The crypto space has always contended with hacks, exploits, scams and other forms of chicanery. Its advocates, however, have mostly maintained a positive impression of the sector, arguing that blockchain-based assets – borderless, friction-free, absent of intermediaries – are worth the trade-offs.
That positive impression was put to the test last year, when the implosion of several trusted giants of the industry left investors seriously out of pocket. In the case of the biggest – trading platform FTX – $8 billion of customer money was lost, the result of a simple ‘misaccounting’ error according to chief executive Sam Bankman-Fried. Even the most bullish crypto supporter could be forgiven for doubting SBF’s sincerity – and the industry’s capacity to bounce back.
If there is a silver lining to the collapse of FTX and other centralized platforms, it is a dawning awareness among retail investors and even everyday users that funds aren’t safe unless you control them yourself. In other words, rather than leaving your crypto-assets in the ‘hot’ wallet of an exchange – where they can be commingled with other funds and used by the platform to bet on the market – you store them offline, using a self-custody wallet.
How Safe is Your Seed Phrase?
In the wake of FTX, it’s no surprise to see crypto solutions come under the spotlight. After all, they promise to provide customers with greater security and stability, in the process helping them avoid being victimised in the next FTX-type fraud. Those who still have faith in “third-party custody” are asking for trouble.
Even assuming the motivations of the exchange that holds your crypto are pure, there are serious drawbacks to keeping your funds there. These include temporarily losing account access if an exchange goes offline for maintenance; the possibility of being locked out due to a misplaced password; and the risk of your account being frozen due to some unforeseen reason.
Multiple companies are operating in this space, designing solutions that offer both security and functionality. To be sure, the rise of web3 wallets predates FTX – although there’s little doubt the topic has attracted more widespread attention since that catastrophe. These include both hot wallets (those which are connected to the internet) and cold wallets (offline, resembling USB drives), with some requiring you to hold on to your private keys.
If you choose the latter, and are in possession of your own “private keys,” you are in the driving seat: it’s like having the only key to a bank vault. Providing you don’t misplace or mismanage the private keys, there is no prospect of anyone getting into your account or otherwise preventing you from accessing the funds.
Private keys are typically represented by a seed phrase of 12, 18 or 24 completely random words. Some users choose to memorize these words, though most jot them down on a piece of paper they keep in a safe place. (Saving them on any internet-connected device, like a Notes file on a laptop, is a big no-no.) Others go a step further, using cryptographic techniques like Shamir’s secret sharing to distribute the seed phrase among a network of trusted confidantes.
Whatever method you favor, being in charge of your seed phrase is, well, kind of scary. As intimidating as holding the only key to the aforementioned bank vault containing all your savings. It’s a huge responsibility to shoulder. What if you lose the piece of paper, like the Welsh IT guy who famously discarded the drive containing the seed phrase needed to access his bitcoin fortune? What if someone breaks into your home and steals it? What if it’s destroyed by fire or flood? Interestingly, to counter this possibility, some ingenious users punch their seed phrase onto a sheet of fireproof metal.
Seedless Wallet Solutions Have Arrived
Although retaining sole custody of your seed phrase (and therefore your funds) has long been considered the most secure option, well-known Bitcoin developer Udi Wertheimer recently called seed phrases “a cop-out by wallet developers who were too lazy to engineer a secure solution,” adding that users “deserved better.”
If you agree with Udi that seed phrases are too burdensome to have to worry about, what are your options? One name that has been gaining traction of late is ZenGo, a non-custodial wallet that has no seed phrase vulnerability. In place of a seed phrase, ZenGo leverages advanced biometrics and cutting-edge MPC cryptography, meaning anyone can secure their wallet in a matter of seconds from any iOS or Android device. According to ZenGo, accounts are always recoverable thanks to a trio of pioneering technologies: MPC cryptography, an inbuilt web3 firewall, and a 3-factor-authentication recovery model.
Another product that’s enjoyed recent success is Ambire, a seedless, open-source ‘smart contract’ wallet. Over to CEO Ivo Georgiev to explain exactly what that is: ‘When you sign up, two keys get generated: one gets generated on the client side, using your email/passphrase and an extra seed as entropy, and another key is generated on the Ambire backend.
‘For a transaction to be sent immediately, both keys need to sign it. The Ambire backend will automatically co-sign transactions with you, but before doing this it can also perform further security checks: for example, check if the transaction is to a known contract/address, check if it’s over a configurable daily limit, or even enforce 2FA through OTP or email.’
As with ZenGo, the primary benefit here is clear: the user doesn’t have to manage or remember their seed phrase. Account recovery, meanwhile, is possible if you forget your passphrase. With traditional hardware wallets, there is no such thing as account recovery if you misplace the all-important private key. You’re simply out of luck and out of funds.
Whether you decide to stick with a seed phase, go seedless, use an internet-connected mobile or desktop wallet, or continue entrusting a high-profile exchange with your crypto capital, it’s pleasing to know that a number of options are available to you. With every centralized scandal, though, non-custodial solutions will be the beneficiaries.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.