Crypto wallets serve as your gateway to the Web3 world. Choosing the right wallet goes beyond looking for ease of use; it's about making a wise long-term decision. With an evolving landscape of trends and security, it's important to choose a wallet that fits your needs. So, how can you be sure you're making the right choice?
It is essential to know in-depth about the available options and make an informed decision whether you're navigating this terrain for the first time or re-evaluating your existing wallets.
In this blog, we'll dig into all the different wallet types, from the regular ones, such as Seed phrase-based to Smart contract-based and MPC-based. We will start with key concepts and terms necessary to understand these wallets and what they offer.
Account | Address | Keys
A crypto account can be thought of as a traditional bank account, serving as a place to store your asset balance. It has a unique identifier, an account address, which acts the same as a bank account number. It is a 42-character hexadecimal string that starts with '0x'. Just like you share your bank account number to receive a wire transfer, you'd share your Ethereum address to receive tokens or other assets.
In the blockchain world, an account can refer to either Externally Owned Accounts (EOAs) controlled by a user through private keys or Smart Contract Accounts controlled through logic.
When we create an EOA, a unique private key is generated. The public key and the account address are derived from this private key.
We sign transactions using this private key. And anyone in the world can verify that your account address sent the transaction. Check out Andrew Griffith's visual demonstration to see how this works.
Typically, we access our crypto accounts and sign transactions from a crypto wallet. But isn't a wallet the same as an account? Actually not. A crypto account serves as an individual bank account. The wallet is an interface, like a banking app, that provides a user-friendly way to access multiple accounts.
The wallet itself doesn't hold your assets. Instead, it interacts with the blockchain ledger to display your balance and manage transactions. The critical role of a wallet is to manage your private keys, which are essential for signing transactions and proving ownership of your assets.
If someone gains access to your private key, either through hacking your wallet or some other means, you risk losing access to your digital assets forever. So, safeguarding your private keys is important.
Secure those keys!
To safeguard your private key, keep it offline, shielded from fire and water, and out of sight. Just make sure it's not so hidden that you can't find it yourself!
In the world of money, there are always people trying to take yours. Even core developers like Luke Dashjr have faced the hardships of dealing with private keys and losing millions of crypto assets.
This threat is even more severe for founders and builders in the blockchain world. Since they hold funds for their organisation, securing those keys and choosing the right wallets becomes a top priority.
Let’s look at the wallet choices available today and understand their underlying security and key management methods.
Wallet Types
Wallets can be based on either of the two types of accounts: Externally owned accounts (EOA) or Smart Contract accounts.
Let us talk about them one by one.
Seed phrase-based wallets (eg., Metamask, Ledger):
Seed-phrase wallets are a traditional form of Externally Owned Accounts (EOAs). Upon creating this wallet, you'll be given a seed phrase—usually a string of 12 to 24 words that acts much like a login password for your wallet. You can create multiple accounts from one seed phrase, but be careful: if someone else gets access to your word list, they can control all your accounts.
You can choose security over flexibility or vice versa with the two types of wallets available in this category.
Hot wallets (connected to the internet - more available)
Cold wallets (offline - more secure)
You are amongst the 30 million users of Metamask, a very popular hot wallet in this category. Some of you may even be the owner of a Ledger cold wallet.
They are also free to create and relatively easy to use. These are popular amongst Web3 enthusiasts, multi-sig signers (more about that later), and HODLers.
However, This type of wallet is not the best fit for groups or teams. Using a single seed phrase for team access is risky and can compromise security. They also leave a trail on the blockchain, making it easier for outsiders to track your activities.
Custodial wallets
Custodial wallets offer a different approach to asset management. You hand over access to the assets to a third party that holds and stores your assets.
From a legal perspective, a custodian can act in one of two ways:
As a fiduciary (aka trustee/qualified custodian), legally bound to reserve your assets exclusively for you, such as Anchorage Digital or Fireblocks.
As a bank, where your assets are used to generate income with a promise to return them.
These are very easy to use with Web2 type login password and occasionally 2FA. They typically have access to customer support and often implement additional security layers, such as insurance against hacks and fraudulent activities, for asset recoverability.
Exchange-based wallets like Binance and Coinbase are popular amongst novice users getting into crypto assets and traders. However, users are required to trust the custodian. Crypto giant FTX will be known as a high-profile cautionary tale. Many Individuals and teams lost millions of assets when people running FTX co-mingled customer funds locked on the exchange and illegally used them against its own terms of service.
Premium custodian services are also available in the market. These are built for HNIs and Institutions, offer individual segregated accounts, and come at a cost. These typically have high-security measures ranging from MPC-based tech to physically secured cold wallets. You may have guessed that you must go through elaborate procedures to access your assets.
Smart Contract wallets (including multi-sigs)
Smart contract wallets operate differently than traditional wallets because they don't use private keys for account access. Instead, they rely on the logic and rules programmed into a smart contract. For instance, they can include features like "guardians" to help users regain access to their accounts.
Safe (formerly Gnosis Safe) is one of the most widely used smart contract wallets, securing $54 billion worth of assets. Safe allows you to create a wallet using an Externally Owned Account (EOA) and add other EOAs as co-owners. The multi-signature logic is quite straightforward: a transaction goes through only if a predetermined number of Safe owners approve it, after which it gets executed on the blockchain.
While multi-signature accounts like Safe offer enhanced security, they do come with some limitations:
Slow, since approvals happen manually.
Setting up the wallet itself also incurs a cost. This is because the wallet is a smart contract deployed on the blockchain, and deploying such contracts requires computational work that incurs a gas fee.
Given the public visibility of blockchain activities, anyone can observe a multi-signature transaction being organised, raising potential privacy concerns.
Multi-signature is just one feature you can get with smart contract-based wallets. There's a lot more these wallets can do, and new features are constantly being developed. Exciting initiatives like ERC-4337 for account abstraction aim to simplify and enhance the user experience, making it more accessible for the average person.
The Ethereum Foundation recently announced grants for 18 teams to develop projects in this direction to make them more appealing to the masses.
Team-friendly functionalities can also be built as a part of Smart contract wallets, making them convenient for Web3 teams looking for accountability and security.
However, there are some challenges when using them. For instance, you need to set up and maintain a separate Smart contract account for each chain. This means managing and tracking multiple account addresses. There is also a rare but potential chance of losing access to your multi-sig account if a threshold of the Safe owners lose their EOA keys.
Multi-Party Computation (MPC) based wallets
MPC-based wallets offer a fresh take on security for EOA (Externally Owned Accounts). In traditional wallets, safeguarding a seed phrase is crucial. However, MPC-based wallets divide a private key into parts called shards, which collectively complete the key for your account.
Shards can be stored across different devices or accounts. Multiple parties—like your computer, a secure server, and your mobile phone—can collaborate to perform cryptographic operations like signing a transaction, all without ever combining the shards.
Since there's no need for a whole private key to be generated, there's also no single key to lose or be stolen. A single shard is useless for transactions, providing an extra layer of security.
If a shard is lost, it can be easily backed up and restored without compromising the security of the entire account. You can even create new or retire existing shards for a current account.
MPC-based wallets are ideal for teams. They allow threshold-based signing, meaning multiple parties can work together to prepare valid transaction signatures. The actual signing by individual shards occurs off-chain, reducing the workload on the blockchain and saving on transaction fees. Chain-agnostic wallets allow you to use the same account address across different networks, simplifying asset management.
MPC-based wallets merge advanced security with operational ease, providing an excellent option for individuals and teams.
Conclusion
Choosing the right wallet is more than just a matter of convenience; it's a critical step in safeguarding your digital assets in the ever-expanding Web3 universe. From traditional seed-phrase-based wallets like Metamask to advanced options like multi-sigs and MPC-based wallets, the choice should align with your personal or organisational needs.
In our increasingly digital world, security can't be overlooked. Always safeguard your private keys and explore more secure options like multi-sigs or MPC-based wallets for extra peace of mind.
The world of cryptocurrency is continually evolving. This includes innovations in security protocols and wallet features that make interacting with Web3 more user-friendly and secure, leaving you in control of your assets.
At Koshance, we're working on next-level solutions to enhance the wallet experience for Web3 teams. Interested in learning more or sharing your own wallet choice experience? We'd love to hear from you! Feel free to reach out to us on X. (the site formerly known as Twitter).
Thank you for reading. Stay secure!