Simplifying Self-Custody: Smart Accounts on Kinto

Kinto is an L2 rollup designed to accelerate the transition to an on-chain financial system. It features permissionless KYC and native account abstraction to solve the two biggest blockers to mainstream adoption: security and user experience.


In crypto, finding the right balance between innovation and safety is critical. As more people join the space, there’s a clear need for easier ways to handle digital assets securely. Self-custody is a perfect example. It gives users complete control over their assets, but managing private keys or a 24-word recovery phrase isn’t always straightforward.

Kinto is here to make things better. With account abstraction, we’re making the self-custody process accessible to the many and safer — turning a potentially complex task into something invisible.

This post will discuss the shift from externally owned accounts (EOAs) to smart accounts and what this means for users. We’ll also introduce the Kinto Wallet, which is designed to make dealing with the Kinto blockchain a seamless experience.

🧠 What is a smart account?

To understand smart accounts, we must first understand what an EOA is. An EOA — externally owned account — is just a clever combination of an address or public key and a private key that can cryptographically prove that you are the public key owner. We call this self-custody.

As long as you can remember your private key and keep others from taking it, NO ONE (no bank, no state, no intermediary) can move your assets. However, it also means that if your dog eats your private key or it sinks into the ocean during a boating accident, your assets are locked and lost forever.

The concept of smart accounts is fresh air in the blockchain scene. Unlike EOAs, smart accounts are customizable smart contracts that enable endless features, including personalized security measures, recovery systems and easier asset management. Best of all, it greatly enhances its usability now: the wallets can become invisible. It’s comparable to moving from a manual to an automatic car; the core functionality remains, but the ease of use and added features make the journey smoother and more enjoyable.

The first thing you need to know about Kinto is that all accounts are smart accounts. The network ignores any transaction started by an EOA unless it interacts with one of the key contracts in Kinto’s account abstraction implementation (more on this later).

All of the above means that smart wallets are a core component of Kinto. What are we adding to our smart accounts/wallets?

  • A Wallet Factory:

While we envision different wallet implementations existing in Kinto, the team is deploying the Kinto Wallet Factory — a secure, quick way to create your Kinto Wallet without the need to install extensions or go through lengthy, complex processes. Creating your wallet should take 15 seconds, not 15 minutes.

To create a KintoSmartWallet and make any transactions in the network, you will require a KintoID, the soulbound NFT we explain in detail in our documentation. The NFT is awarded after the user successfully completes the KYC process with one of our KYC partners (SynapsPlaid, or Quadrata). Data is never stored on the Kinto chain. For more information about our user-owned KYC process, read the following blog post.

  • Multi-signature capabilities:

An easy path to safer wallets is to have multi-signature capabilities (similar to a Gnosis Safe). However, having several EOAs required to sign can be incredibly cumbersome.

In Kinto, we are proposing a variety of new signers to this multi-sig scenario that includes web2-like social login systems, passkeys, and, of course, without removing the support for EOAs and hardware wallets for the more sophisticated users.

In addition to this, we are adding device-specific (usually biometrically linked) passkeys.

  • Passkey-based signatures:

Passkeys are a relatively new digital security process aiming to simplify user authentication by minimizing or eliminating passwords. They are born from public-key cryptography (as self-custody is), where a passkey is generated on a device, creating a pair of cryptographic keys: a private key securely stored on the device and a public key shared with the server.


When authentication is needed, the server sends a challenge to the device, which signs the challenge with its private key (ring a bell?) and returns the signature to the server. The server verifies the signature using the public key, thus authenticating the user without a password.

This mechanism can be seamlessly integrated into browsers or devices (and its biometrical systems like face recognition or fingerprint sensors), facilitating a user-friendly and secure authentication process.

  • A KYC-based recovery system for your account:

Finally, the KintoID soulbound NFT system also acts as a signer (with limited capabilities), allowing for account recovery by going through the KYC process again if needed. Details on how this will work and what signers (and how many) are required for different types of transactions will be revealed later, together with the repository for the Kinto Wallet.

We are building on the shoulders of giants — account abstraction.

Having arrived at this point, how is this all possible? The ETH ecosystem has been trying for years to simplify the user experience for end users. Meta Transactions are the Gas Station network was one of the first solutions that achieved sponsored transactions and relative censorship resistance. Recently, a consensus was finally achieved through account abstraction that came to the ecosystem through several EIPs (EIP-2771, EIP-4337, EIP-2938, and EIP-3074), and the ecosystem is quickly developing around it.

While this article does not aim to be a technically detailed description of account abstraction, it is worth understanding how these new features are even possible.


EIP-4337 describes a new on-chain primitive derivative of the transaction called a “user operation.” This new primitive represents transactions where others send them on the users’ behalf (this is the role of the bundler and the EntryPoint in the graphic).

Since bundlers are submitting the transactions on users’ behalf, this opens the possibility for a new party to cover the cost for users if desired. In that case, users are (potentially) not paying for gas; the bundler is. It then passes the bill to another new family of contracts — the Paymasters.

Paying for the party

Paymasters are precisely what they sound like; they pay for userOperations to become transactions as long as they fit the criteria imposed by its code. This process allows for a much easier and transparent UX for the final user.

On Kinto, developers of DApps and protocols will be able to fund their contracts account in the Paymasters and pay for the gas of the transactions initiated by their users. In turn, developers can cover these transaction costs through fees charged on deposits, withdrawals, or other business actions related to their products.

Finishing thoughts:

Everyone on the Kinto team is excited by a future dominated by smart contract accounts. A future where users receive all the benefits of noncustodial accounts without the traditional headaches associated with them. We believe so much in this future that we decided to disallow EOAs from making transactions. This design choice has the potential to bring millions of new users by offering a frictionless UX experience similar to the best fintech experiences such as Robinhood.

Kinto’s launch program, Engen, is now live. You can join and become one of the founding members ahead of our mainnet launch by the end of Q1.

If you share our vision for a secure, open, decentralized financial system, join our Engen Launch here.

🌐 Website | 📚Docs | Twitter | Discord

Subscribe to KintoXYZ
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
This entry has been permanently stored onchain and signed by its creator.