Are self-custodial wallets truly reliable?
An easier answer is both yes and no.
The term ‘self-custodial’ has a nice ring to it. It exemplifies independence, liberation and true ownership.
Contrary to custodial exchanges, self-custodial wallets allow complete ownership for the users to store their own public-private keys. It means only one thing — 100% ownership and self-custody of your seed-phrases.
Custodial exchanges, despite offering a familiar user experience, come with their own risks of security, theft and losses. A majority of users switch to self-custody these days primarily because of the same reason. Furthermore, they have the freedom to access their funds whenever they like, without having to ask for a third party’s permission to perform or sign any transactions.
In our previous article, we dug extensively into custodial crypto exchanges and the problem statements that ail them. As we end it with a cliffhanger, we now address the future of crypto storage.
But a rather imperative subject to address before is the perpetual existential crisis of user experience in Web3.
Seed-phrases: The wild wild west
Web3 as a larger industry is still evolving. It is nascent and mass adoption is impending. But mass adoption is established only when web3 reaches critical mass, say at least a billion users. For a technology that is as complex as blockchain, it is bound to have equally complex barriers to entry. The most significant one which also happens to be most talked about, is the seed-phrase.
Setting up a crypto wallet conventionally takes about 30 minutes. But that is not the most painful part — it is having to remember or store a seed-phrase that is as long as 12 to 24 words in it.
Paper has been used as a default avenue to store and save the seed-phrase for the longest time.
- If you are very casual about it, it is easier to forget the location of this paper at home, and where it is stored. Besides, there are also the risks of robbery, fire accidents or even natural calamities.
- Insecure locations may include a public or even a private folder on a computer, a document on your phone. If anyone gains access to the seed-phrase, it is very easy to restore your funds on to their hardware wallets.
- The classic phishing attacks are also the perfect bait. Scammers are masters at their own art of tricking you into giving them your seed-phrase by sending out a fake email or social media message. One little slip-up, all your crypto assets are stolen.
According to a survey done by Vault12 on 20 top wallets, 18 offered only one channel to securely backup the seed-phrase — that is to write it down on a piece of paper and store it somewhere. The other 2 also recommended papers, but had an additional capability to generate an encrypted digital copy, which could be stored in a USB device, an offline mobile device or even on Cloud.
Self-custodial wallets are certainly harder to use, despite the liberation that comes along with storing and accessing your own private keys by yourself. Of course, the freedom of not having to rely on a custodial wallet or exchange or any third party to authorize and authenticate your transactions.
But is it tempting enough to go back to custodial exchanges all over again? Is unfamiliar and messy user experience a compelling and strong enough reason to not opt for self-custodial wallets?
No, not necessarily. Here is why.
Enter Multi-Party Computation (MPC).
There is also an option to have the best of both worlds —
- End-to-end ownership of private keys and crypto assets via self-custody
- and, a seamless user experience.
End-users can have a self-custodial wallet which they can own and access completely by themselves, without a centralized custodial exchange or a third party’s intervention. And with Web3Auth’s MPC solution, they can also have a familiar Web2-like user experience which does not require having to use the boring, extremely long and risky seed-phrases at all.
While remembering an extremely long seed-phrase is a pain in itself, having to secure it is a different matter altogether. So why remember it at all when security is a concern? Is there an alternative yet interesting way to recover the end-user’s wallet?
One way to go about this is using smart contract wallets but however, they are expensive to use and not very user-friendly at the moment. They still require a private key to be able to access them. However, another way to offer the best of both worlds is Multi-Party Computation (MPC), coupled with a smart contract wallet.
While MPC is a concept that derived from the 1980s, it found its way into cryptography and cryptocurrency wallets from 2015.
In the context of crypto wallets, under MPC, a user’s private key is segregated into multiple different parts and they are stored across multiple devices. Whenever the need arises to sign a transaction on the blockchain network, these devices are dynamically called, to ‘partial sign’ the transaction which is then further taken to the frontend (the user’s devices) to be able to reconstruct the final signature.
This essentially means that the overall private key is always available to use, but also never stored in a single location.
Upon regeneration of the entire key, it is now used to access and login to crypto wallets, and also sign transactions on the blockchain network. With MPC, private keys are not held by a single party at any given point whatsoever.
Whenever the key is needed to login or sign transactions, MPC is activated to call all the different parties that hold the smaller parts of the private keys. This makes it much harder for the hack, as one would have to hack across multiple locations and devices.
At the outset, MPC ensures three things above all — privacy and security.
In conclusion, if a self-custodial wallet employs MPC on to its architecture, the wallet is now empowered to be truly decentralized. Having to use seed-phrases is no longer a by-default option, but only an additional one. The risks of theft, losses, centralization and authorization by third-party custodial crypto exchanges are safely mitigated.
In the case of Web3Auth MPC that we employ in our architecture, it enables self-custodial wallets to offer two-factor or multi-factor authentication flows to its end-users via options like social logins, SMS OTPs, biometrics.
In short, users now truly have the best of both worlds — end-to-end ownership of private keys and crypto assets via self-custody and a seamless user experience.
MPC-powered Two-Factor Wallets are certainly the need of the hour, considering all the constraints with security risks with custodial exchanges and seed-phrases with self-custodial wallets.
With inputs from the Web3Auth team — Chaitanya Potti, Head of Engineering, and Yashovardhan Agarwal, Lead Developer Relations Engineer.