The collapse of FTX, a prominent cryptocurrency exchange, in November 2021 sent shockwaves throughout the crypto world, raising serious concerns regarding the security of existing wallet solutions. As the field of cryptography continues to advance, the wallet ecosystem has witnessed significant expansion, offering a diverse range of options to cater to the needs of individuals, DAOs, and institutions.
Individual users seek wallets that provide a seamless user experience, low transaction fees, and flexibility when interacting with decentralized applications (dApps). Meanwhile, DAOs require wallets with transparent gold management and active participation in ecosystem governance, while institutional users prioritize features like chain ignorance, auditability, and institutional-grade security.
Notably, smart contract wallets and multi-party computation protocols (MPC) have made remarkable strides in bolstering the security of cryptographic assets while addressing user requirements.
In this article, we will delve into popular wallet types, including EOA wallets, MPC wallets, hardware EOA wallets, and AA wallets, conducting a thorough analysis of their respective strengths and weaknesses, in order to assist users in selecting the most appropriate wallet for their specific needs.
The Popularity of EOA Wallets:
Among the various wallet types, EOA wallets have gained significant popularity in the crypto community. These traditional wallets rely on mnemonic and hierarchical deterministic structures to generate private keys, corresponding public keys, and blockchain addresses. EOA wallets offer users the ability to generate private keys for transaction signing and facilitate key recovery through the use of memos. The convenience and user-friendly nature of EOA wallets have led to millions of users adopting them, with browser extensions like MetaMask becoming a prominent part of this ecosystem.
Source:EOA Wallet
Advantages of EOA Wallets:
EOA wallets, such as MetaMask, offer several advantages that contribute to their widespread adoption:
●Seamless User Experience: Traditional EOA wallets excel in providing a seamless user experience, particularly when interacting with decentralized applications (Dapps). Users can easily connect their wallets to various Dapps without the need for extensive technical knowledge or complex setup processes. This convenience has contributed to the popularity of EOA wallets among crypto enthusiasts.
●Easy Usage: EOA wallets, including popular options like MetaMask, are designed with user-friendliness in mind. Generating and importing private keys is relatively straightforward, simplifying the wallet setup process. This ease of use eliminates potential barriers for new users and encourages wider adoption within the crypto ecosystem.
Source :The most popular crypto wallet in the world, MetaMask
Disadvantages of EOA Wallets:
Despite their popularity, EOA wallets have a few notable drawbacks that users should be aware of:
● Risk of Losing Memos: One of the inherent risks of EOA wallets is the potential loss of private keys. If the private key is compromised or leaked, it exposes the associated assets to the risk of theft. Unfortunately, there are limited recovery measures available once a private key is compromised, making asset security a crucial concern.
● Vulnerability to Hacking: EOA wallets, by their nature, require real-time online connectivity. This exposes them to potential security threats, particularly phishing attacks. Users may unknowingly click on malicious links, leading to the loss of private keys and subsequent compromise of their assets. While the Mac ecosystem may offer slightly more security, the Windows ecosystem is generally considered more susceptible to such attacks.
● High Learning Curve: EOA wallets can pose challenges for users who are new to blockchain technology. The use of human-readable public key addresses, such as the "0x" format, may seem abstract and unfamiliar to individuals without a solid understanding of basic blockchain concepts like private keys and memos. This can create a learning curve for newcomers, potentially hindering their understanding of fundamental security practices.
Self-proclaimed as the most secure cold wallet
A cold wallet, also referred to as an offline or static wallet, is a type of wallet that operates without an internet connection. It remains disconnected from the network and doesn't update blockchain data in real time. Among the popular choices for cold wallets are Ledger, Trezor, and Ellipal.
These wallets prioritize security and aim to provide users with a robust and reliable storage solution for their cryptocurrencies.
Source : Cold Wallet Ledger Nano S Plus
Advantages:
- Complete Control over Private Keys: With this cold wallet, users have full control over their private keys. This principle is widely recognized in the cryptocurrency community, emphasizing the importance of owning and managing one's keys. By having exclusive control, users can mitigate risks associated with relying on centralized exchanges or platforms. The FTX fiasco serves as a reminder that even major exchanges can face situations where asset withdrawals become impossible, highlighting the need for independent control over private keys.
- Private keys don't touch the network: Since decentralized wallets are always online, private keys and mnemonic phrases are more easily stolen by hackers. Hackers typically attack by intercepting the clipboard or enticing users to input their passwords on phishing websites. In contrast, hardware wallets store private keys locally, eliminating the risk of private key theft.
Disadvantages:
- Risk of loss: Just as with any item, things can be lost. Cold wallets are no exception.
- Poor user experience: In today's increasingly diverse user strategy, the time required for cold wallet transactions is an overly pure method in the current cryptocurrency price is so unstable.
- Fast iteration of hardware wallets: Every day, new "safest and most convenient" cold wallets are born, so who is right?
- Backdoor risk: For example, the leading Ledger hardware wallet recently experienced a forced upgrade fiasco. The firmware update could directly upload user keys to three centralized servers. In fact, the Ledger hardware wallet is completely centralized, and the transparency is almost 0. In addition, the Ledger hardware code is not open source, and its transparency is almost zero.
- Production vulnerabilities: Apple, Samsung and other large-scale manufacturers' mobile TEE security is much higher than that of hardware wallets, and production facilities are used to ensure that no vulnerabilities exist. However, hardware wallets are produced in complete secrecy, and the risk of production cannot be ignored.
MPC wallet--Which is not that "crypto" as others
MPC (Message Processing Circuit) wallets use a Turing complete state machine to verify transactions and manage private keys. They are often used to implement DAO token management and governance. Unlike traditional wallets, MPC wallets do not require users to manually manage private keys. Users can define and manage token issuance, transfer, and management functions through a smart contract written in a programming language. Currently popular MPC wallets include Lit, Qredo, and ZenGo."
Source:MPC Wallet
Advantages:
- No single point of failure: A complete private key is never centralized on a single device, and there are nomnemonic phrases.
- Adjustable signature schemes: The number of approves can be adjusted dynamically for individual and organizational needs while maintaining the same address. Organizations can adjust their signature scheme in real-time without having to inform their transaction opponents of a new address each time.
Disadvantages:
- Over centralization: Signatory authorization policies and approver counts are managed off-chain, so these custom rules can still prone to centralization issues.
- Incompatibility with many traditional wallets: MPC algorithms have not been standardized, and currently few traditional users adopt MPC.
AA Wallet - Smart Multi-Signature Wallet
Smart multi-signature wallets are a type of wallet that requires multiple private keys to sign transactions. They are typically composed of a main private key and one or more child private keys. The main private key is responsible for managing the wallet's ownership and transaction permissions, while the child private keys sign and verify transactions.
Advantages:
- No single point of failure: Transactions can only be executed with multiple signatures.
- Implement complex operations: Users can define different policies ,like set time locks and spending limit. By executing automated contract transactions through smart contracts, we can achieve more convenient and secure cryptocurrency transactions
- Recoverable: The wallet can provide several options to recover the funds back to the smart contract itself.
- Accountability on chain: The on-chain signature authorization strategy and aggregation can clarify which keys are used to sign transactions, making the operation more transparent and direct. This can be used to audit who participated in transactions in case of errors
Disadvantages:
- Higher fees: Smart multi-signature wallet fees are typically higher than normal single-address transactions because multiple signatures are required to execute transactions.
- Insufficient user consensus: Currently, there is not enough user consensus around smart multi-signature wallets.
- Development in early stages: The smart wallet ecosystem is still in its early stages, and developers are making positive exploration and contributions in this area. Currently, some projects are already deploying them to the market.
Echooo: The First Self-Hosting Multisig Wallet on The Crypto Market
Echooo provides two types of wallets: the EOA wallet and the smart multisig (valut) wallet. The EOA wallet generates a wallet private key, but unlike traditional wallets, it does not require users to store the private key using a password. The private key is encrypted using an algorithm and the encrypted file is stored on the cloud server instead. It also has the functionality of MPC (Multi-Party Security Computing) capabilities, multi-signature, and social recovery mechanism.
The valut wallet has a higher level of security. Even if the account is hacked, the transactions can only be made with the approval of multiple people, ensuring that user assets do not lose. Both can register new accounts and recover the wallet using social recovery mechanism, and Echooo does not require any passwords.
In the future, multi-signature and social recovery will be seen as a perfect manifestation of the principle: each participant has the ability to accept or reject transactions, but no one can singly control the funds. Compared to situations where funds must be singly controlled by one person or a single key, this more complex construction logic is more reliable in terms of security.
https://medium.com/1kxnetwork/wallets-91c7c3457578
https://learnblockchain.cn/article/3938
https://wupeaking.github.io/learn/solidity_mutli_sign/
https://wiki.gear-tech.io/docs/examples/multisig-wallet/
https://twitter.com/starzqeth/status/1592142515892649985?s=20&t=EU-DZIiNlRX1KOzlJ1IuNA
All Comments