key is lost. You are simply unlucky and run out of money.

Whether you decide to stick with the seed stage, go seedless, use an internet-connected mobile or desktop wallet, or continue to trust a high-profile exchange with your crypto capital, it’s nice to know that there are several options available to you. However, with each centralized scandal, non-custodial sentences benefit.

The views and opinions expressed herein are those of the author and do not necessarily reflect the views of Nasdaq, Inc.


Leave a Comment