While wallet security has been one of the biggest issues for crypto owners for a decade now, an emerging solution may be the best option on the table yet, suggested Vitalik Buterin.
“Wallet security issues have been a thorn in the side of the blockchain ecosystem almost since the beginning,” said the Ethereum (ETH) co-founder, but there might be a better solution available now. There’s “an emerging better alternative: a newer type of smart contract wallet called a social recovery wallet,” argued Buterin in his January 11 blog post.
Problem: Buterin laid out arguments to show how serious the security issue is in the Cryptoverse, providing examples of people losing their private keys, as well as tens of thousands of bitcoin (BTC) in hacks and theft, which would be worth a billion dollars per today’s prices. Per an analysis, a whopping BTC 1,500 (USD 52.3m) may be lost every day, “over the years adding up to as much as 20% of the total supply,” he said.
Existing solutions: Over the years, wallet solutions like paper, hardware, and multisig have been created, but these were cumbersome or difficult to use, disrupting and/or preventing adoption. Hardware wallets, though “a significant improvement”, are susceptible to supply chain attacks, and a single point of failure is still an issue.
New solution: What is needed is a wallet design that satisfies these three criteria:
- no single point of failure,
- maximum ease of transacting,
- and not requiring users to learn strange habits or exert mental effort to follow certain patterns of behavior.
A social recovery system, said Buterin, has a single “signing key” that can be used to approve transactions and add/remove “guardians”, and it has a set of at least three “guardians” of which a majority can cooperate to change the signing key of the account.
The social recovery wallet is used as a regular wallet, with users signing messages with their signing key and each transaction moving with a single confirmation click. The social recovery functionality would kick in if a user loses their signing key. They can then reach out to their guardians via a website and ask them to sign a special transaction to change the signing pubkey registered in the wallet contract to a new one.
This is not a betrayal of the values of the blockchain and crypto industry by going back to trusting people, argues Buterin, but rather “an expression of ‘crypto values'” by giving people more choice, instead of removing all trust.
Currently, Argent and Loopring are two popular wallets that have implemented social recovery.
Meanwhile, Bitcoin developer Udi Wertheimer commented that the post doesn’t present a new concept, but that it’s “a good overview of the motivation and challenges.” He said he “like[s] that *some* of the benefits of hardware wallets are achieved without needing to get one,” but also argued that one thing bitcoiners seek to achieve with advanced multisig setups is skipped.
This does skip one thing bitcoiners seek to achieve with advanced multisig setups: protecting against vendor-specific vulnerabilities.
Constructing the vault portion with BTC is challenging but not impossible, and taproot could make fees manageablehttps://t.co/xNzbXqNiu0
— Udi HaveFunStayingPoor.com (@udiWertheimer) January 11, 2021
Crypto Security in 2021: More Threats Against DeFi and Individual Users
Seedless Wallets Want to Make Bitcoin More User Friendly
Blockstream Debuts Open-source Hardware Bitcoin Wallet
Can Someone Guess My Crypto Private Key?
A Bitcoin Multisig Primer: How Does it Work & What You Need To Know
Your Bitcoin Brainwallet Can Be Swept Even Without Reading Your Mind