Defining crypto custody in 2023 - Part one
Jose Aguinaga | jjpa.eth 🦇🔊
0x3DFF
January 2nd, 2023

For many years, we have boiled crypto custody into two solutions: self-custodial and custodial. These two are often described as follows:

  • Do you have the private keys of your wallet? Self-custodial.

  • Do you not have the private keys of your wallet? Custodial.

However, the crypto ecosystem has evolved since its conception and can’t longer be simplified into these two categories. The solutions out there are no longer paper aanswersre wallets; we can’t group up all custodial solutions in the same category anymore. New solutions are coming out every day (like hybrid-custody) that are using technology unpopular back in the day (like MPC).

Now that it’s 2023, can we redefine crypto custody? Do we have a better way to evaluate the existing crypto custody solutions out there?

Back to the basics, one token at a time.

We can understand crypto custody as the management of crypto or digital tokens. From generating its underlying cryptographic primitives to handling its day-to-day operations, one can argue that anything that involves touching crypto falls into the category of crypto custody.

However, I would go a bit further and sub-categorize crypto custody into 4:

  • 🔑 Private key/seed management and ownership

  • ⛓ Blockchain node infrastructure and availability

  • 💻 Wallet or signing software and its ability to be extended

  • 🔐 Secure backup generation and verification

These subcategories have qualitative aspects that can help determine how a custody solution implements them. For instance, let’s take “🔑 Private key/seed management and ownership”. Instead of saying, “do you have the private key or not” and a yes or no answer, one can define the following scale:

  • 🔑 Can the keys created in my wallet be exported, and I’m the only one controlling the crypto assets they are managing?

    • 🟢 Keys are created in my wallet and can be exported. Also, I’m the only one that can control the underlying assets they are connected to.

    • 🟠 Keys are not created in my wallet and can’t be exported. However, I’m the only one that can control the underlying assets they are connected to.

    • 🔴 Keys are not created in my wallet and can’t be exported. Furthermore, additional parties can control the underlying assets they are connected to.

We can do the same with the other categories, having a breakdown as follows:

  • ⛓ Can the node infrastructure included in my wallet be updated and changed as needed for me to access other blockchain networks?

    • 🟢 My wallet comes with a default RPC endpoint and allows me to switch to any network I wish, allowing me to interact with the network I want to.

    • 🟠 My wallet comes with a default RPC endpoint, but I can not switch it to any network I wish. It only offers a set of limited networks, if at all.

    • 🔴 My wallet does not come with a default RPC endpoint.

  • 💻 Can I verify my wallet's underlying signing operations with its private key? Can I expand my wallet to add any crypto token I want?

    • 🟢 My wallet’s software is open-source, and I can see how it signs crypto transactions. Additionally, I can extend its code and add new coins.

    • 🟠 My wallet’s software is closed-source but has been audited by a third party to verify it signs crypto transactions correctly. No new coins can be added to my wallet without their original author's permission.

    • 🔴 My wallet’s software is closed-source and has no audits in place.

  • 🔐 Does my wallet provide any backup mechanisms that I could verify myself without the underlying wallet’s software support?

    • 🟢 My wallet generates backups that I can verify and recreate in a separate environment without its original software.

    • 🟠 My wallet generates backups that I can verify only using its provided solution, trusting its ability to do so in the long term.

    • 🔴 My wallet does not provide any backup capabilities on its own and expects me to handle everything myself.

Evaluating crypto custody solutions using the 4-categories

Let’s take one of the most popular solutions in the market out there, MetaMask. I would evaluate it as follows:

  • 🔑 🟢 Keys are created in the wallet and can be exported. Thus, the end user is the only one that can control the underlying assets MetaMask handles.

  • ⛓ 🟢 MetaMask comes with a default RPC endpoint (Infura) and allows me to switch to any network I wish (once onboarded and to some extent).

  • 💻 🟢 The signing software it’s open-source, and tokens to other networks and protocols can be extended (by Snaps).

  • 🔐 🔴 MetaMask gives you no guidance on backup generation and verification. It expects users to write down its seed phrases and store them themselves.

How about a paper wallet?

  • 🔑 🟢 Keys are created only within the context of the wallet, and only the individual generating it controls the underlying assets they are connected to.

  • ⛓ 🔴 Paper wallets come without any infrastructure.

  • 💻 🟢 Paper wallets can compute transactions manually (although I would not recommend it) since they are barebones key or seed.

  • 🔐 🔴 Paper wallets require users to back up and verify them themselves.

Now let’s do mobile wallets.

  • 🔑 🟢 Keys are created within the wallet (usually within a secure enclave or trusted environment) and, in most cases, can be exported. The wallets usually request biometrics for authorizing transactions, ensuring their users are the only ones that can control the wallet’s underlying assets.

  • ⛓ 🟠 The wallet comes with a default RPC endpoint, but it often has limited networks available and can support only what’s designed to (exceptions are MetaMask Mobile and Trust Wallet).

  • 💻 🟠 In most mobile phones, the apps are delivered by a third-party app store (e.g., Apple, Play Store). Verifying the software is not possible, although a third party can usually audit it. Publishing new coins is done through the same process.

  • 🔐 🔴 Most mobile wallets force users to write down their seed phrases and store them themselves. Some exceptions (like Rainbow Wallet) store it encrypted in a cloud provider.

New incumbents like Argent and ZenGo show exciting results.

  • 🔑 🟠 Keys are created within the wallet but require the support of third-party systems (e.g., infrastructure, smart contracts, MPC servers). Both rely on biometrics for authorizing transactions, but don’t “show” the private keys.

  • ⛓ 🟠 Both come with default RPC endpoints and networks but have limited options for changing or supporting new blockchains. ZenGo likely has an easier path to adoption as MPC is blockchain-agnostic.

  • 💻 🟠 As both are mobile apps, they have the exact requirement of a third-party app store (e.g., Apple, Play Store) in addition to requiring their own infrastructure to work. Some components are open-source, and both companies have done audits.

  • 🔐 🟢 Unlike other solutions, Argent and ZenGo have made a backup generation and recovery a core service of their product. Although they have different models, both can verify their backup works by switching phones.

As you can see, not all “self-custody” solutions are made equal. These are only a few in the market, so here’s the breakdown of as many as possible.

The list might be incomplete, and the evaluation might not be correct. Feel free to point out any misrepresentations and missed wallets in the comment section.

Crypto custody is much more than simply holding a private key. Try using one from a paper wallet to do any transactions. I'll wait.
Crypto custody is much more than simply holding a private key. Try using one from a paper wallet to do any transactions. I'll wait.

A note on self-custody.

For now, we have focused only on self-custody, but the 4-categories model can also be used for custodial solutions, which we’ll evaluate in part two. Personally, I’ve always been a fan of self-custody, but I can also see the benefits of (adequately implemented) custody solutions. One of the pieces I enjoyed writing the most was for the Portis team in 2021, which showcased the pros and cons of multiple custody models, including self-custody, hybrid, and custodial solutions.

As described in the section about self-custody, it does not come without its pitfalls, particularly around seed phrases and key management:

(…) A crypto user needs to familiarize themselves with concepts like public-key cryptography, seed words, signatures, and so on. It’s unrealistic to ask every person to back up 24 seed words correctly or buy a metal container for each wallet. Although hardware wallets are good, they still require updating firmware, safekeeping the devices, and following technical instructions.

The main challenge around traditional self-custody is that it forces the user to be their own CISO. This includes generating backups and verifying them alongside day-to-day monitoring, access controls, and logging activities. Most solutions (including hardware wallets) go as far as securely generating your private keys, but that’s about it. For instance, after the downfall of FTX, a rally in favor of self-custody started, particularly for hardware wallets. How many of those wallets had already been misplaced, or were their backups stored in plain text inside some drawer?

There’s a solution for the non-experts and paranoids out there, which we’ll explain in the following article. And believe it or not, it does not include storing them in a centralized exchange in the Bahamas.

Subscribe to Jose Aguinaga | jjpa.eth 🦇🔊
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.
Arweave Transaction
r4o0kDQ-mbwhLkq…r1pSxbsVnrc_e8o
Author Address
0x3DFF5B67231633c…c1D3917074b4E33
Content Digest
ZCW0XSzcVwtNvhn…64TgJZboaMVQzCs