Crypto wallets have never been so hot, even the cold ones.
ETH Denver made it very clear: Crypto wallets will be *everywhere*. Half the conference sessions were about wallets and the proverbial “next billion users in web3”. There even was an entire side conference, only dedicated to wallets.
Lately, it really feels like everyone wants to become a wallet.
But there is confusion: Wallets take different shapes and forms and too often are put in the same basket, hiding critical differences and properties.
Today we want to analyze two essential categories: Personal and embedded wallets.
To put doubts aside: We are excluding custodial wallets from this discussion. Custodial wallets should not be called wallets in the first place. They are nothing less than good old banks. They custody and control users’ assets “off chain” and are unconnect-able as such on-chain with web3 apps.
Crypto was born and raised with personal wallets: Software, hardware, or browser extensions users chose to set up for their own needs.
Embedded wallets, for reasons we will explain, have grown lately as a standalone category. They are invisible, non-custodial wallets created on the fly specifically for a blockchain app as opposed to traditional personal wallets that are agnostic and external to that particular app but can be connected to it.
Let’s analyze what it means for the users, the app developers, and the ecosystem at large. We will learn they are both useful and complementary and that personal wallets are going to become increasingly central over time.
Web3 needs crypto wallets
Web3 Dapps are applications that live on-chain and, therefore that need to be connected to a Web3 crypto wallet so that users can interact with them. Crypto wallets enable account authentication, approvals of actions, and the reception or transfer of assets specific to that Dapp. Technically, Dapps are smart contracts that live on the public blockchain and, therefore can only be used with a crypto wallet.
This has made traditional custodial crypto exchanges irrelevant and unfit for Web3: Nothing more than a bank/ATM for funding native crypto wallets and incapable of interacting directly with Dapps, at least as-is (minus a caveat to cover later).
- Want to buy an NFT on OpenSea or Blur? Need a crypto wallet.
- Want to do a swap on QuickSwap or Uniswap? Need a crypto wallet.
- Want a loan on AAVE? Need a crypto wallet.
You get the story. Want Web3? You need a crypto wallet. No way around it.
Humans need personal Web3 wallets
Personal crypto wallets have been generation 1 of wallets.
They are the primary interface users choose to store and manage their cryptoassets: Coins, tokens, and NFTs. They evolved from basic paper QR codes to onerous and tedious hardware whose job is to allow you to manage your private keys. The user experience of crypto wallets has tremendously improved, in particular with the rise of mobile wallets while the security has remained at the elementary level of storing your seed phrase “somewhere safe.” Lately, superior security paradigms have made the experience an order of magnitude better thanks to MPC, and soon, Account Abstraction.
Those wallets use various connectivity protocols to interact with Web3 applications. Some proprietary (eg extensions like MetaMask) or open (WalletConnect) or just modular (Dynamic). The user has to actively choose to connect their wallet to the Dapp they want to use.
Not your connection, Not your Dapp.
But that leads to various points of friction and increases potential attack surfaces, which makes it a joy for hackers. Traditional seed phrase personal wallets (in particular hardware wallets) are unfit for an economy of apps where the usage frequency is significantly higher than casual trading or simply vaulting.
This makes the learning curve particularly bumpy for new crypto users and even for sophisticated users. And yet, they need a wallet.
So are personal wallets going to disappear and be replaced by app-specific wallets?
The race to onboarding, over-simplification, and value capture
Let’s talk now about Dapp wallets, or embedded wallets.
How do we get 1 billion people to try crypto? A lot of people think this will happen by making wallets *simpler*. This is wrong.
While this used to be true 5 years ago, there is nothing hard about setting up a new crypto wallet in 2023.
This is a myth the industry loves to feed itself for the lack of “billion users” adopting crypto. Zengo, for example, is an incredibly easy wallet to set up, with no seed phrase or password. Billions of people already install apps every day without any issue, some a lot more complicated than classical crypto wallets.
I will say it again, there is nothing hard about setting up a wallet. This is a PR excuse and narrative.
The race to simplicity happens somewhere else and it’s not about the user but about the developer of blockchain apps and business considerations.
The real story is that blockchain app developers want to capture more value (aka make more $$ and improve their conversion/retention) and not give away their user relationship to their external wallet of choice. This is a race to the point of entry and the control of the journey. This drove Coinbase, Binance, 1inch and recently the-not-yet-launched Uniswap wallet to adopt this approach.
And Dapps want to take that ride by embedding a wallet in their core, becoming themselves a wallet for their user base.
Embedded wallets are services that create a wallet for the user on the fly and in the background, using traditional login credentials (like email or social logins) while creating an account on the app for the user. No more need to first create a wallet, connect the wallet and then create the Dapp account. Those wallets are usually non-custodial and will possibly use MPC (Multi-party computation) to distribute the security shards to avoid a single point of failure where the user (without knowing) holds one of those shards and guarantees their control over the wallet.
This will be particularly handy with mobile Dapps or mobile web apps and even crypto exchanges that cannot by design connect to Web3 but can embed a Web3 wallet, allowing you to browse and use Web3 (just like Coinbase did with their MPC Web3 embedded wallet in the Coinbase.com custodial app). You will find them in games, in DeFi Dapps, in social apps,….
1 app = 1 wallet = 1 public address
Embedded wallets save you an extra step: No more need to “connect” an external wallet. The wallet is by default connected to the Dapp. This is *the* reason why embedded wallets are simpler. They remove that one step.
By the way, who are WAAS (Wallet-as-a-service)? Web3auth, Magic, DFNS, Crossmint, Coinbase (just announced), Metamask SDK (just announced), Fireblocks, and so many more….. Their primary customers are not the users but the app developers. The wallet they built is optimized for them first.
But is that resolving the most critical issues?
The over-simplification of wallets and the invisible burden for users
While this is awesome in appearance, this simplification leads to a wide range of additional complexities both for the user and the developer.
Let’s start with the obvious benefits: With embedded wallets, you, as a user, go from 0 to Dapp in no time. This is great if you have never had a wallet, and if you have one, it saves you the pain of connecting your wallet with all your main assets on it and risk exposing them to an unknown Dapp. It also saves you the trouble of finding your hardware wallet you have hidden “somewhere safe” every time you want to use a Dapp.
It is a better way to “try before you buy.”
But let’s fast forward and see what burden this approach carries:
- While they save you from figuring out what a wallet is they remove a very important part of the crypto learning curve. By obfuscating this essential part, the user remains blind to the basics of crypto (What a wallet address is and how it works) and crypto security. The user will still have to figure those things out later.
- Embedded wallets are a bandaid that prevents the user from appreciating what is happening and the responsibility they should be aware of as a traveler in the security crypto journey. Should a user truly understand how to get access to their keys if the Dapp shuts down, will they lose their web2 credentials, or will someone take over their social login (very common)? Embedded wallets offer by default fewer security guarantees and awareness because they optimize for the radical abstraction of the core friction points related to the basics of crypto security.
- You still need to fund embedded wallets for many type of operations (eg swapping a token or minting a non-free NFT, or participating in a paid game). Embedded wallets are only an envelope without the body that personal “super app” wallets can provide in a superior manner.
- You now have a wallet whose security depends on a social login or an email address. Would you want your bank account access to depend only on your email or Twitter login? Probably not.
- More clutter: More importantly, as embedded wallets are becoming omnipresent in Web3 Dapps, very quickly a user will end up with tens if not hundreds of wallets and wallet public addresses with different assets spread out across tens or hundreds of public keys. 1 new app, 1 new wallet: A total mess. Imagine if every time you had to buy something, the site was creating a new bank account for you which you have to keep track of. You would end up crazy trying to gather all those accounts and consolidate what you own.
Bottom line: Embedded wallets, while making things invisible and simpler at first, lead to a race to the bottom in personal security and in complexity by cluttering at scale the assets you own across tens or hundreds of Dapps.
Now, it is obvious why Dapp developers would love them as they make it is easy to start but more importantly, it will help Dapp developers bootstrap usage and retention (not necessarily adoption) and value capture. This is not just about the user.
The inevitability of personal crypto wallets
Humans love simplicity and technologies that make life easier. Ease of use should be considered through the entire spectrum of things you do in life and not just through particular apps.
Money and value management (a critical human need) are horizontal central needs. You don t have a bank account per app – you would lose your mind. You need a home for the things you value the most.
Personal crypto wallets are precisely filling that gap. They are the trusted interface that brings normality and control over a wide range of assets, needs, and Dapps you use. They are agnostic to the Dapp you just discovered and universal to all the needs you currently have or will have.
As users are going to use more Dapps and more coins and more blockchains and more simple embedded wallets, a primary interface to navigate all the above is going to be increasingly critical.
Even with Dapps providing you with embedded wallets, users will want to check out and withdraw their items to a consolidated safer account so they can use them in other Dapps, swap them, stake them, sell them, store them, send, rent, share, delegate and …why not … pay their taxes on them. Embedded wallets will never be on par with the critical feature sets and certainly not good enough to hold valuable and expensive assets. A good comparison is search engines. All websites have their own dedicated search but none of them match the utility, power, and trust of Google.
Personal wallets are the cockpit of your Web3 life. The more embedded wallets, the more clutter there is and the more that cockpit will be central to your Web3 reality.
Finally, with MPC and Account Abstraction, personal wallets are going to become significantly safer by protecting your primary wallet address from an unknown Dapp and allowing you to use secondary addresses or delegated addresses so you can also “try before you buy” with a personal wallet, significantly reducing wallet-drainer risks and exposure of your privacy and legacy associated with your main wallet address.
Developers: Mind the gap
If you are a Dapp developer, you are about to plug a critical piece of the crypto stack in your Dapp: The wallet. Congratulations. Welcome to the wallet world.
You will now be able to better retain your users, capture value and “funds at work,” and possibly even upsell a few services (swap, buy crypto).
But this comes at a cost.
In addition to a new monthly bill you will have to pay and cover for that service (someone has to pay the bills ah?). This will come with a set of responsibilities and challenges.
Since the wallet is now part of your Dapp, to the user, you will be responsible for their security, their customer support, and for the maintenance and additional feature set to stay on top of the game. You will no longer be able to blame external wallets for this or that. You will be responsible both for the bills and for the user relationship. Let me give you some color of what to expect:
- You will have to assist users with incoming and outgoing blockchain transactions and on-ramp of funds and airdrops.
- You will have to deal with ill-intended users who will try to break and game your system.
- You will have to deal with wallet-phishing and wallet-drainer attacks.
- You will have to deal with the impersonation of your wallet and your staff, as now funds are at stake.
- You must follow-up on critical wallet and blockchain maintenance (security, forks, bugs, downtimes).
- You will have to provide first-level customer support to any inquiry on wallets, train your team and build a support library for it.
- You will have to create a decent and secure “check out” and withdrawal asset experience from your app to external wallets.
- You will have to boost your personal internal OpSec to avoid MIM attacks (man-in-the-middle attacks).
- Depending on your scale, you will need some form of self-compliance to monitor money laundering and save your company from regulatory attacks.
- You will have to make airdrops (any airdrop) visible to your users and make sure you protect your user from token and NFT spam.
- You will still have to offer connectivity modules to external personal wallets for people coming with their wallets even if you offer a first-party embedded wallet.
- You will probably have to pay for the gas and network fees of all those unfunded wallets.
- You will have to look at the unit-economics of the cost of operating a wallet as this is not a free service (including the human cost of integrating and maintaining).
- Special bonus for mobile app developers: you will now have an additional effort to handle. The App store and Google play store review teams who have particular attention and rules for crypto wallets. (Ask Uniswap and nearly every single wallet maker). This effort is nerve-wracking and will slow you down.
Far from a set-it-and-forget-it type of stack that app developers do not control because it is built by someone else.
While you made it easier for users, your life as an app developer just became more complex (and expensive).
Conclusion: The job is not yet done
Both personal wallets and embedded wallets are going to coexist and thrive for different reasons. However, we must look at this with clarity. Embedded wallets will not bring the “next billion users to crypto”.
While in appearance adding relative simplicity to the user, they add for the developer a significant set of costs, efforts and responsibilities. They also eventually add complexity and clutter for users.
This is an exciting moment for the wallet space as it becomes more sophisticated, adopted and integrated. But one central topic cannot be left aside: Security. With so many hacks happening daily, inside and outside of crypto, there is no point in making things “easier” if that does not come with the correct approach to security.
Seed phrase wallets (apps or hardware) have already shown their limits and embedded wallets dangerously blind the user to the necessary steps for personal protection against external attacks and human errors.
The next evolution for wallets is not towards more simplicity but more usable security where, by design and by default, the risks associated are radically reduced. Multi-factor security, phishing protection, outstanding fast and mission-critical customer support are some of the ingredients for that future. The crypto industry suffers a terrible reputation as we speak. What we need to fix it is not simpler ways to onboard an elusive billion people that will probably not come any time soon, but solutions to restore that trust and robust security approaches with solid guarantees.
As the world becomes increasingly complex, multi-chain (EVM and non-EVM), unsafe, and cluttered, we are confident that multi-party computation will be one of the layers to raise the bar, and that trusted, proven primary wallets will become increasingly central to anything we do.