This Week in Custody

Back after a hiatus!

This Week in Custody is a newsletter covering technical and narrative developments in digital asset custody written for wallet engineers, digital asset operators, and security engineers.

---

After a long hiatus at publishing this newsletter, I’m going to re-engage with publishing more frequently. I coincidentally stopped publishing at the precipice of the FTX implosion. Be that as it may, there is so much to talk about each week following the tailwinds of the Bitcoin ETF.

So much has happened since so I’ll refrain from summarizing, but two trends caught my attention: embedded wallets and wallet-as-a-service.

Several brand name apps have successfully launched their own wallets over the past year including Uniswap and OpenSea. Friend.Tech’s launch in August gave a glimpse of a packaged consumer application using embedded wallets.

To support this growing trend, several wallet-as-a-service (WaaS) providers started to enter the marketplace. Notably, Coinbase is big market participant using MPC technology. Other providers have chosen to build WaaS using secure enclaves.

The institutional wallet product market is growing too with the introduction of Blockdaemon Wallet and Anchorage Porto.

Highly recommend reading the latest Coinbase Ventures’ State of Wallets report (Part 1, Part 2).

Quick Links

Networks & News

• Overview of Offline Payments for Lightning Network from Breeze.

• Magic Eden launches a multi-chain wallet supporting Solana, Bitcoin, and Ethereum.

• OKX’s wallet is doubling down on inscriptions and bitcoin. Meanwhile, Binance launched an inscriptions marketplace.

• MetaMask integrates with Robinhood Connect.

• Fordefi fundraise announcement.

• Alchemy launches Embedded Accounts.

• Uniswap launches a web extension.

• Worldcoin acquires Ottr wallet.

• MetaMask integrates Blockaid for security alerts. MetaMask has 30M MAUs in January 2024.

• OpenSea’s embedded wallet has over 100K users.

• Progressive web apps (PWAs) have become a popular technology for crypto apps to reach users. A few weeks ago, Apple confirmed it was breaking PWA functionality due to new EU regulation. Recently, Apple reversed its decision.

Guides

• Capsule has a blog post on integrating their MPC product with MetaMask Accounts Snaps. If you haven’t heard of MetaMask Snaps yet, it’s worth digging into.

• Coinbase on error handling in MPC.

• Onboarding to Bitcoin Core

• Fireblocks presents common exploits against MPC wallets at Black Hat.

• Former CTO of PayPal describes experience of Shamir Secret Sharing gone wrong.

• Custodia Bank’s whitepaper.

• Podcast on Fireblocks’ journey.

• CoinDesk covers the FTX sim swap hack that occurred during the collapse.

• Aptos plans to launch a phone.

• Blog post on risks of liquid restaking tokens (LRTs).

Tools & Software

• Couple of excellent Trail of Bits blogs:

  • a recap CCC in Germany

  • fuzzing the Cosmos SDK

  • breaking TSS

  • overview of AWS cloud cryptography

  • notes on AWS Nitro

• Solana launches Token Extensions.

• Lit v0 launches key management network.

• Block’s BitKey shares source code.

• ThirdWeb previews in-app purchases for web3 games using Apple pay.

• Trust Wallet launches SWIFT: an account abstraction wallet.

Security

• Wallet drainers are bypassing EIP-712 security alerts in certain wallets.

• NIST advisory on Trust Wallet.

• Fake Exodus wallet published on the Snap Store. ~9 BTC stolen.

• Practical Key-Extraction Attacks in Leading MPC wallets

• Older news, but worth a link: Fireblocks reveals Bitforge vulnerabilities in 15 MPC wallet providers.

Thanks for reading!