.png)
TL;DR
Since our inception in 2019, Dfns has been on a mission to fix one of the biggest vulnerability in blockchain technology: the private key.
When we first started, we were surprised to find that many people were still using old-fashioned methods to store their private keys, from handheld hardware to printed paper backups. Many were rationalizing their choices as the soundest ones, frequently repeating "not your key, not your coins" in self-justification. Considering that these individuals were investing their trust and money in what could be viewed as the most volatile and groundbreaking financial venture in human history – that is to say crypto – it felt counterintuitive to discover that their approach to wallet security was characterized by conservatism rather than innovation.
But what was even more jarring was that these practices were completely at odds with the ethos of decentralization, which was championed by the crypto community in the first place. While advocating for a decentralized financial future free from centralized control and fraud, the crypto industry was ironically burdening individuals with the high-stakes responsibility of managing cryptographic keys – a task usually reserved for seasoned security professionals. This flawed approach not only ignored user experience but also showcased a total lack of empathy for the real-world challenges faced by most crypto users. By 2020, the consequences of this mentality were clear: 20% of all bitcoins had been lost forever due to hacked or misplaced keys.
From there on, year after year, we kept reading troubling stories about hacks and lost wallets making headlines, pointing out the true hardship of key management. It turns out, the idea that everyone could learn how to safely handle keys was wrong, even for the most skilled engineers and professional traders. This mistaken belief originated perhaps from a confirmation bias of the early blockchain pioneers – cryptographers and security experts – who might have imagined the task easier than it actually is. As crypto gained in popularity, inexperienced investors rushed into web3 and made very costly mistakes resulting in great financial losses, ultimately causing a lot of frustration and unnecessary mistrust in the crypto world.
In this chaos, Dfns saw an opportunity to help fintech founders, developers and organizations build better web3 products. Inspired by the powerful security benefits of multi-party computation, Dfns envisioned a solution to this growing problem of vulnerable single points of failure in wallet security. In 2018, MPC wallets had already become an integral part of many institutional stacks. These wallets paved the way for the next generation of secure and resilient wallet solutions as they were uniquely able to decentralize private keys and offered unparalleled recovery options. However, most MPC wallet providers were only catering to investors – not developers.
Dfns stepped in to fill this void, becoming the very first vendor to introduce a developer-friendly, API-first platform enabling teams to create, embed and manage wallets at scale using the most advanced MPC technology in the world. Our vision was clear: we aspired to decentralize wallets akin to how Bitcoin had decentralized money. By dramatically reducing the risk of losing access to wallets, Dfns set out to assist founders, developers and their users in creating a safer, more delightful financial experience than ever before.
Today, our mission at Dfns isn't just to build the best wallet management solution for web3; it's to unlock the full potential of crypto and ignite a new era of financial freedom and inclusion for all. Securing wallets is just the first step. We envision a future where crypto, as the internet's native currency, powers frictionless transactions, removes financial barriers, and fuels economic growth. This future is instant, permissionless, and programmable. Investments will flow like emails, and wallets – not passwords or bank accounts – will be universally accessible. In this revolution, Dfns is at the forefront. We will support every application with secure crypto features, paving the way for a wallet-first internet. Imagine the possibilities: effortless micropayments, borderless remittances, increased borrowing capacities, new means of monetization, financial independence, and much more. This is the future we're building, one line of code at a time.
In the rest of this post, we discuss six ideas that guide us on our journey.
Getting Started
- Get started today by exploring our docs, Github and sandbox.
- Listen to Jonathan Katz's talk at DeCompute 2023 on our network-hosted key (NHK) model.
Facts and Figures
- Dfns is a cybersecurity company developing the most secure wallet-as-a-service platform in web3.
- Since 2021, Dfns has created over 1 million wallets, securing more than $500M in digital assets and handling $10M in monthly crypto transactions.
- Dfns features clients such as Fidelity, Zodia Custody, ABN AMRO, Tokeny, FIFA, Nilos and 70+ other fintech startups and financial institutions.
- Dfns raised over €20M from White Star Capital, Hashed, Susquehanna, Fidelity, Coinbase, Semantic, Wintermute, Bpifrance, Motive, 6MV, etc.
- Dfns employs 30 people (engineers, security experts, cryptographers) in the EU and US.
- Dfns develops the world’s fastest MPC protocol developed by a team of academically recognized cryptographers.
- Dfns is SOC 2 Type II certified by Deloitte and audited by Kudelski Security, Redacted, Yogosha, and Distrust.
Key management is hard
Despite their rich history, cryptographic keys are still mistakenly viewed as old news by many. As technologies and processes evolve, so too must the protections surrounding them. This is particularly true in finance for instance, where blockchains are currently driving a radical digital transformation. In today’s new financial reality, cryptographic keys are everywhere and outshine the role they’ve had so far in the evolution of the internet.
One should look at this transition from web2 to web3 as a metamorphosis of the internet: from a transparent, open-air market of information to an encrypted one. While web2 thrived on the free transmission of messages across public networks, web3 ushers in a new era of ownership and control built atop blockchains. These chains revolutionized the game by making cryptography not just an afterthought, but the default mode of communication. Messages are no longer exposed for all to see; they're exclusive by design, accessible only to those who hold the keys to unlock their secrets. Unlike email protocols, the integrity of messages on the blockchain is cryptographically protected. This is transforming our experience of information exchange.
Today, blockchain private keys are turning into the house keys of our digital lives, encompassing passwords, finances, communication, and other valuable assets. The way we manage them demands urgent refinement. Key management is no longer just about mere data storage or cloud bills; it's a complex mix of functionality, compliance, infrastructure, and software integration, all under the spotlight of the stringent security and cryptography standards. This challenge intensifies when trying to secure keys in hostile environments and guarantee reliable access amidst disruptions.
Blockchains hold immense promise, unlocking new design possibilities and empowering people with data ownership. But a dark cloud looms as we consider migrating sensitive data on-chain: the uncontrolled proliferation of keys. With over 500 million crypto users in 2023 (Statista), Dfns warns of a ticking time bomb – the alarmingly inadequate technologies, procedures, and legal frameworks governing key generation and utilization via applications and services. Widespread reliance on insecure, randomly generated keys poses a grave threat, introducing vulnerabilities across the web and exponentially increasing the risk of asset loss. This risk is further amplified by the immutable nature of blockchain transactions, making asset recovery difficult and at times near impossible. Key management was already hard, web3 made it harder.
Our journey towards secure key management began with a realization: users and developers were dangerously undervaluing security in crypto. By 2020, a staggering 20% of all Bitcoins in circulation – a $200 billion monument to negligence – had been lost*. While the philosopher Seneca cautioned, "To err is human, to persist in error is diabolical," we believe the true human condition is condemned to repeat mistakes. Today's crypto landscape, riddled with insufficient due diligence, casual approaches to security, and complex projects entrusted to inexperienced hands, paints a concerning picture. Frequent and severe security breaches seem inevitable to us, threatening to set back the industry's progress.
This is why we are dedicated to building robust solutions that prioritize secure key management. Human errors can and will always happen; systems must embrace that fact and prioritize user safety without jeopardizing security. Harshly penalizing users for their mistakes is a fundamental design flaw in blockchains. Like most ideas, self-custody is subject to what the ancient Greeks called “Pharmakon”, a complex and multifaceted concept that can mean both "remedy" and "poison," reflecting the understanding that the same substance can both cure and cause harm. Technology should help people and organizations to break free from the cycles of vulnerability. At Dfns, we believe in safety nets that safeguard users and developers from themselves without introducing new vulnerabilities off the back of naive trust assumptions. Our goal is to enable people to confidently manage digital assets through error-proof blockchain key management.
Decentralize, but slowly
Crypto is hailed as the next generation of financial technology, but we shouldn’t forget their roots lie in the cypherpunk movement, an anarchist community championing individual freedom and self-sovereignty as vectors against power abuse. Early crypto proponents and investors were schooled to view centralized, Leviathan-like power structures with suspicion, valuing individual autonomy above all else. The core innovation of blockchain, its application to finance, identity, and other crucial aspects of life traditionally controlled by powerful institutions, aimed to achieve something unprecedented: giving back existential data squarely in the hands of individuals, facilitated and ensured by a decentralized global computer. This represented a radical departure from the historical norm, where control resided with states, churches, banks, and corporations.
Bitcoin's emergence in 2009 wasn't simply a technological innovation; it was the culmination of a decades-long yearning for a different financial system. The ashes of the 2008 financial crisis fanned the flames of the cypherpunk movement born in the early 1980s. These digital pioneers stood up for strong cryptography and privacy-enhancing technologies as tools for social and political change, with a singular ambition: to dismantle the centralized banking system they thought had betrayed its core purpose. For the cypherpunks, 'decentralization' wasn't just a technical term; it was a battle cry. It promised freedom from the perceived ills of centralized power: corruption, abuse, surveillance, and the very injustices that triggered the 2008 meltdown. Bitcoin, then, wasn't just a digital currency; it was a revolution in code, fueled by the raw will to liberate people and overthrow the financial edifice deemed responsible for pandemic suffering. However, this movement changed over time. Early adopters, the "crypto pioneers," harbored strong, uncompromising views about the world, shaping the original ethos of the community. The new waves of entrants, drawn by the promise of a decentralized future, inevitably adapted to this established culture. However, as the newcomers grew, their sheer presence diluted the influence of the initial core group, which flipped the power dynamics. This phenomenon echoes throughout history, mirroring the growth curve of every major industrial revolution.
To some extent, the rise of crypto is a replay story of the internet’s early days. Both technologies were countercultural desires for decentralization and liberation from established structures. The internet, envisioned as a refuge from government and corporate control, bears striking parallels to blockchain's ambition to bypass the traditional financial system. Just as the internet promised to revolutionize communication and commerce, blockchain wants to do the same for finance and governance. Also, the early internet movements, like their crypto counterparts, were fueled by fervent believers who saw their creation as a tool for democratizing information. Innovators like Tim Berners-Lee, Richard Stallman or Joseph Weizenbaum fiercely advocated this vision, often clashing with the tech giants – Microsoft, Apple, Google, etc. – who ultimately went on to build the platforms delivering the internet to people. This tension between idealistic innovators and pragmatic business leaders, exemplified by Linus Torvalds' "fk you, Nvidia" speech, persists to this day. The heated debates between open-source purists and those who scaled the internet through commercialization are now echoed in the crypto world.
To be perfectly clear: if Dfns could have created an optimal blockchain tailored for on-chain key management—solving business continuity issues with tokenomics that guarantee incentivization for signing participants—we would have done it on day one. The state-of-the-art couldn't support such an invention back then, and the market prioritized speed, scalability, cost-effectiveness, and privacy above all. So, we sought a balance between decentralization and performance. We aimed for "good enough" decentralization without overcomplicating things, while ensuring a frictionless experience for users and developers. As Anatoly Yakovenko, co-founder of Solana, wisely said, "Decentralization for the sake of feeling good won't disrupt traditional finance. It has to be faster and cheaper. That's how technology wins." In the same vein, we decided to build an off-chain, permissioned peer-to-peer network utilizing multi-party computation (MPC) alongside traditional public key infrastructure, instead of building atop smart contracts and consensus mechanisms.
From a pure Buterinian viewpoint, our engagement in this “workaround” direction signified a loss of values and a deviation from the principles of decentralization. The fierce opposition towards MPC-centric infrastructure on X last year, following Vitalik Buterin's ERC-4337 announcement at EthCC 6.0, exemplified this. The criticism directed towards off-chain MPC wallet solutions, solely based on their lack of involvement in Ethereum's own development, sounded a bit like McCarthyism. But quickly thereafter, the hype surrounding Account Abstraction faded away as projects met limitations. High costs, slow execution, regulatory uncertainty and cumbersome user experience exposed the feature's immaturity, shattering the idealistic vision of many. This episode serves as a humbling lesson, showing how unchecked idealism can become yet another word for inefficiency.
Now, we don’t want to throw the baby out with the bathwater. While centralization has served its purpose, its inherent vulnerabilities – concentrated control and unpredictable human behavior – have been exposed by all-too-many disasters, from Mt. Gox to FTX. This, understandably, has placed decentralization at the forefront, not as a definitive replacement, but as a necessary shift to mitigate the single points of trust. Nevertheless, it's crucial to recognize that decentralization remains largely theoretical until it translates into a practical system where participants actively manage keys in a redundant, reliable and self-serving manner. Such systems are challenging to build, as evidenced by the many attempts that have fallen short. We won’t name companies or protocols, but we have tried to categorize the causes of failure among on-chain key management projects:
- The “eyes-bigger-than-stomach” approach: Some sought to build new blockchains, often leveraging Tendermint or Substrate, in the aim to replicate Ethereum's success. They got funded on a deck promising listed tokens and community building. However, attempting an Ethereum remake, not as a ledger, but as a key storage solution, presented some issues. Persuading users to validate a ledger they can't control is one thing; doing so for storing keys – essentially entrusting anonymous validators with the access to one’s digital assets – is a different task entirely. Keys require rigorous security which is not best served by permissionless networks, where a laptop could be potentially used as a storage medium. Also, permissionless systems clash with many regulatory requirements related to custody laws. Finally, needless to say that building a complex decentralized system is fraught with technical hurdles: scalability, network latency, and resource management that have negative impacts on performance and user experience.
- The "pie-in-the-sky" approach: Some fell into the trap of believing they could solve key management issues by meticulously architecting the "perfect" solution on paper and then implement it. This approach involved a mishmash of strategies: copying solutions due to lack of know-how, underestimating the complexities of product development and cryptography, and a dash of overconfidence in their own design. All of them eventually went down a perilous path, building costly and time-consuming spaghetti bowl systems that were inflexible to run. Once these systems were in place, modifying them became nearly impossible, forcing them to pile on features like layers of tangled yarn. The result? Labyrinthine software riddled with idiosyncrasies that failed to meet the actual needs of the market.
- The "fake-it-till-you-make-it" approach: Some just mask their centralized systems with marketing. Controlled by a few developers, these systems are only projecting the illusion of decentralization and hoping that people won’t ever debunk their lies. Despite claims of distributing power, single points of failure persist in many critical areas of their product. No need to elaborate on this approach, but it's worth noting that typical proponents are junior developers who over-promise on technical prowess. Their method often involves throwing around buzzwords in websites and presentations to mask a lack of substance. No PhDs, substantial investments, proven successes, large teams, or major clients – yet they claim to revolutionize complex systems with flimsy concepts and barely functional API wrappers built over unaudited open-source libraries. Businesses, beware – such projects are more prevalent than you might think.
- The “beat-around-the-bush” approach: Some simply lack key management solutions, yet pepper their marketing with keywords such as "keys," "wallets," and "MPC" to create a comprehensive infrastructure facade. Driven by the sale of adjacent services like wallet authentication or RPC node hosting, they attempt to lure people by posing as do-it-all suites. However, the facade cracks under scrutiny. They resell basic key management services (think AWS) under fancy wallet labels, or offload wallet responsibility onto users and expect them to connect their third-party wallet to their application, which they then claim as their own wallet offering. Adding to the red flags, these projects often dodge the topic of pricing. They shower you with freebies, promising to discuss costs later, which raises serious concerns about their long-term viability.
Let's manage our expectations. Shifting to decentralized frameworks cannot happen overnight. It's a gradual, iterative process requiring the integration of innovative software from web3 and established technologies from web2. Striking a balance and making careful trade-offs is crucial as we navigate this path. Remember: decentralization is as much about the destination as it is about the well-paced, deliberate steps we take to reach it. It’s not a silver bullet. Rushing into it naively can introduce unnecessary complexities and inefficiencies. That is why decentralization should be progressive, taking measured steps and prioritizing long-term viability. It should start small and scale thoughtfully.
We are strong believers in decentralization, though our approach differs from that of blockchains due to our distinct roles and goals. Some might assume that there is a one-size-fits-all kind of decentralization, whereas it can take many forms. For instance, multi-signatures require multiple parties to approve transactions, eliminating centralized control. Multi-party computation is another cryptographic protocol that offers even more decentralizing options, balancing privacy, efficiency, and business continuity. MPC can involve wallet owners in the approval process, or not; and the desired level of decentralization can be achieved by changing the number and the threshold of mandatory signers. See? Decentralization is a process that takes incremental steps and intermediary forms before eventually reaching programmatic self-sustainability through blockchains.
From the outset, Dfns committed to translate decentralization as a principle into an actionable gradual roadmap, with several milestones dotting the horizon. Here are some of them:
- Enclaving authentication and signers so no individual can bypass cryptographic controls or usurp key ownership.
- Distributing signers across data centers and diversifying root access to key shares across multiple environments.
- Extending key management network to different external organizations and deploying key shares locally on prem.
- Leveraging blockchain to enable on-chain key management for transaction signing and recovery workflows.
Continuity over security
The "security first" mantra has pervaded boardrooms and IT departments for a very long time. As a result, digital defenses have never been higher: firewalls are strong, passwords complex, systems on alert. Yet, the main vulnerability remains in plain sight: the human factor. No matter how much better security systems become, we still click on the wrong links, reuse passwords, and fall for scams. The innate fallibility of users continues to be the most significant weak spot in any security model. Building unbreachable fortresses is a losing battle – sandcastles against the tide of human error. So, let's face it: mistakes happen. Security needs to be real, not perfect. We must focus on picking up the pieces fast, and not on the development of an impossible shield.
Dfns emerged to address the persistent issue of users losing keys and access to their funds. As such, human errancy, even among the most tech-savvy and security-conscious engineers (as recent cases of Luke Dashjr and Stefan Thomas illustrate), is baked into our design philosophy. From our standpoint, designing the most secure key management solution for both developers and their users, we cannot think to ourselves that we will assist every person on the internet and protect them from themselves all the time no matter what they do: the scenarios are too many. Instead, we prefer designing a product that makes it ok to commit errors.
Accidental deletions, misconfigurations – these aren't anomalies, but very predictable events. Remember the 2021 Colonial Pipeline attack? A single phished employee triggered chaos. This, and countless similar incidents, break the illusion of impregnable security. Encryption can't stop a click on the wrong link, nor flawless software withstand social engineering. Consequently, the questions become: (1) What threats are we protecting against? and (2) How can we guarantee fast, healthy recovery? The destruction of defenses is fine, provided that for every conceivable scenario, there exists a contingency plan that sustains business operations.
To tackle the challenge of securing wallet keys, Dfns came up with a dual security approach we call the Network Hosted Keys (NHK) model, different from traditional User Hosted Keys (UHK). In the UHK model, keys reside solely on the user's device, placing the entire responsibility of key protection on the user. This carries the inherent "game over" risk of key loss and potential fund inaccessibility. Our NHK model, in contrast, introduces a dual-layered architecture composed of a distributed peer network dedicated to storing private keys and an API designed to securely separate daily operations from the direct handling of the private key. This abstraction layer ensures that even if a user's passkey to the API is lost or compromised, the private keys remain secure within the decentralized network. From a potentially catastrophic event, the loss or hack of a passkey becomes a minor, recoverable incident.
Legos, not monoliths
We entered this space with strong convictions, some of which remain pillars of our philosophy. Others, however, we've learned to adapt. Take key export. For a long time, we promoted a zero single point of failure policy, viewing key export as a backdoor undermining the decentralization we worked so hard to accomplish. However, in trying to protect the key to the utmost limits, we inadvertently created a vendor lock-in that was perceived as a risk for clients. So, after careful deliberation, we designed and implemented a controlled key export feature. It's a calculated risk, but one developers willingly accepts, considering the alternative — vendor lock-in — far riskier.
Our point is that all the stories around lost keys and hacked wallets led us to believe that ‘crypto needed a hero’, though the reality is more nuanced. Organizations have different risk tolerances and security needs, necessitating a flexible, modular approach. Some companies are security powerhouses, already wielding best-in-class practices. For them, assistance wouldn’t be useful, but rather specialized solutions and on-premises deployments to meet rigorous regulations and business demands. They seek no saviors, for they’re already the guardians of their clients' trust. Others, however, yearn for fully managed services to offload the burden of key management. Ours is not a one-size-fits-all endeavor. Today, we empower developer teams at every stage of their security lifecycle, equipping them with tailored tools and timely expertise. Our platform is meant to foster their security and allow them to become responsible stewards at their own pace.
This is where wallets go beyond keys. The level of composability aspired to by crypto projects is remarkably granular, nuanced, and challenging to implement. This complexity reflects the nature of crypto today: a vast, open-ended experiment where most attempts go wrong. Facing constant disruptions – technical novelty, regulatory ambiguities surrounding new financial instruments, shifting user behaviors, emergent vulnerabilities, peak hours tied to market volatility, and more – developers crave interchangeable building blocks. We understood this and started envisioning Dfns as a toolbox of Lego-like components. Effortlessly swappable and endlessly upgradable, they offer the agility to navigate the ever-shifting terrain of crypto and digital asset applications. Composability grants more freedom to builders through independent, vendor-agnostic tools. As customer research yields fresh insights and shapes future roadmaps, developers are no longer prisoners of terrible undo-redo cycles, liberating them from wasted time and ultimately propelling organizational progress.
At Dfns, we see composability as not just a technical principle, but also a deep commitment to open-sourcing libraries and technology. Permissive licenses like MIT and Apache are our tools for fostering collaboration, ensuring everyone has the building blocks they need to contribute and innovate. It’s a reminder to all infrastructure providers: we're all in this together, working to expand the crypto pie. Embracing and advancing standardized technologies and practices is the key to unlocking scalability and widespread adoption. This spirit of openness is the lifeblood of composability, powering rapid iteration and collaborative breakthroughs in wallet development. Leading by example, Dfns started by rolling out our audited CGGMP21 Rust implementation, putting the power of secure MPC protocols into the hands of the ecosystem. And this is just the beginning, as we will keep open-sourcing more features in the years to come.
Now, composability is not a magic pill. Setting it up can be more intricate, and poorly designed components can create integration headaches. However, the long-term advantages of flexibility, adaptability, and open innovation eclipse these initial bumps. Ultimately, the choice between composable and opinionated software hinges on your specific needs and priorities. But if you prioritize flexibility, freedom, and long-term durability, then composability presents a compelling pathway to building truly adaptable and future-proof applications and services.
Wallets start as silos
When we think about wallets today, people mix up a lot of things. A common misconception is to think that wallets should aggregate all digital assets across every app into a single interface. The concept of a universal wallet for all digital assets is interesting, but it overlooks the diverse needs of average users. While appealing to investors and traders who juggle multiple accounts and intricate financial activities, this centralized approach might not resonate with everyone. For most people, everyday financial tasks revolve around basic saving, spending, and earning, for which a single app is enough. The "cool factor" of an all-encompassing wallet doesn't necessarily translate to universal utility. In fact, some people and businesses choose to separate their accounts for various reasons based on diverse financial lifestyles.
We actually love siloed keys. While interoperability between apps and chains seems like a good problem to solve for the future, we are passionate about deploying wallets on a per-application basis. In our mind, each silo represents a step towards crypto mass adoption. We believe these silos simplify crypto interactions for newcomers, whether it's their first encounter or simply a smoother experience. Prioritizing onboarding and user experience in these insular environments aligns with the view that a positive initial journey into crypto is paramount before tackling the complexities of multi-chain interaction. This gradual approach allows users to acclimate to the world of crypto at their own rhythm, building a strong foundation before navigating the intricacies of a blockchain ecosystem with all its protocols and standards.
Portability and interoperability are attractive long-term goals for crypto wallets, but they’re not the immediate priorities for most users. The reality is, people's finances are already fragmented across various accounts and apps, often for valid reasons. When it comes to crypto, especially for beginners, the desire is often for a simple, single-app entry point – not a complete financial overhaul. Crypto isn't yet ubiquitous, and the dollar remains the dominant currency in daily life. Therefore, suggesting that people are currently seeking a hyper-connected experience where grocery shopping involves apartment token sales and airport customs involve presenting NFT passports might be a bit ahead of its time. While the vision is exciting, it's crucial to acknowledge the current landscape and prioritize features that address users' immediate needs and preferences within the existing financial ecosystem.
People will want to consider crypto as yet another asset class mostly, so they will choose one provider that will act as a silo, an island, a trampoline, a first step into web3. We need to build many of those because that’s what’s going to accelerate the onboarding of “one billion users”. Once they are in, but also once applications and use cases have gone much further into real life economy than what they are today, delivering deep and true value for people, only then will interoperability play a vital role. In other words, we need to learn to gauge the right timing to ask for things and focus on one thing at a time. We still got time on this one.
To most newcomers, crypto will initially appear as another asset class. Their first steps will likely involve choosing a user-friendly wallet as their access point. Embedding wallets into various platforms addresses this essential need and could significantly accelerate onboarding of the "next billion users". However, the true power of interoperability will only shine when web3 applications and use cases seamlessly integrate to the economy, offering tangible benefits that go beyond today's experimental phase. Only then will the demand for seamless interaction between platforms truly gain traction. Until then, patience and hard work are our best friends.
But once we reach the point where valuable digital assets travel instantaneously between apps, a question remains: Is the private key the right method for accessing digital assets? We believe it’s not. Identity, in our vision, is a much better suited candidate to secure transactions. Envision a web3-native Plaid for decentralized identities, where wallets effortlessly nestle under a parent identity through a dedicated data protocol. This layer, powered by biometrics, KYC data, and other verification options, securely links various wallets to your personal identity. This, to us, surpasses the chain-centric approach that gambles on the singular rule of one blockchain.
We wholeheartedly agree that seamless cross-blockchain interoperability is the ultimate goal, but it's undeniably a complex challenge. Imagine the convenience of managing all your funds, identity documents, and even car keys within a single, unified wallet secured by a decentralized key manager. That would be ideal. However, achieving this level of interoperability requires a concerted industry-wide effort, not a quick fix. Sure, workarounds exist. Some wallet managers might offer simulated interoperability by linking your accounts across different blockchains through a centralized database. Others might integrate with WalletConnect and claim to have solved portability while merely piggybacking on Ethereum's messaging capabilities. That’s too easy. Instead of overselling temporary solutions, we’d rather prioritize user-friendly onboarding experiences within blockchain-specific applications. This then lays the groundwork for a thriving ecosystem by simplifying the initial journey, attracting new users, and paving the way for future exploration of interoperability. Let's not overwhelm new users, let’s guide them step by step and ensure a smooth and rewarding experience on their path towards crypto.
Developers run web3
Electric Capital's Developer Report indicates there are nearly 7,000 developers and 23,000 monthly active developers in crypto as of today. When faced with the estimated millions of developers in fintech and traditional banking globally, reality hits: crypto is still in its baby phase. This burgeoning technology craves every ounce of developer interest and expertise to not only survive, but flourish. We're likely one perhaps two developer generations away from widespread crypto adoption, potentially beyond 2030. Until then, it's all hands on deck if we are to prepare for the infrastructure and groundbreaking applications that will solidify this ecosystem's future.
From the very beginning, Dfns has been laser-focused on building the most developer-friendly wallet toolkit in web3. We believe that empowering developers to create exceptional applications is the way to unlocking crypto's full potential. In turn, thriving user communities will benefit from these innovative tools. We acknowledge the appeal of absolute self-sovereignty, but uneasy lies the head that wears the crown. Managing the security of keys demands considerable expertise and responsibility most users neither desire nor can realistically shoulder. Most individuals seek reliable, fully-managed services with robust guarantees, not the hardship of acting as a CISO. Should they attempt self-custody without adequate expertise, the consequences could be dire – millions lost to hacks and key mismanagement. We turn to developers to solve this problem.
Developers are the silent manufacturers of the crypto world, building the secure infrastructure and user-friendly tools that millions will rely on. From intuitive wallets and robust platforms to secure protocols, developers safeguard users from common pitfalls and simplify crypto asset management. While individual users can take steps to protect themselves, developers have the power to safeguard millions of users. Equipping developers with safe, pre-built wallet solutions will help the market unlock its potential and empower users to embrace crypto with confidence.
Most developers, wisely, prefer not to reinvent the wheel. They focus their energy on building what hasn't been adequately addressed before, leaving complex components like secure key management to established solutions. It's simply not efficient to compete with years of expertise and robust existing tools. This pragmatism leads developers to seek reliable, time-tested solutions to integrate into their stacks. Unfortunately, crypto hasn't always offered ideal options. Legacy practices like wearable hardware, multi-signatures and browser-cacheable keys have dominated so far. Finding tools that strike the balance between ease of use and robust security has been a frustrating challenge for many developers. But all that was before Dfns.
References
- German Programmer Could Lose $200 Million if He Can’t Find His Bitcoin Keys (BeInCrypto)
- Tens of billions worth of Bitcoin have been locked by people who forgot their key (NY Times)
- Bitcoin core developer claims to have lost 200+ BTC in hack (Cointelegraph)
- 2023 Developer Report (Electric Capital)
- CGGMP21 Rust implementation (Github)
- Key export activation (Github)
About Dfns
Dfns is the leading wallet-as-a-service platform in web3. Startups, enterprises and financial institutions use Dfns to create, embed and manage programmable wallets at scale powered by the fastest, most advanced MPC technology in the world. Built by PhDs and experts in security and cryptography, Dfns is leading research in threshold signatures applied to keys. Since 2020, Dfns helped ABN AMRO, Fidelity, Zodia and many others to create over a million wallets. We’ve raised over $25M with White Star Capital, Motive, ABN AMRO, Bpifrance, Coinbase, Semantic, Wintermute, Figment, Motier Ventures, Hashed, 6MV, Susquehanna and others.
