As you may remember, on Monday (May 16), Coinbase announced that it had started to “roll out the ability for a small set of Coinbase app users to access Ethereum-based dapps directly from the Coinbase app.”
According to the blog post published on May 16 by Rishi Dean, Director of Product Management, the main Coinbase app (ie. the one for retail investors) is getting a new integrated DApp wallet and DApp browser.
He went on to say:
“With today’s launch, users can explore dapps without having to manage a recovery phrase. This innovative dapp wallet experience is powered by Multi-Party Computation (MPC) technology that enables you to have a dedicated on-chain wallet that Coinbase helps you keep secured. This is due to the way this wallet is set up, which allows the ‘key’ to be split between you and Coinbase. Ultimately, this means if you lose access to your device, the key to your dapp wallet is still safe and Coinbase can assist in recovery through our live support.“
Well, on Wednesday (May 18), Pete Kim, who was formerly Head of Engineering for Coinbase Wallet and who is currently working on DeFi and Web3 at Coinbase, posted a Twitter thread to explain the important of this built-in Web3 browser.
Kim says that he is “a huge fan of self-custody (non-custodial) wallets” (such as “Coinbase Wallet“) and for people who know how to backup and protect their private key (recovery phrase), he still thinks a non-custodial wallet is the best option.
He went on to say that unfortunately one of the most frequent support requests the Coinbase Wallet team gets is request for help with loss of the “backup recovery phrase”, which is something they cannot do anything about.
Coinbase realized that there were no perfect solutions for protecting a non-custodial wallet’s recovery phrase, and that they needed to find a way to help their users in this area.
“What do you do with your recovery phrase? Do you carry it with you? Do you leave it at home? Do you keep it in a safe deposit box at a bank? What if you get robbed? What if your house burns down? Do you trust your bank? Can you trust anyone?
“We explored other options like social recovery, but who can I trust? Do they understand what they’re doing? What if they lose or replace their device and forget to tell me? If we want to onboard a billion users to this platform, self-custody was simply not going to work out.“
Kim says that although for most users, a custodial wallet — i.e. a Coinbase account with a secure password and 2FA authentication enabled — is the safest way to store their cryptoassets, this option only allows buying, selling, sending, and receiving of crypto, and it does not allow full access to Web3 since that requires using a hot wallet (which is sadly less secure).
So, Coinbase came up with the idea of a “semi-custodial” wallet system:
“The idea is pretty simple: the user keeps some key material on their device and Coinbase keeps some key material. Both are needed to use the wallet. If only one party is hacked, funds are still safe.“
He then answered the question of would happen if the user loses their device:
“Well, it allows for different backup and recovery options. The backup could be in a cold storage system or with a third party. Just like the key materials held by the user and Coinbase, the backup alone can’t be used to transact.“
Next, Kim talked about how they implemented this system:
“We explored various options ways we could implement this new system. A smart contract wallet was considered, but was quickly rejected due to reasons such as high gas overhead and inability to sign messages, but most importantly the fact that it is specific to a blockchain.
“The solution we decided on uses multi-party computation or MPC for short. It uses advanced cryptography to enable multiple parties to interactively and collaboratively sign things like transactions without having to let anyone have the full key at any given time.“
He went on to say:
- “Coinbase’s MPC system that was built in-house supports both ECDSA/secp256k1 and EdDSA/ed25519, and hence it can handle cryptographic signing for almost any blockchain out there. There is also zero gas overhead. To the blockchain, an MPC wallet looks just like an EOA wallet.“
- “A MPC-powered wallet (we call them dApp wallets), can support anything and everything a normal self-custody wallet can. Not just sending, receiving and trading, but also using dApps, DEXes, storing and trading NFTs, voting in governance, yield farming, web3 games, etc.“
- “Work is currently under way to enhance all of our products with this new tech. Are you an NFT trader, and you’re worried about keeping your keys safe? Are you an institution and you need secure custody but still want to use your assets in web3? DApp wallet solves this.“
The views and opinions expressed by the author, or any people mentioned in this article, are for informational purposes only, and they do not constitute financial, investment, or other advice. Investing in or trading cryptoassets comes with a risk of financial loss.