Crypto custody has stuck in 2021 | Opinion

Despite significant investment and real technical advancements, today’s crypto custody solutions remain stubbornly anchored in the past. Whether it’s vendors like Web3Auth providing “Wallets as a Service” using multi-party compute or “smart wallets” like Argent—everyone wants it to be easier to custody, recover, and use crypto. And yet, custody still feels stuck in 2021. The reality of adoption has been mostly disappointing.

The convenience conundrum

Traditional finance, despite its flaws, continues to offer unrivaled convenience and peace of mind (at least in middle and high-income countries). Forgot your password? Send a quick reset link to your Gmail. Hit with unauthorized charges? Dispute them with ease and freeze your card through the mobile app.

These safeguards let you engage confidently with the TradFi ecosystem, but they’re virtually absent in the crypto world (outside of risky centralized parties like now-bankrupt Celsius). Managing private keys and securing transactions is complex and unforgiving, demanding a level of tech-savviness that most users simply don’t possess. It’s harder to use crypto than to buy it—which is already hard enough to discourage many people in the first place. The result? Crypto has seen more adoption in gambling than a better version of finance for everyday life that people can use (savings, lending, borrowing).

As the primary access point to crypto, custody solutions need to offer more utility beyond simply holding assets. Users need to feel confident engaging with the DeFi ecosystem.

TVL is not usage

Consider Gnosis Safe, now rebranded as Safe. This platform is the industry leader for controlling funds and making transactions while separating the private key requirements of an account (including even requiring multiple signers to approve a transaction). However, despite having over $100 billion in assets stored within these Safes, their potential remains woefully underutilized.

Over 5,000 Safes are created each month on Ethereum mainnet alone, but these Safes are predominantly used for crypto cold storage rather than active DeFi interaction. These smart contract-based accounts allow users to rotate their keys or have a friend be required to confirm any time these assets are moved.

Ideally, these Safes should become the main way the creator/owners/signers of the Safe interact with DeFi. Over 100 apps (including custom transaction builders and useful DAO tools) exist to make Safes easier to use directly in a standard browser. However, despite these tools, many users still rely on their Externally Owned Accounts—accounts that are secured by a private key and are inherently risky—when interacting with DeFi. Whether it’s buying an NFT on Blur, swapping on Uniswap, depositing to MakerDAO, repaying an Aave (AAVE) loan, or simply sending tokens to a friend, people often create Safes with their EOAs and then continue to use their EOAs—a risky practice firmly rooted in 2021.

The data is telling: excluding raw Ethereum (ETH) (which isn’t an ERC20 token) for Ethereum Mainnet specifically, 99.4% – 99.9% of token transfer volume (in USD terms) happens via a Safe Creator’s EOA, not their Safe! This isn’t just a statistic; it’s a glaring indictment of the industry’s current approach to combining utility and security through crypto custody.

Raw ETH usage may be a positive sign

To put this into a broader perspective, consider how blockchains are used today. Raw ETH, not being a token contract, is typically “wrapped” into Wrapped Ether (WETH) via a 1:1 smart contract to enable it to be more easily used in DeFi. Yet, less than 3% of Ethereum supply is wrapped. A disproportionate amount of activity in crypto is basic peer-to-peer sendings of the native asset, and only a sliver of human-operated addresses actually interact with DeFi protocols.

Unlike DeFi tokens, we do see Safe creators navigating raw ETH via their Safes. Comparing raw ETH transfer volume between Safes and Creator EOAs we not only see an increasing pattern for Safes, but as of May 2024, Safes are seeing more raw ETH usage than the EOAs that created them to the tune of nearly $2 billion worth of monthly volume on just Ethereum mainnet alone.

The path forward: Simplification at the custody, not protocol, level

To be clear, there has been real progress in protecting users since 2021, especially at the wallet layer with projects like Rabby, Rainbow, Coinbase Wallet, and the industry leader Metamask heavily focused on preventing user losses via transaction simulation, approval management, and warnings for potentially malicious contracts. However, these still operate on the framework of users managing private keys that control their funds 1:1.

The industry is experimenting (and investing) heavily in alternatives to this framework, including proposals to: give your account to a smart contract (EIP-3074), turn your account into a smart contract (EIP-7702), abstracting how transactions are themselves created and managed (EIP-4337). These “account abstraction” projects differ in complexity and assumptions and require changes to Ethereum itself.

Striving for widespread consensus on a single, complex, one-size-fits-all solution—such as the notion that “all wallets should simply agree to use the same singleton contract”—is likely a dead end. Instead, the industry should focus on practical UX solutions that can be readily adopted without every app generating an Nth wallet for a user or fiddling (too much) with the inner workings of Ethereum.

The good news is we’re trending in the right direction. More L2s come online every week, lowering the cost of DeFi. The industry is tired of hearing about infrastructure and having more hard conversations on organic user growth instead of airdrop farmers. Apps are launching more mobile native experiences, including integrating wallets as a service and social recovery. The mission for a decentralized, robust, permissionless, censorship-resistant alternative to the modern financial system(s) is alive and well.