Custody, security, and encryption in cryptocurrency wallets

Wallet custody overview

In the context of a cryptocurrency wallet, custody of your wallet refers to who ultimately has control of the assets. The type of custody is determined by two main factors:

1. Does a third party (other than the user who owns the wallet) possess access to the keys to sign transactions on your behalf?
2. Can a third party deny you access to your wallet, either maliciously or as a result of system failure?

If the answer to either of these questions is “yes”, then a wallet is considered custodial; if both answers are “no”, then a wallet is considered non-custodial or self-custodial.

Custodial

With custodial wallets, a third party (for example, a cryptocurrency exchange like Coinbase) maintains raw access to your wallet keys, and therefore always has access to all crypto assets in your wallet. While this third party may be doing everything in their power to protect the wallets they control, a data breach, software bug, or court order could put your assets at risk. For instance, the infamous Mt. Gox hack discovered in 2014 resulted in the loss of over $460 million in users’ Bitcoin¹ (worth over $30 billion at today’s prices) due to the exchange having direct access to the keys to users’ wallets. Beyond a cyberattack, the third party could simply suffer a system failure and lose your wallet keys (either temporarily or permanently), denying you access to your assets.

Even if a third party claims that all wallet keys are stored encrypted, they use at-rest encryption where the encryption is performed with a key controller by that third party. This is certainly better than leaving the keys unencrypted, but does not solve the fundamental problem of the third party having access to the keys at all times - you’re betting your critical assets on them not using that access or accidentally turning it over to an attacker.

Third-party control of wallets does come with a few benefits, however:

• If you die, your assets can be transferred to your heirs through normal inheritance processes
• Automated orders on can be placed on your behalf, such as buying or selling when a specific price is reached or automatically managing your investments to earn you stable returns
• If you ever lose your password, that party can simply restore access to your wallet (hopefully after performing adequate identity verification), as they’re ultimately the ones with the keys

Non-custodial

With a non-custodial wallet, your wallet keys never leave your device (your phone, computer, or a dedicated hardware wallet, for instance), and thus it’s almost impossible for your assets to be lost or stolen as a result of a third-party service being hacked or compromised. Transactions are signed locally on your device and then submitted to the blockchain network for processing, without your keys ever leaving your device.

While much more secure, this approach also comes with a significant drawback: if you lose your device, the assets in your wallet are irretrievably lost as you’re the only one who had access. Most non-custodial wallets have you store a seed phrase as a recovery method, but this is equivalent to printing out your wallet key - you have to store the seed phrase securely enough where nobody but you can access it, but it must also be readily accessible if you lose your primary device. There are quite a number of instances of even technologically savvy people losing large amounts of cryptocurrency assets because they lost both their primary device and recovery methods, including a UK-based IT professional who is still trying to search landfills for his hard drive containing over $300 million in Bitcoin².

Further encryption of the keys in a non-custodial wallet can certainly add an additional layer of security onto a hardware wallet or mobile app, but then also adds one more point of failure if those keys (or their recovery methods) are lost or stolen.

The best of both worlds

So, is there a way we could combine the security benefits of non-custodial wallets with the usability and recovery methods of custodial ones? Simply backing up your seed phrase or private key with some other third party (like placing it in cloud storage such as Google Drive or Dropbox) is the same as trusting that provider with your crypto, and if you or they use end-to-end encryption to further protect your data, you’re right back to needing a recovery method for that encrypted data that won’t be lost or stolen.

Luckily, this is where Bunkyr comes in. By securely generating a recovery key from social sign-in methods including Google and Apple, the recovery method for your wallet is something you use frequently and utilizes industry-leading security features (two-factor authentication, suspicious login detection, etc.). Bunkyr generates these recovery keys from multiple distributed sources of information and never even has access to the actual wallet keys (which are stored by the wallet service provider and encrypted with the recovery key), so even if there is a compromise there’s no risk to cryptocurrency assets.

Bunkyr enables a non-custodial wallet service provider to get rid of seed phrases while still allowing the owner of the wallet (and only them) to securely recover access to their wallet keys. At the same time, custodial wallet providers can continue to offer the same set of user-friendly features while dramatically increasing security by using Bunkyr to move to a more non-custodial model. And since Bunkyr is simply a recovery method, a service outage or system failure on our end cannot prevent users from accessing their wallets through their normal login methods.

Integrating with Bunkyr is easy, and ensures both the security and usability of cryptocurrency wallets. Reach out to our engineering team today for more information or to schedule a demo.