TWEETSTORM is an occasional feature on decentralize.today where we share threads, mostly from Twitter, that we think deserve a wider audience, some are informative, some educational, some amusing and others yet are controversial...we dig these out for you so you don't have to!
1/ Earlier this week, @Coinbase launched a web3 browser built directly into its main mobile app, powered by MPC tech that eliminates the need for you to manage your own keys.
Here's why it's a big deal.
2/ @Coinbase already provides a way for you to explore web3 via our self-custody wallet, @CoinbaseWallet. I am a huge fan of self-custody (non-custodial) wallets. In fact, that's why I am at Coinbase—my web3 wallet startup @CipherBrowser was acquired by Coinbase in 2018.
3/ If you are technically savvy, and know how to backup and protect your key (recovery phrase) securely, I still recommend you to use a self-custody wallet like @CoinbaseWallet, optionally in conjunction with a hardware wallet like @Ledger, which we now support.
4/ @CoinbaseWallet is also just an awesome wallet. It's truly multi-chain—in addition to @Ethereum, it supports other EVM chains like @0xPolygon, @Arbitrum, @OptimismPBC, @GnosisChain + more, and even other chains like Bitcoin, @Dogecoin and @StellarOrg.
5/ The "Not your keys, not your coins" adage is admittedly a bit dramatic, but I agree that some dose of paranoia is very healthy in crypto, which still looks like the Wild West sometimes.
6/ That said, key loss was still one of the most frequent support requests we received from @CoinbaseWallet users. People misplace or lose their backup recovery phrase and come to us, but unfortunately it is impossible for us to recover your keys. It feels bad, man.
7/ What do you do with your recovery phrase? Do you carry it with you? Do you leave it at home? Do you keep it in a safe deposit box at a bank? What if you get robbed? What if your house burns down? Do you trust your bank? Can you trust anyone?
8/ We explored other options like social recovery, but who can I trust? Do they understand what they're doing? What if they lose or replace their device and forget to tell me? If we want to onboard a billion users to this platform, self-custody was simply not going to work out.
9/ For most users, we strongly believe that your @Coinbase account, with a secure password and 2FA is still the most secure way you can store your crypto. But, until now there wasn't much you could do with your funds stored in @Coinbase other than buy, sell, send and receive.
10/ The biggest reason your @Coinbase account is really secure is also why it isn't (wasn't) so flexible like self-custody wallets—to prevent theft, we store almost all of the assets under custody in an extremely secure cold storage system that is never connected to the Internet.
11/ A hot wallet system on the other hand, is connected to the Internet, so it's inherently less secure. Unfortunately, you need hot wallets to provide unrestricted access to the web3, but we weren't willing to put billions of dollars at risk by having them in normal hot wallets.
12/ We needed to build a system that does not put your funds at risk even if our hot wallets were to get hacked, however unlikely that may be. We needed something that has the benefits of both self-custody wallets and @Coinbase-secured wallets.
13/ Our solution to the problem was a "semi-custodial"(in quotes) wallet system. The idea is pretty simple: the user keeps some key material on their device and Coinbase keeps some key material. Both are needed to use the wallet. If only one party is hacked, funds are still safe.
14/ But what if the user loses their device? Well, it allows for different backup and recovery options. The backup could be in a cold storage system or with a third party. Just like the key materials held by the user and Coinbase, the backup alone can't be used to transact.
15/ We explored various options ways we could implement this new system. A smart contract wallet was considered, but was quickly rejected due to reasons such as high gas overhead and inability to sign messages, but most importantly the fact that it is specific to a blockchain.
16/ The solution we decided on uses multi-party computation or MPC for short. It uses advanced cryptography to enable multiple parties to interactively and collaboratively sign things like transactions without having to let anyone have the full key at any given time.
17/ Coinbase's MPC system that was built in-house supports both ECDSA/secp256k1 and EdDSA/ed25519, and hence it can handle cryptographic signing for almost any blockchain out there. There is also zero gas overhead. To the blockchain, an MPC wallet looks just like an EOA wallet.
18/ A MPC-powered wallet (we call them dApp wallets), can support anything and everything a normal self-custody wallet can. Not just sending, receiving and trading, but also using dApps, DEXes, storing and trading NFTs, voting in governance, yield farming, web3 games, etc.
19/ Work is currently under way to enhance all of our products with this new tech. Are you an NFT trader, and you're worried about keeping your keys safe? Are you an institution and you need secure custody but still want to use your assets in web3? DApp wallet solves this.
20/ The possibilities are endless. This technology is the first of many things we are building at @Coinbase that enables us to become truly web3-native. hi crypto frens, coinbase doesn't sound like a boomer company anymore, does it? lfg!
21/ Are you excited yet? Thanks for taking the time to read this thread.