Abstract:

In 2010, Ethereum founder Vitalik Buterin had a Warlock account in World of Warcraft. One day, Blizzard decided to nerf the Warlock class and removed the spell damage component of the Life Drain spell. He cried himself to sleep and on that day realized the horrors of centralized servers, so he quit and created the decentralized network Ethereum. In November 2022, the world’s largest derivatives exchange, FTX, was exposed for misusing user funds, and its founder, SBF, was arrested by the Bahamian police and is awaiting trial in the United States.

From the Warlock player who was inexplicably backstabbed by Blizzard 13 years ago, to today’s FTX users who are fighting for their rights, we are increasingly aware of the importance of the phrase “Not your key, not your coin”: Even with third-party auditing/regulatory agencies, centralized servers can still arbitrarily alter and whitewash data, while on decentralized networks, the blockchain ledger is transparent and cannot be altered, as long as we have the private key for our own account, we have absolute control over our personal assets.

As individuals living in the crypto space, we are the primary custodians of our personal assets. When most users choose a blockchain wallet, the crucial trade-off is: “How much risk and responsibility am I willing to bear for my assets?” Taking traditional financial institutions as an example:

Returning to Web3, there are two ways to store assets in Web3: custodial wallets and non-custodial wallets. Before we delve into these options, it’s important to have a brief understanding of how blockchain wallets work:

Wallets and Private Keys

The process of generating an account is the same as creating a private key. On Ethereum, there are two types of accounts: EOA accounts (External Owned Accounts) and contract accounts (smart contracts deployed on the chain by EOA accounts):

The Security, Ease-of-Use, and Censorship-Resistance of a wallet.

A wallet is essentially a tool for 1. creating a private key, 2. safeguarding the private key, 3. using the private key, 4. backing up the private key, and 5. recovering the private key.

Currently, the most popular method for private key backup/recovery is the mnemonic phrase, which is a combination of 12 or 24 words that appear when the wallet is registered.

As the singular means of interaction with the blockchain network, it falls to us to safeguard our wallet’s private key and mnemonic seed phrases. While generating one’s own address through the SHA256 algorithm via an offline environment is the most secure method of creating an account, this option is impracticable for the overwhelming majority of users due to the high technical barriers it presents. Thus, in choosing a wallet, users should consider three essential factors: security, ease of use, and censorship resistance:

There are two main types of wallets: non-custodial wallets and centralized custodial wallets.

Overall, in custodial wallets, the project party holds the mnemonic seed phrases in custody and the threshold for registering and recovering the wallet is low. However, the security of the wallet depends on the project party rather than the user themselves, and the project party has actual control of the wallet. In non-custodial wallets, the mnemonic seed phrases are in the hands of the user, and the threshold for registering and recovering the wallet is high, but the security and censorship resistance are both very high.

Drawbacks of the mnemonic seed phrase

As Web3 continues to evolve and more needs and use cases emerge, the on-chain ecosystem is thriving, particularly in the wake of the 2021 Defi Summer which saw a large influx of users migrating their assets from exchanges to the chain. As of March 2022, MetaMask’s monthly active user base had reached 30 million.

However, mnemonic seed phrases, the current most mainstream account recovery scheme, have also become a primary target for hackers. For the ordinary user, the most common instance of wallet theft is the copying of mnemonic seed phrases from the clipboard or the theft of private key files stored locally through phishing websites.

Continuing with Metamask as an example, hackers can obtain saved mnemonic phrases and private keys in two places:

Therefore, the security of Metamask depends on the security of Chrome. If a hacker successfully penetrates Chrome’s firewall, they can obtain the user’s address private key and transfer all assets. This is also why hardware wallets are more secure than plugin wallets like Metamask.

Beyond Metamask, some non-custodial wallets lack, such as the Slope wallet on Solana being hacked: Slope’s mobile app sends the mnemonic to their Sentry server through TLS when creating the Phantom wallet, which is then stored in plaintext, meaning anyone with access to the Sentry server can access the user’s private key.

Aside from this, there are more wallet security incidents worth reflecting upon.

EOA Accounts being Stolen

The cause of the theft of Shen Bo’s wallet was the leakage of mnemonic phrases, and the wallet used at the time of the theft was Trust Wallet. The stolen amount included approximately 38.23 million USDC, 1,607 ETH, 720,000 USDT, and 4.13 BTC.

     2. In 2018, hackers were able to gain access to the Bitcoin wallet of renowned Bitcoin investor, Karl Welchez, through social engineering techniques, transferring the assets to their own account.

Smart Contract Accounts Being Hacked

According to Slowmist’s investigation report: The hacker address (0xf358..7036) had already obtained the private key privileges of ParaSwap Deployer and QANplatform Deployer. The hacker extracted $1000 from ParaSwap Deployer and transferred it to the QANplatform Deployer address as a test. After analyzing 0xf358..7036 with the AML platform, we found that the hacker also stole The SolaVerse Deployer and many other fancy addresses. As of now, the hacker has stolen more than $170,000.

      2. The Ronin bridge was attacked in March of this year, resulting in a loss of 17.36k ETH and 25.5m USDC

The hacker fabricated a nonexistent company, used LinkedIn and WhatsApp to contact Axie’s senior engineer, lured him with a new job opportunity, arranged an interview, and finally offered a generous package, but the offer document was toxic, successfully infiltrating the Axie system and stealing the engineer’s EOA address private key for contract deployment.”

In addition to being a primary target for hackers, mnemonic phrases also serve as a high barrier for entry for new users of Web3.

The mere act of safeguarding a sheet of paper with 12 words written on it is inherently untrustworthy and un-Web3-like. We look forward to a future living in the metaverse, but the security of our accounts relies on a piece of paper invented during the Song Dynasty. As such, these two steps are enough to discourage most Web2 players, as most registration processes in the Web2 world can be logged into with a single click using a Google or iOS account.

The Recovery of Accounts without Mnemonic Phrases

To reduce the barrier to entry for wallets and encourage more users to adopt Web3, we need to implement login systems that are similar to those used in Web2, but without compromising the security or censorship resistance of the wallet. To this end, it is necessary to develop more convenient and secure methods of account recovery. Currently, all discussions point towards one solution: recovery without mnemonic phrases. There are currently two approaches to implementing mnemonic-less recovery: MPC and Social Recovery function.

MPC — Multi-Party-Computation

MPC scheme creates private key fragments through multi-party computation when creating an EOA wallet. In 2019, the paper “Two-Party Elliptic Curve Digital Signature Based on Secure Multi-Party Computation” was published at CRYPTO 2019, officially bringing the implementation of MPC into the public’s view. MPC stands for Secure Multi-Party Computation.

MPC scheme ensures that no complete private keys appear during the creation, usage, storage, backup, and recovery of the account through multi-party generation/holding of private key fragments and the “t out of n” TSS threshold signature scheme, achieving higher convenience than single-point generated/held private key wallets such as MetaMask in terms of security and censorship resistance.

Social Recovery Function

Social recovery function is deployed on a smart contract account. A smart contract wallet can be understood as a contract deployed on the chain by an EOA account to manage funds and is similar to a regular smart contract. The EOA wallet of the deployer has control over the smart contract.

Two years after the EIP-2929 proposal, in 2021, Vitalik first proposed a case of social recovery wallet application on the forum:

However, in terms of the security of the private key, it does not reach the level of an MPC wallet:

MPC vs. Social Recovery: Security, Ease-of-Use, Censorship-Resistance

The future of the Mass Adoption: Web3 Wallet

Now that we have mnemonic-less account recovery schemes, we can expect the next generation of Web3 wallets to be ones that can be registered and logged in with an email. In this analysis, we will compare two representative projects: MPC wallets and account abstraction wallets, both of which have achieved a low threshold for user access with mnemonic-less schemes.

Bitizen

Among the MPC wallets, Bitizen, which has thoroughly achieved both convenience and resistance to censorship, uses a 2/3 TSS scheme. Let’s analyze its security and resistance to censorship:

Security

Censorship Resistance:

A 2/3 TSS scheme gives the user absolute control over their wallet (with 2/3 of the private key fragments in their possession), even if Bitizen goes bankrupt or runs away, the user can still exercise control over their wallet.

Unipass

Unipass, an abstracted wallet, combines the benefits of smart contract and MPC (Multi-Party Computation) wallets in order to:

Ease-of-Use to High Applicability

Ease-of-Use wallets are not the end of the wallet application, and there is still some distance between the current Web3 infrastructure and traditional Web2 finance. Visa’s automatic debit and regular automatic payment functions bring great convenience to users, but they are still somewhat difficult to implement on Ethereum. The Abstract Account may be the next high-applicability blockchain wallet narrative: Visa released an article “Auto Payments for Self-Custodial Wallets”, exploring the use of the Abstract Account wallet Argent to implement automatic programmable payment on the StarNet network, allowing users to automatically pay with self-custodial wallets without signing each transaction. But how does the Abstract Account wallet actually work? This concept has actually been around for a long time.

Account abstraction: From EIP-2938 to EIP-4337

As EIP-4337 was proposed, the topic of account abstraction has returned to the forefront. Social recovery and account abstraction (using smart contracts as EOA wallets, i.e., account abstraction) were proposed as early as EIP-1271 and have been implemented by wallets such as Argent on Layer2 networks like StarkNet. So what sets the recent EIP-4337 proposal (account abstraction) apart?

From EIP-86 in 2015 to the current EIP-4337, the core idea among developers has been “contracts as wallets”. Account abstraction allows users to interact with the mainnet in an intuitive way and gives them precise control over the key permissions of their accounts. Since the code of EOA accounts is fixed, it is difficult to add modular or functional design elements to EOA wallets such as batch transfers or social recovery. Therefore, a breakthrough has been sought in smart contracts. The proposal most similar to EIP-4337 is EIP-2938, which also defines a new smart contract operation protocol, but requires modification at the consensus layer, making it difficult for developers to maintain. The main innovation of EIP-4337 is that the mainnet does not require a protocol change at the consensus level.

Use cases

Embracing the Future of Web3

It is a well-known fact that while the number of Web2 users has reached 4.8 billion, the number of Web3 users has only recently surpassed 100 million in 2022. We are still in the early, pioneering stages of blockchain development.

“What level of risk and responsibility am I willing to take on for my assets?” Is it possible to have a wallet that is both secure and doesn’t require me to remember my private key? It has always been a question posed by traditional VCs: “Is there a scenario where only Web3 can do something that Web2 can’t?” We believe that Web3 wallets are one example that contradicts traditional Web2: only in a decentralized Web3 network can we expect a wallet that satisfies censorship resistance, security, and user experience, where users neither bear the risk nor the responsibility. Such a wallet is also an important foundation for the 47 billion Web2 users to embrace the future of Web3: the wallet is not only the first entrance to Web3, but also the foundation for the development of on-chain domain names (such as ENS), soul-bounded tokens, and decentralized identifier reputation systems. Without a secure wallet environment, the building of Web3 lego will have no solid foundation.

We need to more seriously consider that there are few opportunities to “fire” in a bear market. MPC gives us a glimpse of the future of EOA wallets that are more user-friendly and secure and is adaptable to all current EVM chains. The integration of smart contracts into dApps still has a long way to go, and the social recovery plan currently looks inadequate. However, the potential of smart contracts for the future is exciting. We are faced with the question of who to bet on, and we will put forward this answer with our money. 2022 was a dark year for cryptocurrencies, but we still believe that the future is bright. We are the awakened warlocks in the World of Warcraft, and we hope to create a world where no one can take away our lifesteal (unless a proposal passes with a vote 😠).

Disclaimer: Part of this article is based on an interview with Winson, CEO of Web3 Wallet Bitizen. Bitizen is one of Redline DAO’s Portfolios. We would like to thank Bitizen and Winson for their support for this article.

Reference