Julien Auchecorne, Chief Commercial Officer of Qredo, was in attendance speaking at the amazing WalletCon in Denver last week.
WalletCon Denver is a one-day conference dedicated to exploring theoretical questions and key innovations shaping the future of the blockchain wallet experience. The conference held its inaugural event this 1 March 2023 in Denver, Colorado. The thriving event featured events focused on security, identity, communications, and wallet UX.
Julien spoke in a panel called "Browser Wars Reinvented: Security and Coordination Problems Faced by Wallets and dApps", an event hosted by Kyle Den Hartog, Brave wallet's CISO and a published expert on security standards.
Other guests on the panel included Weiwu Zhang, co-founder and CTO of Smart Token Labs, and Vanina Ivanova, CMO of Ambire Wallet.
Over the course of 45min, the panel discussed wallet-to-API interactions, ERC-1271, zero-knowledge proofs, account abstraction, secure self-custody, the responsibilities of dApps and wallets for the security of funds, fiduciary matters, dealing with malicious actors as well as the parallels with earlier technological developments in web browser technology.
If you'd like to watch the whole video of the panel, you can check it out right here, and we're glad to share some highlights from the event below.
On [Account Abstraction], it's [actually] a great validation of the product that we've built, because [focusing on the end user] we do have all the features that you are describing. It goes back to this whole notion of sophisticated policy engines, allowing people to have a sophisticated way to manage their risk when it comes to actually getting assets out of their wallets. Both from a UX and security standpoint, by using MPC.
What we do observe is the current environment is quite oligopolistic. Some of the wallet providers are extremely dominant, and some dApps do siphon up most of the TVL. I think that's a natural occurrence. But where I think that the impact of AA and opening things up in this way could be positive in that, suddenly, things become more interoperable, and the movement of liquidity [between environments] is a bit more seamless. And then it actually opens up more areas of innovation and growth for more dApps and more wallets as well.
This is also the point at which I think we get a bit concerned, especially relative to the kind of maturity in the industry, about how robust the paths to implementation look.
Because, on one hand, it's awesome to have all that composability, but if there's no accepted standard or even a shared understanding of the DevOps process to actually produce security audits and upgrade smart contracts, then yes, it's awesome to unleash this creativity in the market, but it could actually lead to some bad outcomes. I think that if you look at what happened last year in DeFi, the soft targets in the market have often been at that level, poorly secured smart contracts.
I think that if you look ahead in 12 months, 18 months from now, and when we talk about standards, I think what we're really talking about is actually how people understand they need to operate to scale responsibly. Once I think that we've grown a bit more mature in that context, then I'm a permanent optimist about [what the industry can deliver.]
If you look at the tax on the ecosystem that we've seen last year with all the hacks and wallet drainage, you could cut it in half 50-50, whether you could blame primarily a wallet or a dApp around what happened.
With dApps, it was more visible because you get a whole pool being drained. That's big numbers right away. You've got a whole community of users that are affected. With wallet drainage, it's different. But I would still say that with those two participants, the ecosystem is so tied at the hip that I think that any problem-solving effort should be really the focus of collaboration.
We [Qredo] have a policy engine. We provide the modularity to produce a set of conditions under which transactions can be signed off. The risk management toolkit is for anyone who actually wants to take their assets from a secure environment and deploy them into a risk environment.
That's where we focus our efforts. Let's give you the tools to actually do that in a way that is within your control.
Policy engines limit that risk today. It's not just whitelisting; you can also pull the plug on wallets that are on assets that are exposed to those dApps. If there's any behavior that is identified as being suspicious, there is risk management there that actually would go a long way to addressing this.
As Julien pointed out, wallet security in Web3 is a complex, fast-moving target. With new innovations come, unavoidably, new exploits and risks.
Staying ahead of this and offering leading solutions for self-custody and enhanced security on the blockchain is a mission that Qredo is leading the way on.
We will continue to research, develop and supply infrastructure to the wider blockchain community, which will help to make the space a healthier, more secure and more decentralized one.
Thanks for being part of what we do here at Qredo. We’re securing the future of blockchain, and we couldn’t do it without you.