Published Feb 15, 2022
By Qredo Team
The Missing Piece of Web3 Wallets
As the Web3 economy matures, transactions are getting bigger and evolving to serve real-world use cases such as financing cars, taking out mortgages, and funding business ventures.
Yet, the default gateway to Web3 remains insecure. The browser-based wallets often used for these transactions are susceptible to hacks, malware, and a growing number of increasingly innovative social engineering schemes.
Decentralized MPC solves for this by adding a custody layer to Web3 wallets that makes it possible to securely access DeFi — all supported by the governance, ease of use and programmability needed for broader real-world adoption.
What are browser-based wallets?
Often called non-custodial wallets, browser-based wallets store the private keys that control digital assets in encrypted form in your browser’s data cache. (In addition to a backup paper seed phrase).
You can sign transactions with a couple of clicks from within your browser, making accessing DeFi as easy as online shopping.
But this convenience masks the inconvenient truth that browser-based wallets are effectively hot wallets. As such, they have long been known to be the most insecure method of storing private keys, and can be compromised in countless ways by hackers looking to take advantage of irreversible blockchain transactions.
Browser-based wallet attack vectors:
Clippers, which intercept copied blockchain addresses from the clipboard and replace them with addresses owned by the attacker, have stalked the web for years. Other newer forms of malware include Mars Stealer, which cracks open the browser cache to steal sensitive data such as passwords, and the prolific Cryptbot, which used similar methods to rake in an estimated half a million dollars of bitcoin in 2021.
Social media is swamped with scam accounts that bait victims into sharing their seed phrase by pretending to be wallet support staff. Other schemes are even more sophisticated, with some victims reporting elaborate ruses involving fake friendships and fraudulent project contributors. According to Chainalysis, scammers used methods like these to siphon off a massive $14 billion worth of crypto in 2021.
North Korea hacking group Bluenoroff is thought to have pioneered other advanced forms of social engineering, such as planting fake versions of wallets on the Google Play and App stores, and injecting corrupted code to victim's computers through weaponized word documents.
The missing piece of Web3 wallets
The security risks of browser-based wallets are so great that most developers advise against using them to store large amounts of funds.
Instead, they often recommend supporting browser-based wallets with cold storage. This way, the private key is not kept in the browser cache, but in a secure offline chip. Accessing the assets then becomes a physical operation of manually tapping the button on a plastic wallet, akin to swinging open the metal door of a vault to retrieve bars of gold bullion.
This helps secure the assets, but also limits accessibility and functionality. It prevents organizations from implementing sophisticated governance schemes, and makes deploying assets into DeFi a cumbersome and manual process — rather than the seamless, programmable ease that digital assets promise.
Decentralized MPC unlocks the real potential of Web3 by replacing the cumbersome private key with a secure and flexible governance layer.
Protect against malware and phishing
Malware cannot prise private keys out of the browser cache, because they have been replaced with decentralized multi-party computation and never exist in their complete form.
Phishing attacks are less likely to succeed because all activity is protected by custom governance, with each additional signature reducing the possibility of scam transactions slipping through.
Open new decentralized frontiers
Scale operations to enterprise and institutional level.
Decentralized MPC removes the need to rely on error-prone human processes such as
manually pushing buttons on hardware wallets to approve trades. Through the Qredo API and Core Client, transaction flows can be automated from integrated software, enabling hedge funds to securely implement rapid-fire programmatic trading strategies, or corporate treasuries to automatically rebalance stablecoins across different chains and protocols.
Access the multi chain universe from one wallet.
Instead of maintaining multiple different wallets and browser extensions for each individual blockchain, you can transact across dozens of different EVM chains from a single wallet and browser extension.
Take granular control over governance.
Configure your own custom subwallets and signing schemes to seamlessly spread digital asset responsibilities between teams — without the need to deal with cumbersome multisig or single private keys.
Securely scale your DeFi operations with decentralized MPC
The only way to securely enjoy seamless DeFi interactions at scale is with Qredo's decentralized MPC.