Securing Digital Finance: Why Custody Providers Need HOPR

As the world of digital finance continues to expand, the ever-crucial role of custody providers can’t be overlooked. A secure and private storage solution for your assets is the non-negotiable baseline for any user entering the space.

Yet, for custody providers, achieving this standard — while satisfying and future-proofing against regulatory compliance — is a much harder task than it may seem. Here’s a quick breakdown of the issues many custody providers face in this space and how they can protect themselves and their users using HOPR and RPCh.

The Lack of Privacy in Web3 Infrastructure

In the world of cryptocurrencies and blockchain technology, nodes act as the backbone of the respective peer-to-peer infrastructure, such as Bitcoin or Ethereum. They are essential for interacting with the blockchain, and every custody provider needs access to them.

Providing custody services requires a plethora of continuous interactions with the chain for each and every client. To accommodate all this, custody providers have two primary options: rely on centralized infrastructure providers like Infura/Alchemy or run their own nodes. Unfortunately, neither option is perfect.

Large infrastructure providers, while offering convenience, can access private information about the custodian's users. This data can include IP addresses linked to their wallets and detailed, harvestable metadata about how users utilize the services. Essentially, this leaves user data vulnerable, which is not ideal from a privacy perspective.

Interestingly, even running their own on-premise nodes doesn’t offer the level of privacy one might expect. To write to the chain, transactions still need to be broadcasted through the dedicated Bitcoin or Ethereum (or other blockchain) nodes. In the process, powerful adversaries with a full overview of the p2p network can utilize timing information to identify at which node a transaction originated. This process inadvertently makes the nodes you run synonymous with your users’ wallets and again introduces significant privacy concerns that can be used to de-anonymize users, link their accounts and frontrun transactions in a targetted fashion.

The Lack of Privacy in Using Web3 Services

Just as the interaction with blockchain raises privacy concerns, using web3 services doesn’t come without its own set of issues. Many custody providers interact with various specialized services that provide functionalities such as access to exchange rates, transaction history, and identity verification. However, every interaction with these services necessitates the sharing of some user data, further increasing the exposure of sensitive information.

For example, anyone running Ethereum nodes would be able to single out the exact wallets that users of a custody provider utilize. Via timing information, they would further be able to link various accounts of the same user. This presents a significant metadata leak that must be addressed to make the on-chain interactions safe and data privacy compliant for everyone. Especially larger regulated financial institutions are unlikely to accept today’s yolo attitude to privacy in the crypto world.

How Does RPCh Solve This?

RPCh effectively detaches the users’ wallets from the infrastructure of the third-party provider or even the custody provider. It enables the provider to perform necessary operations on the blockchain while ensuring that the wallets remain decoupled from IP addresses and other metadata that leak sensitive customer information.

Through RPCh, it becomes impossible for any service, provider, or observer to correlate the wallets or assets of users with their real-world identities. This level of anonymity isn’t just core to the principles of web3, it’s also an expectation that individuals have when they entrust their assets to custodial or financial services.

RPCh not only protects the privacy of users, it also reduces the regulatory risks for custody providers. There is no liability for data you don’t handle or pass on to third parties. Minimizing the data any provider interacts with down to only what is needed is the key to future-proofing against ever-changing regulations and the regulatory scrutiny that is especially prevalent in the financial sectors of this space.

Sebastian Bürgel,
HOPR Founder

Website: https://www.hoprnet.org
Twitter: https://twitter.com/hoprnet
Telegram: https://t.me/hoprnet
Discord: https://discord.gg/dEAWC4G

Forum: https://forum.hoprnet.org
Staking: https://stake.hoprnet.org