Web3’s Wallet Opportunity
Today, a large percentage of crypto users store their holdings on an exchange. For a technology that empowers sovereign control over digital assets, why do so many users opt for the custodial experience?
First, it offers convenience (e.g., on and off-ramps to fiat, UI/UX, easy sign up flow). Second, and perhaps more importantly, Web3 can be a scary place for new users. Many prefer the safety and security of custodial exchanges (e.g., no need to remember a 12–24 word seed phrase).
Storing assets with centralized exchanges has its limitations. Users must place trust in the exchange to keep their assets safe, which has its own risks as FTX’s recent bankruptcy demonstrates. Further, most exchange wallets are not optimized for interacting with the decentralized web — DeFi, NFTs, DAOs, and gaming/the metaverse. While this functionality may not be relevant to many crypto holders currently, it will be of growing importance as interest in digital ownership grows.
Just as the Internet became more appealing and easier to use over time, so too will crypto. The next billion users will expect convenience and security in accessing Web3. As the entry point, wallets represent *the* critical infrastructure for onboarding mainstream adoption.
In this article, I break down the wallet opportunity. I trace the historical origins of digital value transfer and explore what’s next.
The Historical Origins of Digital Value Transfer
What is often overlooked is that the Internet used to be a scary place too. In the 1990s, early Internet surfers had trepidation about transferring value online and viruses were rampant. From SSL’s security standard to Plaid’s banking APIs, technological advances enabled the modern e-commerce experience.
Securing Online Transactions (mid-1990s)
While the first consumer web browser Netscape (1994) fell short of directly building payments into the browser, its SSL protocol set the universal standard for privacy, authentication, and data integrity in Internet communication.
SSL paved the way for the first dot-com boom. For example, Amazon (1994) publicly launched months after the SSL protocol was introduced, leveraging its security for consumers to make secure payment for books online. Startups like Amazon would not have worked without this infrastructure standard.
Trusted and Private Online Identity (mid-2000s)
In 2007, a small community of web developers first released the OAuth protocol. OAuth enables users to safely share account information with third party websites and applications without actually sharing their password. The Internet Engineering Task Force released OAuth 1.0 as an open standard in 2010 and a revised OAuth 2.0 in 2012.
Today’s largest tech players, including Facebook, Google, and Twitter, use OAuth for secure, third party, user-agent, delegated authorization.
As an example, Facebook launched Facebook Connect in 2008, enabling users to “connect” their Facebook identity, friends, and privacy to any site. The API offered users the option to authenticate and connect their account in a trusted environment with dynamic privacy settings.
Sending and Receiving Digital Assets (early 2010s)
Bitcoin (2009) enabled the existing technology of an asymmetric key pair to be used to write to a public database, creating the first “crypto wallet.” The first “real world” Bitcoin transaction took place in 2010 on a Bitcoin forum. Coinbase (2012) and other exchanges subsequently launched with the goal of making it easier to securely send and receive Bitcoin.
Communicating with Bank Accounts on the Internet (mid 2010s)
Plaid (2013) created a more seamless consumer fintech experience, building the back-end infrastructure for over 7,000 apps and services. Plaid’s API enables consumers to securely connect their banks to apps such as Venmo, Betterment, and Chime. Plaid’s bank connectivity allows consumers to easily make payments or investments from “wallets” within these apps. For example, Venmo users can simply pull bank funds into the app’s digital wallet to make payments to friends.
Interacting with dApps (late 2010s)
Ethereum launched in 2015 with the vision to serve as a next-generation smart contract and decentralized application platform. Launching shortly after Ethereum, leading crypto wallet MetaMask (2016) set a new paradigm for interacting with dApps via web browser. Unlike prior wallets and platforms focused on interacting with cryptoassets like Bitcoin, MetaMask served as the gateway to dApps. As interest in dApps has grown exponentially, so has MetaMask. The Web3 wallet firm has experienced rapid growth in recent years, growing from 545k MAU users in July 2020 to over 30M as of March 2022.
Onboarding Mass Adoption (next 3–5 years)
Since MetaMask’s launch, we’ve seen a proliferation of wallets. These span:
- Ecosystems (e.g., Phantom and Glow on Solana, Braavos and Argent X on StarkNet, Martian on Aptos and Sui)
- Verticals (e.g., Rainbow for mobile, Genesis and Castle for NFT collectors, Ultimate and Zerion for DeFi enthusiasts)
- User types (e.g., Squads and Gnosis Safe for groups/teams, Fireblocks for institutions)
In terms of numbers, Web3 communications protocol WalletConnect advertises that they support over 230(!) wallets.
Just as the Internet became easier to access over time, the next iteration of wallets will provide the entry point to mass adoption. They will provide a more convenient and secure experience.
Onboarding Mass Adoption Through Wallets
Historically, interacting with dApps has been a clunky, error-prone, and unintuitive experience involving seed phrases, gas fees, and signing off on technical language. Many startups are tackling the opportunity to simplify custody, provide frictionless interactions, and offer enhanced functionality.
Simplified Custody
Popular wallets like MetaMask leverage Ethereum’s External Owned Account (EOA) design, which couples the account (the object holding your tokens) and the signer (the object authorized to move these tokens).
This results in a big complication — if you lose your private key, you lose your account. Risks of getting scammed, rugged, or losing private key access are all a huge barrier to mass adoption. Luckily, smart contract wallets and Multi-Party Computation (MPC) technology provide possible solutions.
Account abstraction simplifies custody by providing an alternative in which accounts are smart contracts. By decoupling the object holding tokens (the account) from the object authorized to move these tokens (the signer), each user can have an account that is adapted to their needs.
This Contract Account (CA) design unlocks new use cases that simplify UX and improve security, making mass adoption with self-custody a possibility. Example use cases include:
- Social recovery (e.g., recover your wallet without seed phrases or centralization by asking friends and family to recover it for you)
- Account restrictions (e.g., requiring 2+ users to approve a transaction, transaction limits, specifying transactions can only be made to known addresses)
- Multicall transactions (e.g., approve, deposit, and borrow on a DeFi app then batch sign-everything vs. sign after each action)
- Optionality for gas (e.g. dApps can subsidize gas fees for their users for “gasless transactions” or allow users to pay fees in any ERC-20 token)
In June 2022, Vitalik Buterin outlined a probable road to account abstraction. He proposes short-term triaging with ERC-4337 (voluntary account abstraction without Ethereum protocol changes) and bootstrapping with layer 2 protocols.
The long-term plan is to consider mandatory conversion to ERC-4337.
A number of wallets are using account abstraction to improve self-custody. These include Argent and Argent X, which support zkSync and StarkNet respectively, as well as ERC-4337 compatible Soul Wallet.
Multi-signature wallets (e.g., Gnosis Safe, Squads) are smart wallets requiring a minimum number of people to approve a transaction before it can occur. This assures that no single person can comprise the funds, improving custody for groups like Web3 startup teams and DAOs.
MPC, in which the private key is broken up into shares and divided among multiple parties, provides another pathway to simplified custody. In May 2022, Coinbase announced its dApp wallet that enables users to have a dedicated on-chain wallet that Coinbase helps keep secured. This is due to the way this wallet is set up, which allows the ‘key’ to be split between the user and Coinbase in a “semi-custodial” wallet system.
As Nichanan Kesonpat of 1k(x) excellently details, each path has its merits, with the decision dependent on the target users’ requirements, weighing various tradeoffs across security, UX/flexibility, cost, recoverability, privacy, and extensibility. As she also explains, these technologies can be complimentary (e.g., MPC could augment an existing multi-signature scheme).
Frictionless Infrastructure
Reddit recently broke the news that more than three million users have created Reddit wallets (or “vaults” as Reddit calls them) to buy and trade avatar collectibles. The catch? The vast majority of these users didn’t know these “collectibles” were NFTs. Users were able to claim these collectibles, free or paid (in $USD), and create a blockchain self-custody wallet within Reddit’s Web2 interface. While the vast majority of these users did not send or trade their avatars, Reddit now has millions of users ready to activate with their next Web3 initiative.
We will see more apps and dApps own the wallet experience in this way. Doing so allows them to:
- Seamlessly onboard consumers into Web3
- Offer financial services (e.g., on and off-ramps, asset transfers, and exchange)
Onboarding and wallet infrastructure startups are providing the APIs and SDKs to securely power in-app wallets. Magic.link, Wally, and Venly offer infrastructure to streamline sign up flows. Biconomy, 0xPass, and Openfort are focused on enabling developers to implement account abstraction features such as pre-approved transactions and transaction bundling.
Further, Lit Protocol recently announced its decentralized cloud wallet platform with distributed custody. Lit Programmable Key Pairs (PKPs) open up the opportunity to build consumer friendly wallets that abstract away the private key with customizable authorization, like social recovery and Web2 style multi-factor authentication. Additionally, these PKPs allow users to delegate signing capabilities to immutable code, called Lit Actions, for additional automation and capability.
Beyond the initial signup flow, Delegate.cash makes it easier to interact with dApps post-wallet creation (e.g., to claim airdrops, prove ownership, participate in governance). Further, safety and security startups (e.g., Blowfish, Stelo Labs, Harpie) are tackling how to keep consumers’ wallets free from scams, spams, and bots.
Expanded Wallet Functionality
While most wallets won’t survive as standalone apps due to the intense competition at this layer and resulting network effects, the leading ones will trend towards super-apps.
As an illustration, many upstart wallets have prioritized embedded functionality targeted at specific users or use cases. Rainbow’s mobile-first wallet features ENS usernames and a Discover section highlighting trending tokens and new assets. Castle’s wallet for NFT collectors includes a built-in NFT marketplace and portfolio tracking. Ultimate’s DeFi focused wallet enables users to earn yield from protocols such as Lido from within the app.
Open, composable systems help make this expanded functionality possible. Mobile-forward wallet platform Backpack enables any developer to package and publish an xNFT (or dApp) on its “iPhone App Store” like decentralized marketplace. In Jan. 2022, MetaMask announced the developer release of its Snaps platform, which allows anyone to safely extend the capabilities of MetaMask to create customized wallet experiences (e.g., support non-EVM blockchains, incorporate messaging/notifications, add security/privacy features). The Snaps platform will go live in MetaMask’s browser extension in 2023.
We’ve also seen existing applications build their own wallets to get closer to end users. For example, DeFi investing platform Zerion launched its own Web3 wallet.
Similar to early Internet users, Web3 users thus far have experienced the difficulties of using new technologies. However, the next one billion users will demand more in convenience, security, and functionality. Therein lies Web3’s wallet opportunity.
If you are building in this space or want to exchange thoughts, my DMs are open!
Thanks to Derek Edws, Stephen McKeon, David Sneider, Nichanan Kesonpat, Sean X, Mason Nystrom, and many others for informing my thinking for this piece.
Disclosure: Collab+Currency is an investor in projects mentioned above, including Rainbow, Squads, Lit Protocol, and Delegate.cash.
