Back to Resources

Custodial v Non-custodial Wallets

Nov 06, 2020
custodial wallet

With the upward trend in the use of cryptocurrencies and a rise in new blockchain leveraged technologies, it is important to not leave behind a go-along technology that is continuously updating: wallets.

At their most basic form, wallets were created to solve the need for storing, sending and receiving digital coins (originally Bitcoin). Since then, wallets have mutated into individual services that are provided by blockchain companies. They have evolved from simple software programs handling key management to sophisticated applications that offer a variety of technical features and additional services that go beyond the simple storage of cryptocurrency.

A wallet is a “software program that is used to securely store, send and receive cryptocurrencies through the management of private and public cryptographic keys. Wallets also provide a user interface to track the balance of cryptocurrency holdings and automate certain functions, such as estimating what fee to pay to achieve a desired transaction confirmation time” [1].

Wallets include three characteristic pieces of information: a public key, which lets one receive funds from any other wallet (like a bank account number); a private key used for creating digital signatures and verifying transactions; and an address, which is the location of the wallet in the blockchain network. The reason it is important to have the private key securely backed-up is that the public key and subsequently the address can be derived from it, not to mention that anyone with your personal private key has access to your funds, and can discretionally transfer them out of the wallet.

Who gets custody?

There are two kinds of wallets, custodial and non-custodial wallets. Custodial wallets are wallets where third-parties keep and maintain control over your cryptocurrencies on your behalf. Non-custodial wallets are wallets where you take full control and ownership of your cryptocurrencies.

By using a custodial wallet, you trust an external party to store your coins safely. This may be convenient as you avoid worrying about private key security. Instead, you only worry about the security of your account credentials, just as you would have to protect your email account. However, by trusting a third party with your cryptocurrencies, you open yourself up to the risk of the custodian losing your cryptocurrencies through mismanagement or hacks. There have been numerous incidents [2] of custodial wallets losing their cryptocurrencies, with the most current ones including Cashaa, in 2020, and the most notorious ones being CoinCheck, Bitfinex and Mt Gox, amounting to over US$ 1.3 billion of stolen funds [3]. Similarly, the 2019 Binance hack proved that even fast-moving exchanges could have security risks because of the limited amount of time they have to test for weaknesses. Custodial wallets are the equivalent of banks or funds, where the money is yours but a third party has control over it. 

Non-custodial wallets, on the other hand, leave the responsibility of security to the user. Even though at first it sounds wearisome, it also means that almost nothing can happen to the funds as long as the wallet owner takes precautions and stores the private keys diligently. Writer’s choice and industry recommended Lumi-wallet is an example of a multi-currency non-custodial wallet that includes services such as integrated exchanges and credit/debit card acceptance. 

There are various platforms under which wallets can be created. Mobile wallet apps are the most widely offered format, followed by desktop and web wallets. There are also hardware and PM (paper and metal) wallets. Though hardware wallets used to be considered the most secure, they don’t provide ease of access and transaction of funds, and include the risk of losing the hardware piece [4]. 

Despite being thought of as a usability-security trade-off, new non-custodial wallets aim to attend custodial shortcomings and keep security at the forefront of their operations. The Multi-Party Computation (MPC) wallet developed by Curv seems to have taken the lead and is gaining popularity. The distinct attribute that characterizes MPC wallets is the removal of the ‘single point of failure’ [5] by providing a secure, distributed way to sign transactions and manage digital assets.

Key differences

As with most things, wallets have distinct advantages and disadvantages. Some of the main trade-offs can be classified as follows:

Factors  Custodial Non-custodial
Security
  • Trust third parties with storing funds (making them susceptible to hacks); diminishing risk of losing your private key which gives access to your money.
  • No trust in an external party, with sovereign control over private keys and funds. Cryptocurrencies are ‘safe,’ but with the risk of losing/forgetting private keys [4].
Auditing
  • Custodial wallets are -usually – closed source (this means its code can’t be inspected by outside developers to check for robustness). [6]
  • Usually auditable, open source code.
Anonymity
  • Need for KYC/AML information provision.
  • No need to provide personal information.
Practicality
  • You can manage your funds very quickly and at any time when there is an Internet connection.
  • Although it’s been historically challenging to carry out transactions, this problem is nowadays almost unique to hardware and paper wallets.
Additional Controls Besides the inherent security characteristics of custodial/non-custodial and hot/cold wallets, there are newly developed options to strengthen security:

  • Internal controls such as daily transaction limits, 2FA, backup wallets and Cold layers are some security complements that can be added.
  • Multi-signature wallets present the possibility of several private keys with different access rules, and are used as a way of creating an additional layer of security. They are also used for managing joint crypto accounts.

While the decision on whether to opt for a custodial or non-custodial wallet will depend on the various factors outlined above and more, it acts as a guide to making the better decision for a user’s needs. 

 

SCALABLE Wallets

In September, Scalable Solutions and multi-currency crypto wallet LUMI Wallet formed a partnership. Leveraging on decades of industry knowledge, providing an ample and versatile spectrum of products, and with security as a core value, this relationship aims to build functional non-custodial white label wallets for cryptocurrency users that will provide fulfilling and versatile experiences in the world of rapidly developing global financial systems. You can read more about the white label features here

If you’re after dedicated custodial wallets for 130+ popular cryptocurrencies, high security layers including cold storage, and easy purchases even with credit cards, our partnership with Freewallet allows you to access all these features and more. For both custodial and non-custodial wallets, you can get in touch with us here.

 

 

 

References

[1] Hileman, G., & Rauchs, M. (2017). Global cryptocurrency benchmarking study. Cambridge Centre for Alternative Finance, 33, 33-113.

[2] Ton, Ngan. “A Complete List of Cryptocurrency Exchange Hacks [Updated].” IDEX Blog, IDEX Blog, 27 Mar. 2020, blog.idex.io/all-posts/a-complete-list-of-cryptocurrency-exchange-hacks-updated. 

[3] FortKnoxster. “THE TOP 10 CRYPTO EXCHANGE BIGGEST HACKS EVER.” FortKnoxster, 11 Sept. 2019, fortknoxster.com/blog/the-top-10-crypto-exchange-biggest-hacks-ever/. 

Similarly, Quadriga in Canada or Cryptopia in New Zealand are other examples that might fit into the list.

[4] Nowadays, lost private keys or mnemonic phrases doesn’t mean lost funds. The risk of social engineering (misleadingly obtaining user’s private keys) is still one of the most troublesome in this category. There’s a note to be made between retail and institutional wallet security, given that as storage space is defined for each one, further controls can be made regarding who has access to the wallet and under what circumstances.

[5] Up until recently and despite the type of wallet, single points of failure could be found. Having the private keys controlled by one individual (user in case of non-custodial wallet, protected server in case of custodial exchange) means that in the event of loss, stealing, or even death (see QuadrigaCX), the funds are lost and irretrievable.

[6] Cases where open source code is used to run a service while keeping private keys also exist.

[7] There is a note to be made when discussing the uses of wallets. Ethereum and Bitcoin wallets work differently. Ethereum wallets are more similar to a digital identity. You need your Ethereum wallet if you want to connect to a vast array of Ethereum-based DeFi or Gaming applications. Bitcoin, on the other hand, doesn’t have any Dapps (Decentralized applications). As such, Bitcoin wallets focus on storing, sending and receiving users’ funds. 

[8] “Uniswap Protocol Analytics.” Uniswap Info, info.uniswap.org/home. 

More Articles