Navigating the World of Custodial Wallets: Promises and Perils

Cryptocurrency is often touted as a way of becoming “one’s own bank.” With this notion has come the rapid proliferation of digital wallets for managing the receipt, transfer, and storage of bitcoin and other forms of crypto.

For many in the Bitcoin community, custodial wallets have become their go-to solution. But few are often aware of both the upside and potential pitfall of using these digital tools.

First, let’s wrestle a bit with a very basic definition.  A custodial wallet can be best defined as any wallet where one’s private key for controlling their bitcoin resides in the hands of another person or company. Currently, there are growing numbers of custodial wallets that as a service maintain control of the private key for users. In other words, when you, as a user, want to make a transaction, they sign for you.

The beauty of this option is that you don’t have to worry about keeping track of your own private keys. Think of it as like a doorman having possession of the keys to your house, letting you in and out upon request.

As the number of wallet options in the crypto universe has become more vast, the semantics of what is or isn’t a custodial wallet get a bit murky.

By way of example, one might choose to use a non-custodial app like Copay to set up a multi-sig wallet for various family members. In this case, it could be argued that this represents a quasi-custodial wallet arrangement because others have control of one or more of the spending keys.

Among both neophytes and seasoned bitcoin users, what makes custodial wallets so popular is ease of use. For starters, this option doesn’t require you to download anything to your computer. Also, with the proliferation of mobile options, an account can be accessed from anywhere. So essentially you have a bank on your phone as well as a web version.

Despite the popularity of custodial wallets, many in the Bitcoin community are unaware of the potential dangers in using them. Often they see a jazzy website that lures them in with promises of safe, secure transactions. Users who get pulled into the hype may experience smooth sailing for a time before hearing about or find themselves in a compromised scenario.  

In other words, trusting a custodial service with your private key makes one susceptible to being hacked or having bitcoins stolen. And in a less likely yet possible scenario – the custodial wallet entity could be forbidden from signing any of your transaction requests by a court order, meaning that all of your assets are frozen and possibly unrecoverable.

Bottom line – a custodial wallet means you don’t really own your bitcoins.

Here a simple rule applies that has existed since the creation of Bitcoin: “You control your keys, you control your bitcoins – you don’t control your keys, you don’t control your bitcoins.”

A Comparative Wallet Biopsy

Now in an exclusive for CoinCap News, we asked product tester and UX expert Patrick Patton to offer his thoughts on three wallets with varying levels of custodial quality.

Highly Custodial: Freewallet

Patton’s Review and Analysis:

“Freewallet is a company that develops mobile cryptocurrency wallets.  It employs a lightweight client model with a keep-it-simple design philosophy. Although Bitcoin is obviously their primary focus, they’ve been adding other cryptocurrencies like Ethereum to the family of accepted assets. They have experienced an impressive trajectory of user growth.”

“A large reason for Freewallet’s success has been their ability to maintain a good relationship with Apple, with most of their apps being housed on the iOS Store. These include apps customized for Bitcoin, Ethereum, Lisk, Steem, Decent, FantomCoin, Doge, Ardor, NXT, Zcash, and Monero. Moreover, it claims to be the #1 Google Play store Ethereum wallet.”

Patton calls Freewallet “a decent attempt at a very user-friendly custodial wallet,” citing its utility with the aforementioned altcoins.  He does point out however that, whether you are brand new or experienced bitcoin user,  there are many better options.

The 1000+ users of “Ethereum Wallet” by Freewallet on Android, Patton says:  “They hold your keys, website and support emails. It seems very sketchy, indicative of signs of scams we’ve all seen before.”

Alvin Hagg, CEO of Freewallet says the main value proposition of his suite of wallets is to declare the utility and the beauty of cryptocurrencies. “We want people to see and easily use the new opportunities that appeared with the birth of cryptocurrency. We feel that design and customer experience are as important as security and sustainability. If blockchain is a future of finance, we want to make it cool.”

He touts the 11 separate wallets for various cryptocurrencies and more than 50,000 users who have tried Freewallet. Says Hagg: “Every new coin, if it’s hyped, brings a few thousand new customers in the first week of coin market boom. We are always searching for new cryptocurrency stars.”

When asked about concerns that may exist in terms of how funds are stored with Freewallet, Hagg asserts that they are using best practices of secure fund storage; that the vast majority of customer funds are stored offline. The Vault, he says, incorporates multiple layers of security, protecting it from both technological and human-factor risks. “It’s like in the movies about bank robberies: you need to have several unique keys to access the vault. We store only a small amount of funds on our online wallets. These funds are needed to process daily transactions of our users.”

Pressed about ongoing Bitcoin community concerns about Freewallet maintaining possession of private keys for users, Hagg responds:

“Private keys are not about security. If you are in cryptocurrencies for a long time, you are familiar with the cases of where Private Keys were either lost or stolen. I think that private keys are a sort of rudimentary feature, that are not important for the majority of users. Do you remember what Steve Jobs told about the stylus? In the age of biometrics, it is silly to ask users to write down mnemonic phrases. So we are going to continue to implement private keys as a feature,  and are still working on the way to make it right.”

Continues Hagg: “I think that customer support is one of the most important parts of our business. If you read reviews on google play, you’ll find some really positive feedback about our support team. Actually, we’ve hired the first support manager a month ago. Before that, I was supporting by myself. Our goal is to provide great care of every case, but unfortunately, there are some that cannot be cared for(ie when someone sent fund to the wrong address). That’s why we’ve had some negative feedback. But I am always ready to chat with someone in case there is some mysterious issue. In fact, I really enjoy chatting with users.”

Moderately Custodial: Coinbase

Patton’s Review and Analysis

“Coinbase is arguably the longest standing and most globally recognized custodial wallet having endured many years of development and scrutiny. Known for its easy setup and functionality, it functions similar to a bank-like deposit account, where the user owns an IOU for the crypto assets in storage. For these and other reasons, Coinbase is regarded as the most common gateway for new users to the entire world of cryptocurrency.  It holds high appeal among new bitcoin users in terms of the purchase, sale, receipt, send, and storage of bitcoin, all in one platform. It does, however, have a series of regulatory hoops for new users to jump through, including a stringent buy/sell verification process.”

Coinbase login security says Patton includes 2FA using SMS, Authy, and Authenticator-style TOTP apps for a user’s phone.

Patton says that there are a number of features that provide Coinbase users with a robust, generally secure experience. These include:

• The Coinbase Vault, a high-security storage product which requires mobile 2FA, user approval, and a second email approval to withdraw funds. It also includes the ability to cancel with any of the three.  Vault withdrawals take 48 hours to complete, giving a user numerous opportunities to cancel. Vaults are BTC-only and can only process withdrawals into a regular Coinbase BTC wallet, not an external address.

• Multisig Vaults: These vaults can generate three keys in the browser of a user–one held only by Coinbase, one encrypted with the user’s unique password for this vault (held by both the user and Coinbase), and one that the user must store themselves outside of Coinbase. There is also an offline “user” key and shared key with password that may be combined using Coinbase’s recovery tool to sign transactions without Coinbase’s knowledge or approval. This means a user could access your Vault funds without having to wait 48 hours, which according to Patton is not necessarily a good thing.

Patton believes that Coinbase’s popularity and high profile leaves it open to much scrutiny. He says that he’s generally impressed with how elegant and accessible Coinbase has made this rather complex process of multi-sig wallet creation. “Anyone using Coinbase to save bitcoin for the longer term should be using, at least, their basic Vault offering! Those who want some  protection from Coinbase, themselves, getting hacked or losing funds should consider the multi-sig vault.”

In terms of its downside as a custodial wallet, Patton concludes: “Coinbase is kinda like Paypal for bitcoin in that they can block or freeze your funds accounts at any time.  Moreover, the possibility of a hack occurring is magnified by the fact that they are an online platform.”

Non- Custodial: BitGo

Patton’s Review and Analysis

“BitGo is an enterprise-level bitcoin wallet targeting both individuals and businesses. It’s advanced multi-signature technology, key recovery solutions, zero confirm transaction services and other safety and usability protocols are highly regarded in the industry. It possesses a multi-sig “shared” wallet infrastructure where BitGo holds one key, the user holds one, and, by default, a Key Recovery Service (KRS) holds a third for 2-of-3 signing. BitGo also supports authenticator-style TOTP and Yubikey for 2FA.”

Continues Patton: “There is also the option for creating an additional BitGo wallets where the third backup key is generated one of three ways: In the browser with a second password, in a special BitGo iOS app, or via any external BIP 32 xpub generation tool or wallet (Mycelium, for example). Only those wallets utilizing a KRS are eligible for BitGo’s instant transactions and confirmation service.”

Patton says that it is possible for a user to freeze their BitGo spending key for a designated amount of time, a useful feature for buying enough time to empty a wallet using a backup key in case of a suspected account compromise. He also notes that a user can spend from their wallet without BitGo’s knowledge or approval via their provided recovery tool.

Concludes Patton: “BitGo is addressing the need for serious wallet management and security with tools for auditing and shared use within an organization. Not only can a user create multiple wallets with different spend policies, but one can within the same account also create entire new organizations, each with their own sets of wallets. A great option for individuals as well, especially if they need to send large-value bitcoin transactions.”

Mike Belshe, CEO of BitGo further articulates the distinction between custodial wallets and those where users are in control of the keys. (As a point of clarification, Belshe does not believe that BitGo falls within the traditional definition of a custodial wallet).  

Says Belshe: “What’s neat about bitcoin is that a set of arbitrary rules can be created around who can access it. In terms of our BitGo model, we use three keys, two of which are required by the user to access to access their funds. We never see or touch those two keys, nor can we can decrypt them. Our litmus test is very simple:  If BitGo were to disappear off the face of the earth, our users would still have their money.”

He says that this litmus test is a critical element in how BitGo defines “custody.”  He cites the definition used by Jerry Brito, CEO of Coin Center as a major influencing factor of BitGo’s philosophy. “He defines custody as anyone who can unilaterally create or block a transaction. I think that’s pretty much on target.”

When asked for a final word on the custodial wallets, Belshe offered this poignant thought: “The great thing about Bitcoin is that you hold it yourself. And the worst thing Bitcoin is that you hold it yourself. Balancing those two modes of thinking is key.”