Criteria: Security, Control, Usability
There is no such thing as “unhackable”. Using that term only invites adversaries. We operate under the belief that any system can be hacked, any hack can be secured, new vulnerabilities will be exposed, and so on; security is a war that must be fought in persistent battles.
A proper wallet product is essential to making cryptocurrency usable, transforming it to real money, and reaching mass adoption. Below we review existing wallet solutions and judge them based on three criteria: security, control, and usability.
We think of security as: the state of being free from theft, hacking, manipulation, and user errors. Control refers to ownership of your crypto, often specified as “custody of your private keys”. In a non-custodial wallet, you own your private keys. In a custodial wallet, someone else owns and manages the keys for you. Custodial is a fair solution for new or amateur users dealing with relatively smaller amounts of assets. In all other cases, custodial is almost always the recommended solution. “Not your keys, not your bitcoin”, so to say.
In our discussion of wallets, we define usability in terms of the medium of exchange property of money and the user experience. In other words, a wallet with good usability will make it easy to carry and exchange digital money for goods and services in the real world.
Overall, we found wallet solutions that provide security and control at various levels, but none that deliver real usability. Here, we affirm efforts of our research, design, and engineering to create a brand new category in the wallet market – the hot hardware wallet, which we simply refer to as hot wallet. Our vision is for this product to foster open development and use of digital assets (i.e. cryptocurrency) as money.
Custodial Web WalletS
A web wallet is one hosted by a third party on the internet. The most common example is a custodial wallet hosted on an exchange. These wallets are relatively easy to use because the exchange will run any nodes or clients for blockchain protocols and also store your private keys for fast access to funds. In terms of security and control, web wallets finish last – they incentivize hackers with the largest possible payouts, take custody of user funds by storing private keys on connected servers, and have a history of being exploited by hacker attacks.
In usability, web wallets provide fast and easy access to funds, but functionality is limited only to online trading and transactions. Furthermore, in the case of a security breach, web wallets have been known to lock up user funds for multiple days at a time.
Web Browser Wallets are starting to appear in several forms, for example: 1) built into the web browser, or 2) as a 3rd party browser plugin. Private keys can be stored in your computer, mobile phone, or the browser itself. This can be a decent way to store cryptocurrency, and it may enable easy access to services like decentralized apps (dApps), but it is still susceptible to the aforementioned attack vectors in any web wallet.
Mobile app wallets can be broken down into three subcategories: custodial mobile wallets, non-custodial mobile wallets, and private mobile wallets.
Custodial Mobile Wallets
A custodial mobile wallet is like a custodial web wallet that runs on the user’s smartphone. Private keys are still managed by a third party, and if the servers are hacked, user funds are at high risk.
Non-Custodial Mobile Wallets
Non-Custodial mobile wallets are similar to custodial mobile wallets, except that the app may store the user’s private keys in the app itself or another location on the smartphone. While smartphones may come with a SE (secure element) chip for encrypting sensitive information, as of the writing of this version of this post, neither Apple nor Android devices allow developer access to the SE chips. Some smartphones do offer “hardware-level encryption”, which provides greater protection from malware and viruses, but does not guarantee SE-level-protection from physical attacks.
Smartphone devices are loosely carried in a pocket, bag, or by hand, and easily lost or stolen. While non-custodial mobile wallets may provide good levels of security and control, they are not the best solution. Usability is often completely absent in these solutions, and when it does exist, we have found its implementation to be below average.
Private Mobile Wallets
Private mobile wallets are like non-custodial mobile wallets but have included privacy as a key feature. Some projects claim to accomplish this through decentralization, while others are said to use algorithms, address hopping, and/or integrations with Tor network. Private keys are typically still stored on the mobile device, so private mobile wallets are exposed to similar security and theft threats as other mobile wallets.
In summary, any wallet that functions strictly as a mobile application can not be considered to achieve the same level of security as more hardened solutions. Furthermore, in terms of usability, the form factor of a smartphone as a black slab of glass can not achieve the standard of user experiences as a device unbundled from the phone and intentionally designed as a physical wallet for digital money.
Desktop wallets are applications that a user installs on his desktop or laptop computer. The main advantage over web or mobile custodial wallets, is that the user maintains control of his private keys. Some implementations require the user to download the entire blockchain, at times reaching sizes of more than 150GB, continually growing, and consequently adding to difficulty for non-technical users.
Desktop wallets run on computers that are connected to the internet – the most common targets for malware and viruses. Therefore, we have found control to be an advantage and security a disadvantage of desktop wallets. Sending and receiving online transactions works well, but face-to-face commerce is not a practical use case for desktop wallets.
Physical vaults may be the most secure way to store cryptocurrency. Like bank vaults, they are largely reserved for custodial storage of large amounts of capital for institutions and high wealth individuals. The process of security is extensive and includes walk-in sized Faraday spaces, modified computer hardware, external storage devices, break-down of private keys into multiple parts, physical backup of private key parts, transport of physical backup assets to multiple locations, secure storage of backup assets, and destruction of remaining computer hardware. Security is maximized. Control is transferred to a highly trusted party. The main trade-off is usability. Digital assets can take 24 to 72 hours to access, and physical vault custody is not intended for daily use by everyday people.
Cold Storage Hardware Wallets
Cold storage hardware wallets are the closest option to a physical vault for the average citizen. They are primarily used for security and control of a user’s private keys offline, as “offline” is considered less hackable than “online”. Although sometimes cold storage wallets can come in the form of paper wallets or a USB drive, they are best known in the form of a cold storage hardware wallet, like Ledger, Trezor, and KeepKey.
While security and control are benefits of cold storage hardware wallets, these solutions do not provide adequate usability. The unboxing and setup process can be cumbersome, requiring hundreds of clicks. Once setup is complete, the user can access his funds by plugging the device into a computer and interacting with a desktop application, but this is limited functionality. If the ability to carry and transact with other users in the real world is our benchmark for usability, then cold storage hardware wallets fail.
Furthermore, in order to transact, the cold storage hardware wallet must connect to an online computer. This opens additional attack vectors and may negate some benefits of cold storage altogether.
USB Stick Wallet
Opendime is a small USB stick that allows you to physically transfer Bitcoin by passing it from one person to another. This offers a great level of control over a unique private key. However, the level of security is only as good as the user can maintain. If the stick is lost, funds are lost. If the stick is destroyed, funds are unrecoverable.
Opendime does offer some real world usability, as you can send funds to it and hand it to another person. This is a step in the right direction, and the level of usability relative to other players in the crypto space is good. However, by design, when the user cashes out his assets on the USB stick, the private keys are revealed and the stick becomes worthless. This may be good for medium sized, infrequent, face-to-face transactions; but for everyday use interacting with multiple merchants, it can not be considered to achieve continuous usability. You would literally need hundreds of usb sticks.
Hot Hardware Wallets
The hot hardware wallet or simply hot wallet is a new model. It is inspired by the best features of all evaluated wallet solutions and offers the greatest achievement of packing together our criteria of security, control, and usability into a single product offering.
This writing has provided a broad overview of current wallet solutions. In future writings, we will dive deeper into discussions of the hot wallet solution and our vision of building the greatest wallet on the planet. Please, stay tuned.