The FTX fallout proved the counterparty risks inherent to crypto custodians
There is a huge opportunity to build smarter self-custodial systems, including hybrid custody
Safe commits $1,000,000 in grants for teams building better alternatives to custodial solutions
In a painful way, FTX taught us a lesson last week. We’ve been preaching slogans like “Be your own Bank” or “Not your keys, not your coins” for years. Yet still, a large amount of our industry relies on centralized custodians.
To some extent, what happened to FTX is not much different to what happened to banks during the Great Financial Crisis in 2007/2008. Back then, governments all over the world had to bail out banks that speculated too aggressively. This was the very reason Bitcoin was created in the first place, laying out the path for the web3 movement. But we have merely replaced banks with centralized exchanges and custodians, that won’t even get to benefit from a government bailout.
So we need to go back to the roots of the web3 movement. We need to reduce counterparty risk and let users take ownership of their digital assets. It’s time to recalibrate to self-custody as a default.
The value of self-custody goes way beyond just reducing counterparty risk.
In 2020, I was asked to do the closing remarks for a roundtable of the International Association for Trusted Blockchain Applications (INATBA). In the remarks to the industry alliance I pointed out why self-custody is essential for the digital assets industry. Here’s a summary:
Open platforms: Centralized custodians are locking users into their own platforms. This creates closed-off ecosystems that restrict the user’s control and force them to only use the services offered directly by the custodian. Self-custody enables open platforms that are inclusive and do not need anyone's permission to enter or exit.
Market integrity and stability: Centralized custodians often lack transparency and co-mingle user assets. This makes it difficult to assess risks and foresee abuse or fraud. Self-custodial systems are, by design, open and transparent. This creates resilience and reduces the risk of market manipulation.
Consumer protection: Self-custody turns the “Don’t be evil” slogan into a “Can’t be evil” reality. Lower switching costs and censorship-resistant systems enable choice and provide sovereign finance and identity.
Permissionless innovation: Centralized custodians use proprietary infrastructure and run walled garden systems, which stifles innovation. In contrast, the composability and open-source nature of self-custody systems create much greater interoperability and efficiency through competition.
While self-custody is overall a net positive for the industry, it comes with its own challenges.
The way most people do self-custody today is still quite primitive. They use so-called Externally Owned Accounts (EOAs) which are low-level user accounts of blockchains. The issue with these accounts is that they create a single point of failure. A private key gives users full control over their digital assets, without any intermediaries. But these private keys also create huge risks. Private keys often get lost and are prone to hacks and phishing attacks.
This is the very reason most users default to custodial services. They want the perceived security and the element of comfort that comes with someone else taking care of the custody. We have to face it - most users just do NOT want to be their own bank.
This is a problem we, at Safe, have been working to solve for over 4 years. We want to make self-custody more accessible and make the move away from centralized custodians less scary. We have already onboarded north of $40B in digital assets into Safe accounts. And alone in the days after the FTX collapse, another $1B in assets has flown into Safe accounts in a flight to self-custody.
Safe is making self-custodial wallets smarter by moving user accounts to the smart contract level. This means the logic of the account, (i.e. who has access to it and under what circumstances) is defined in a smart contract - not the blockchain. As a result, accounts are becoming fully programmable and can be adjusted to different user needs.
Today, Safe is still mostly known as a so-called Multisignature Wallet or Multisig. This is a way to configure a Safe account so that it is controlled by multiple private keys concurrently. And a subset of these private keys has to confirm any blockchain transaction before it can be executed. This has obvious benefits for teams managing digital assets together, as they can implement checks and balances on-chain. But Multisigs are also useful for individuals, enabling 2FA systems or just distributing access to an account across multiple devices.
While Multisig is a prime use-case for Safe, the underlying Safe Protocol is designed using a fully modular architecture. So developers can build vastly different types of access/control and permissions systems into a Safe account. You can think of this like running different programs on a computer. But in this case, the programs are rules and validation schemes that the account is adhering to. For example, such “programs” could enable that:
Users can give different people varying access to their account. Such as having a spending limit on your mobile device to make smaller transactions on-the-go or giving budgets to different teams in a company.
Applications can open and manage user accounts in order to facilitate seamless onboarding, then hand over control to the user at a later point. Seamlessly switching between custodial to self-custodial setup.
A fraud monitoring system uses a trusted on-chain source to prevent any transaction from interacting with a compromised account / smart contract.
The sky's the limit with self-custody solutions built on the Safe Protocol, as the only requirement is that the logic can feasibly be coded as a smart contract.
So what is the optimal model? Can we create a system that does not require trust yet allows users to have peace of mind? How do we bring better safeguards to self-custody?
At Safe, we think that there is a massive amount of innovation on the horizon around what we call “hybrid custody”. This new ecosystem of solutions and services will provide trust-minimized custody for users who don't want to shoulder the full responsibility of self-custodial setups.
Smart contract wallet platforms like Safe will make this possible. Developers can build custody systems that give the primary keys to the user while having use-case-specific keys with trusted custodians. Those custodians can then perform certain actions such as account recovery, blocking transactions, or facilitating trades. But these actions follow transparent rules defined by the user on-chain. And most importantly, the user, at any point, has the ability to cut cords with a custodian.
As a result, these hybrid custody systems retain the critical benefits of self-custody:
Full control and censorship resistance
Portable account without platform lock-in
Composability and permissionless innovation
While adding some benefits commonly known from custody solutions like:
Easy user onboarding and better UX through abstraction
Fallbacks and safety nets such as fraud monitoring
This sounds very intangible and abstract, but hybrid custody has already started to become a reality. A very early exploration of this concept was launched years ago by the smart contract wallet Argent. They offered their users the option to add the Argent company itself as a so-called Guardian. This way, Argent could conduct account recoveries in the name of their users. But users could always, without permission, disable the Argent Guardian. This is the power of hybrid custody!
Hybrid Custody will be able to effectively break up the dichotomy between self-custody and custodial services. It’s unclear where exactly the dominant designs will be in this newly created spectrum. But there will be massive innovation.
By using the programmability of smart contract wallets like Argent or Safe, we could see centralized exchanges providing fully-backed, segregated user accounts. Or there might be security firms/insurances providing fraud prevention as a subscription service. Banks could even open up new business opportunities, such as providing recovery services similar to the Argent Guardian example above.
Our industry has to move forward. We have to do better.
The Safe Foundation is committing $1,000,000 in grants to projects/initiatives that help users get their assets off centralized custodians. If you’re working on initiatives that push forward self-custody or explore the design space of hybrid custody, look forward to more details on the grants program in Q1 2023. Specifically, we want to support:
Regulators and researchers exploring frameworks for self- or hybrid-custody
Educators spreading the word about smarter self-custody and helping to onboard new users
Builders creating new solutions, tools, or infrastructure along the self-custody spectrum using the Safe Protocol
If you have ideas on how to contribute, make sure to follow us on Twitter in order to stay up-to-date on the grants program.