In our Year Ahead report, we mentioned access control/wallets as a major theme. This report will expand on the topic and look at the full picture from the perspective of wallet strategies, roadmaps, revenue potential, smart contract wallets, account abstraction, MPC wallets, and more. As a warning, this report is long. I get it, but it’s not really my fault. The reality is that there are just way too many wallets.
But first, a quick note on hardware wallets, as we believe they may be misunderstood at times.
Before diving deeper into the wallet landscape, we wanted to touch on hardware wallets quickly. People will often compare a Ledger/Trezor to a wallet like MetaMask, but this is not the correct framing. A hardware wallet isn’t even really a wallet in the way we think about them, it is simply a device that allows one to safely and securely generate private keys, addresses, and sign transactions. Once these addresses are created, the user can use them securely in a variety of ways:
Official App: Most hardware wallets have their own app. This is where firmware updates take place and also functions as a wallet interface to sign transactions. These apps can be slow to onboard integrations however, and users are restricted in what they’re able to do.
Using a HW With Web Extensions: This is a more secure way to use a web extension like MetaMask. Instead of generating a “hot” seed phrase directly in the MetaMask extension itself, users can let MetaMask read their addresses from the hardware device and request signatures from it. If a user’s computer is ever compromised, the hacker cannot gain access to funds, as the seed phrase was generated and kept offline. When you see MetaMask “hacks,” it is either someone entering their seed phrase on a site or a compromised computer and attackers extracting the “hot” keys stored on the computer.
Using a HW With a Smart Contract Wallet: Smart contract wallets like Safe require some threshold of signatures from EOAs (externally owned addresses, i.e., a standard Ethereum address). Thresholds can be set at any customization, but a common one is 2/3. This scheme requires signatures from 2 out of 3 designated addresses to authorize transactions. A scheme used could be a mobile key, a hot MetaMask key, and a hardware-generated key. What is decided is up to the user, and there’s always a tradeoff between security and convenience.
Another nice benefit of using hardware wallets is that they’re flexible. If a user wants to use a new wallet extension or another chain, they can take that same wallet/seed phrase with them by simply hooking up their hardware device — it’s highly mobile. Compare this to a user who generates a seed using the MetaMask extension and needs to import that seed into a new extension if they want to use it. Not only is this cumbersome, but it’s also a security risk, as the user is now typing their seed phrase into a new extension on their computer. With a hardware wallet, it is fairly trivial to move from MetaMask to Rabby or use a new extension for a non-EVM chain, and nowhere in this process does a user need access to their seed phrase. Mobility is probably one of the more underrated features of hardware wallets.
So there we have it. There are still unique security considerations with hardware wallets like open source/closed source code, air-gapped/non air-gapped, and potential supply chain attacks, but that is a longer discussion and not the focus of the report. We just wanted to give some background on what they are. For the most part, they’re just a way to securely sign transactions. One final note — if you securely sign a phishing transaction, you have still signed a phishing transaction. A hardware wallet does not stop all attack vectors.
We’ve split this report into three sections: Standard/EOA wallets, smart contract (i.e., contract account) wallets, and MPC wallets. When we say standard wallets, these are predominantly browser (and sometimes mobile) wallets like MetaMask, Rabby, Phantom, newcomer Backpack, and more. Standard wallets are by far the most used, and we believe the wars between them will heat up over the coming years as they move from basically just a way to access frontends to offering a full suite of products, striving to become a so-called “super-app.” The most applicable comparison here is Tencent’s WeChat, China’s super-app that has payments, social, shopping, ID, and more all under its umbrella. All crypto wallets are naturally built on payment rails, so it’s the other features that will set them apart.
To begin, we start with the Ethereum wallet MetaMask, the clear leader in wallets today.
MetaMask is the most used wallet, and it’s not particularly close. As of March 2022, ConsenSys claimed over 30M monthly active users — the wallet game is theirs to lose. MetaMask has become so popular that if you even mention it on Twitter you instantly have multiple scam responses and quote tweets from “MetaMask support” within a few seconds. Ironically, the amount of scam bot replies when you mention a wallet on Twitter is a great signal for wallet adoption.
MM really hit their stride when DeFi started to take off in 2020. Before then, people only used blockchains for holding, spending, and transferring tokens. When DeFi came around, the need for wallets to be able to read and write to smart contracts was severely needed, and MetaMask fit the bill. Today, the competition is more fierce, and a wallet simply connecting to dApp frontends and allowing users to interact is not enough; they need to start differentiating. MetaMask has started to expand their offering in a couple ways. First, by integrating apps/functionality into the app itself like with MetaMask swaps. Second, their new product “snaps,” which allows third-party developers to create new applications on top. We’ll start with the first angle and focus on the wallet services from MetaMask — the first being swaps, which was processing $3B-$5B of volume per month at its peak.
Swap functionality is the easiest/most direct integration for a wallet to make and the cleanest potential revenue driver. There’s also not a lot of overhead for the wallet, as they just need to tap into DEXs and aggregators in the backend. MetaMask swaps are just convenient, and while they may not be used frequently by power users, they will by casuals. The revenues are staggering, generating close to $0.5B in revenue since launch in late 2020 and averaging $1M+/day during the bull run. Even with the market depressed, daily revenues are anywhere from $100k-$300k, good for a ~$35M-$100M annual run rate. This is all from just ~5k daily active addresses.
Now, is this revenue sustainable? First, MM charges a rather egregious 0.875% swap fee. This is on top of the 1-30bps DEX fees the user is already paying. So, are users just paying for convenience? To better answer this question, we should break down who we think the users of swaps are and what their motivations are.
Airdrop Hunters: MetaMask has hinted at a token in the past, and the only way to really airdrop to users would be based off of swaps volume (other data is anonymized). There are a portion of users that have aggressively been using swaps for this reason only, which highlights one of the more challenging aspects of interpreting crypto data. There’s always a token and there’s always an APR, whether explicit or implicit. We’d wager these users make up the bulk.
Users Who Don’t Care: Crypto assets are 150+ vol assets. Paying 0.875% is irrelevant when prices are moving 10% an hour, and users like convenience. This cohort is stickier and consists of higher quality customers of swaps.
Users Who Don’t Know: Swap fees either aren’t known or aren’t easily interpreted by retail users. While the swap fee is listed at the bottom, it’s harder to reason about the actual amount you’re paying, as it’s baked into the final execution price.
For now, a large part of the revenue here is masked by the token overhang and will be worth watching when (if?) that drops. Swaps are also not a competitive advantage in and of themselves, every wallet has/is integrating some form of swap functionality.
The second app launched by MM was their bridge product. This uses bridge aggregators in the backend and supports 4 EVM L1s — Ethereum, Polygon, Avalanche, and BSC. There are three layers of protocols here all vying for the users. At the lowest level are bridges like Hop and Connext, which the swaps are actually routed through. The next level consists of bridge/DEX aggregators like Socket and LI.FI, which search for the best prices. Finally, we have MetaMask itself. There are three levels of fee extraction taking place here, and a subtle difference between bridging and swaps is that the user is explicitly aware of what fee they’re paying when bridging, as bridging is done in the same asset (e.g., send 1 ETH receive 0.99 ETH = 0.01 ETH fee). With a swap, the actual fee is kind of hidden. After a hot start, bridge volume saw a drop of ~80%, partly due to overall market conditions and partly due to EVM rollups (which aren’t supported yet) gaining share from the L1s.
MM has also recently launched liquid staking in-app. This allows a user to stake their ETH for an LSD (liquid staking derivative) without going to the protocol. While it seems small, it’s a nice added feature and reduces the attack surface, as users don’t need to verify they’re on the right site. In fact, reducing the attack surface and overall security is a big reason why apps in wallets make so much sense. Lastly, there’s one obvious revenue stream/elephant in the room around wallet value accrual, and that is MEV.
All MEV is generated by users, and the first to know about their transaction intents are wallets. Let’s say there’s a new builder, we’ll call them Builder Bob. Builder Bob comes to a wallet and proposes the following — you give me all of your user transactions and I’ll send both you and your users back a cut of my profits. From the user and wallet perspective, this is great! They now get better execution by integrating with this builder. For Builder Bob, he now has EOF (exclusive order flow), private transactions that only he is privy to. This allows Bob to build more profitable blocks than other builders, and Bob will start winning more blocks (i.e., have a higher inclusion rate). Searchers only care about their bundles landing, so they will start sending their bundles to Bob. This causes Bob to create even more profitable blocks and again increase his inclusion rate. You see where I’m going with this. In the long-run, Builder Bob now has a monopoly on building, and he no longer has to share profits back with users and wallets. Discussing wallets and their role in MEV is kind of taboo, but it can’t just be avoided. We expect this to become more of a theme as wallets look at monetizing in the coming years.
Most wallets now understand that we need to move to the iPhone era of wallets, although they’re all doing it in a slightly different manner. For MM, we can focus on their new snaps, a trust-minimized execution environment that anyone can create apps for.
Snaps is the latest development from the MM team and is in pre-release phase. Developers can download “Flask,” a canary distribution that allows them to create snap apps. Snaps are essentially a way to extend MM’s functionality by having external developers build apps on top. If we look at something like Apple’s App Store or Microsoft’s Windows, how many applications are actually built by the Apple and Microsoft teams? The answer is an immaterial amount, and MM looks to do the same. Having this open, secure platform for development allows MM to scale their wallet in a way that is not possible by keeping development in a closed loop.
Snaps is still in its infancy but is an exciting move from the MM team. Having this open sandbox to develop on top of allows MM’s functionality to scale in a manner it hasn’t been able to before. The wallet market is getting more competitive every day, and adoption of snaps gives MM the ability to retain their dominant position.
However, they aren’t the only ones thinking about wallets from this “app store” mindset, and more will be taking similar approaches. A slightly different implementation of this idea comes from the team at Backpack, a promising new wallet built around a new primitive they call xNFTs.
Backpack takes a similar approach to snaps with the “app-store,” but the main difference is that it is more focused on having the best consumer applications. They do this with xNFTs, also known as executable NFTs. Don’t let the name fool you, these aren’t monkey jpegs. An xNFT is similar to NFTs you see today, but instead of pointing to some image, you point to code instead. So, what does this enable? It enables developers to create apps as xNFTs that users can add to their wallets, giving them the ability to access any dApp straight from Backpack. Instead of connecting to various web interfaces (which increases the risk of phishing attacks), users can just add desired xNFTs to Backpack and access dApps directly from there. Not only is this more secure than the standard flow (by having verified apps actually held in one’s wallet), but overall makes the UX much cleaner. Developers don’t need to wait for wallet support either, they can just build an xNFT for what they want.
Users simply go to , choose which xNFT they want, and then install it in their wallet by doing an on-chain transaction on Solana and paying a small transaction fee. While the ecosystem around Backpack is still new and developing, there are already numerous apps from DeFi protocols like Solend to borrow/lend assets, Solanart for NFT trading, Squads to manage multi-sigs smart contract wallets, music apps to listen to music in the wallet, staking apps, gaming, and more.
Backpack is trying to become a sort of operating system (not in the literal sense) for people to plug into. Their founder Armani had a realization when building Backpack — every wallet today is essentially the same, they generate private keys for their users and let them connect to websites. But what happens when Saga (Solana’s mobile phone) or Apple get into the crypto wallet game? A lot of extensions today have a moat around their users’ private keys as users get locked into a particular extension, both from the hassle and security risk of migrating a seed phrase. What happens when instead of extensions, operating systems like Saga and Apple now manage these keys? At this point, switching wallet apps is trivial, as you can access any extension at will and the phone essentially acts as a hardware wallet but with all the other phone functionalities. Eventually, a wallet extension becomes a dashboard.
Backpack sees that this is where the market is heading and that competing with current wallets over user keys is not a battle worth fighting. They want to create a rich ecosystem around their wallet with developer tooling. Armani, being the creator of Solana’s developer framework Anchor, is well suited to take Backpack there. This is why they’re not just building around xNFTs but also everything else you can think of to better the consumer experience. Custom usernames/identity, push notifications, xNFTs, messaging/social, and more. Backpack strives to create the premier user experience. Want to buy an NFT that’s not listed? Find the user in Backpack and send them a DM.
Backpack started on Solana, and that’s where the xNFTs lie for now, but their focus is multi-chain. They know this is the future and that users don’t want to have a different wallet for every chain they use. They are going after the consumer side more directly than anyone else, and when their wallet is completely open to the public, we’d expect it to gain adoption quickly (right now you need an access code). Lastly, we’ll keep an eye on their NFT project that they have teased to be showing off some yet-to-be-revealed xNFT functionalities (while xNFTs are not just jpegs, they can be just jpegs).
MetaMask dominates Ethereum and EVM chains today. No one really dominates Solana, but Backpack is the most promising. This leaves open the Cosmos ecosystem, an ecosystem that offers its own wallet challenges and nuances as one built around many differentiated, customized, and interconnected appchains.
We talk about Keplr here not because it is more adopted than other wallets, but because it is the most adopted in Cosmos, an ecosystem we expect to see substantial growth over the next few years. Keplr is kind of the one stop shop for those in Cosmos, both with their extension and dashboard. Their dashboard has things like staking and governance voting on the majority of IBC chains, liquidity pool details for Osmosis, NFT portfolio tracking for Stargaze, and more. Keplr has added unique features like account abstraction (namely, paying for gas in any token). They’ve also added a lot of retail features like fiat onramp integrations through Transak, MoonPay, and Kado, and the ability to create a wallet, not just with a seed phrase or hardware wallet, but with Google as well. While “sign on with Google” is not something crypto natives will want, it does make the onboarding a lot easier and less overwhelming for new users. Keplr leverages Web3Auth for the Google sign-in, which already has MPC solutions and is also building a snap for MetaMask. In the future, you can envision an MPC version of this where one’s Google account is just a portion of the signing key.
Keplr has a few more items on their roadmap, most notably EVM support, going deeper on the identity/reputation layer, and more account abstraction features like spending limits, social recovery, sign once for multiple transactions, and more. As a side note to this, Cosmos chains have account abstraction built-in already. AA is a tool, what matters are the things people build that leverage it.
While the wallets above are the leaders (or most promising in the case of Backpack), they are by no means guaranteed to hold their spots. There are a lot of wallets, and competition is fierce. We don’t have time to go through them all, but we’ve added some brief notes on other notable standard wallets here:
WalletConnect: Not a wallet, but worth highlighting. WalletConnect is a protocol that sits in the middle, allowing wallets and apps to interact securely. This is especially useful for smart contract wallets like Safe, which don’t have native integrations with every app.
Rabby: Created by the DeBank team, Rabby has entered the market from a different angle than MetaMask. Having been built by a team which started in the dashboard/portfolio market, they have an advantage in knowing what users want to see and use and then building a wallet around those things. Contrast this with MetaMask, which has taken the opposite path, with the wallet first and now their own dashboard/portfolio manager. They have some nice features like auto-switching networks, pre-sign security checks, transaction simulation, Safe integration, and address whitelisting (at the wallet level) to prevent phishing attacks.
Frame: For privacy-oriented individuals, Frame is a desktop wallet that runs natively on macOS, Windows, and Linux. It has a clean UX and works well with most hardware wallets. Frame has been gaining traction as one of the preferred wallets for crypto-native users.
Rainbow: Ethereum iOS and Android wallet that is launching a desktop extension to compete with MetaMask soon. Built around the mobile and social experience, it also has bridging, swapping, NFT support, and fiat integrations.
Trust: A mobile-first wallet that has recently moved to the desktop/extension market as well. It is truly a multi-chain wallet — it has staking directly built-in and can facilitate cross-chain swaps routing through THORChain. Trust has fiat integrations and a tight integration with Binance, which acquired them in 2018. Trust’s token, TWT, trades at a $633M circ/$1.5B FDV valuation and is used for governance and in-app discounts.
Phantom: A popular Solana wallet. Has recently added support for Ethereum and Polygon as it looks towards its multi-chain expansion.
Solflare: Another popular Solana wallet, it recently added support for priority fees and was one of the first to do so. It also has a dashboard that allows users to see outstanding approvals/security risks, tokens, NFTs, activity, etc.
Glow: Mobile Solana wallet, allows easy integration through mobile browsers and has Ledger Nano X bluetooth support for signing transactions. Also has an integration with Stripe.
Leap: New entrant to Cosmos and Keplr’s main competitor. Notable features include Leap alerts, an embedded mobile browser in their mobile app, swapping in-wallet, fiat rails, and governance voting.
Ottr: Positioning itself as the “Venmo built on Solana,” a self-custody mobile wallet with fiat rails which is geared towards payments.
xDEFI: Cross-chain wallet and leader for THORChain users. Has recently added support for in-wallet cross-chain swaps in which they take a 0.3% fee via THORChain and 0.5% via others. 75% of fees collected go back to stakers of their token. They have support for Bitcoin, Ethereum & EVM, Doge, Solana, Near, and more, with Cosmos also on the way.
Coinbase: Being the leading US exchange, Coinbase naturally has access to a large number of users. In addition to their standard self-custody wallet, they also have an MPC solution for users who do not want to bear the burden and responsibility that self-custody entails.
Brave: Being a browser gives Brave a competitive advantage around switching costs. It is much easier for one to download and use a new extension than move their entire browser. Brave has a native wallet integrated with support for both EVM and non-EVM networks. While adoption has been slow, Brave shouldn’t be written off, as they sit in a position with a lot of bargaining power.
Robinhood: A dark horse perhaps? Robinhood recently started rolling out their wallet to a 1M+ waitlist with support for Polygon and Ethereum. As a popular retail trading platform, Robinhood already has millions of customers signed up to easily tap into.
Again, there are many more not in this list, and it isn’t meant to be exhaustive. One trend is clear though — all wallets are now starting to integrate more functionalities that go beyond purely connecting to web apps.
Another unique entrant here is dApps themselves — they already have the users, why not enter the wallet space? We’ve seen a few move (or think about moving) in this direction:
1inch: Already has their own wallet and recently announced getting into the hardware wallet business as well. Their HW is fully air-gapped (no wires or bluetooth to connect) and will offer transparent signing with a large screen. As a DEX, 1inch is familiar with common issues users should be considering when approving a swap; and they can optimize for these in their HW and wallet extension.
Uniswap: The #1 DEX by far, it would be naïve to pretend that Uniswap hasn’t been monitoring and taking notes on MetaMask’s swap functionality. The UNI token has historically been criticized for having no fee-drivers to their token, but if MetaMask is able to charge 0.875%, surely Uniswap could create a better wallet optimized for trading and go after those same users. Uniswap has already done the hard part; they have >50% of the volume and users on Ethereum.
OpenSea: NFT users are fairly distinct from DeFi users. While there is some crossover, NFT users are by and large a different audience than DeFi. As the #1 NFT marketplace (although with dominance waning), OpenSea is a natural fit to create their own wallet. They can tailor features specifically for NFTs such as anti-phishing features like isolated whitelisted NFT apps, pre-transaction fraud detection, and native integrations with products like delegate.cash.
Stepn: The Stepn app is already a wallet itself, as this is where one’s items are stored. Stepn also pivoted from using Orca as the DEX for their tokens to creating their own DEX last year. Stepn is a good example of a dApp trying to own their whole stack.
Before moving on to smart contract wallets, we should mention Saga and the Solana mobile stack, as they sit in a highly differentiated position that, if widely adopted, will come with strong bargaining power.
Saga is a big development, not just for Solana but to encourage incumbents like Apple and Android manufacturers to enter this area as well. Saga will have a secure enclave to manage private keys called the “Seed Vault.” This lets users generate secure signing keys like a hardware wallet but with the added functionality of being a phone. If you compare this to the current mobile experience, users generate keys directly in the mobile apps themselves because modern phones do not support ECDSA signatures in their secure enclaves. This means a new seed/private key is generated for every mobile app and stored in Apple’s keychain.
Saga, on the other hand, will manage signing keys below the app layer, giving users the ability to use that seed with any app they download to the phone after. This gets back to our previous section on Backpack — once keys are not managed by apps, but instead operating systems, what’s the wallet’s competitive advantage? One can argue this advantages the actual apps like Uniswap and OpenSea vs. the current wallet incumbents themselves, as all wallets/application-specific wallets now sit on the same layer. For a first look at the Solana mobile store, reference this tweet thread. If you’re wondering how xNFTs will work with SMS, xNFTs will be accessed/installed through the app-store. xNFTs are on-chain apps, and SMS will be one distribution mechanism. If you install Backpack on the Saga mobile phone, all of your xNFTs will automatically populate (just like all your other tokens). Remember, xNFTs are apps that are tokenized, so wherever you bring your Backpack, those apps come with you (does the name Backpack make sense now?).
The standard/EOA wallet competition is heating up, and just allowing users to connect to dApps will no longer suffice. These wallets are also going to need to compete (or integrate) with smart contract wallets in the coming years as the tech matures. We see standard wallets as more of the consumer layer and contract wallets as the infra layer, but these lines are muddied.
In this section, we’ll talk about smart contract wallets like Safe, Argent, and Squads, and touch on ERC-4337 and account abstraction.
When people think of smart contract wallets on Ethereum, two come to mind — Safe and Argent. Safe (previously Gnosis Safe) is the gold standard multi-sig on Ethereum and currently holds >$30B of assets, with more at the peak. Safe is essentially the largest honeypot in all of crypto, as an exploit of their contracts would be catastrophic not just to them, but Ethereum DeFi itself. It is close to the point where it is too big to fail (i.e., an exploit would require a chain fork). The flip side of this is that Safe has a lindyness to it, and the longer it goes on safely securing funds, the more valuable it becomes. Smart contract wallets are also stickier than EOAs for asset retention, as in order to move assets to a new SC wallet, the user has to actually transfer all of the assets out of the wallet which means closing DeFi positions, spending gas fees, and operational and tax considerations.
Over the past few years, active Safes on mainnet have gone from a few hundred/day to ~2k/day more recently. With the continued adoption of L2s, we’ve seen this number accelerate.
The biggest drawback with SC wallets on Ethereum is the gas fees, as they are second-class citizens to EOAs. In order to use a SC wallet today, every transaction must originate from EOAs, requiring user operations to be wrapped by a transaction from an EOA with added gas overhead. This makes SC wallets expensive as a daily user, especially on L1. But this is less of an issue for L2s and alt-L1s, and we can see this in the data with Arbitrum having almost as many daily active Safes as Ethereum, and with Polygon having a whopping 40-80k safes per day. But why are Safes so popular on Polygon? Because Worldcoin uses them for every new user account. This gives us two insights — first, that gas fees hold back SC wallets for daily users, and second, that unrelated protocols trust Safe’s contracts and would rather leverage their infrastructure than try to build something themselves. The latter is subtle but important.
While many view Safe as a multi-sig, that’s cutting the product short. Safe is really just a provider of smart contract wallets, and one with a long history. In fact, if you look at the breakdown of Safes by signature thresholds, over 50% require just one signature, and many of these have just one owner/EOA attached! This tells us that a large portion of Safe users are not actually using it for the added security a multi-sig provides, but instead for the flexibility and added benefits that SC wallets provide over EOAs. Using a SC wallet has some nice benefits like rotating keys without transferring assets, transaction batching (e.g., have a token approval and swap in one transaction), spending limits, and more.
You’ve probably been hearing a lot about account abstraction this year. The features above may look familiar to you, and you may be wondering how Safe does this already. We’ll touch on that below, but the short explanation is that while ERC-4337 is a new standard, Safe already created their own ecosystem around SC wallets years ago. Their module system is what allows developers to build these features on top of Safe wallets at the app layer before any ERC/EIP or Ethereum infra-layer changes take place.
Again, we’ll touch on this below, but what ERC-4337 enables is the ability for transactions to originate from contract accounts instead of requiring EOAs like they do today (from the perspective of the user). In order for account abstraction to be useful, you actually have to build useful products! Safe is a clear leader in this respect, with over 30 teams like OnChainDen for DAOs, Tribes for social wallets, Castle for NFT collectors, and many more. As we’ve said, SC wallets create a competitive advantage in their lindyness, as not only will more users trust storing assets with them over time, but more protocols will join the Safe ecosystem and build on top as well. This has a flywheel effect (a term we all love) and creates a positive feedback loop for Safe. While Safe transactions are still much lower than EOAs, they continue to trend up and now make up ~0.02% of total Ethereum transactions, consume ~0.04% of Ethereum gas, and are present in 1-3% of Ethereum blocks. This may seem low, but SC wallets face numerous disadvantages vs. EOAs. The trend of Safe adoption is still accelerating in the right direction, and L2s + ERC-4337 will help.
Shifting gears a bit, we want to touch on their token, SAFE. Curiously enough, the recent airdrop had ~65% of the airdrop distribution (5% of total supply) left unclaimed, and the DAO is currently deciding on what to do with the unclaimed tokens (send balance to those who claimed, send back to DAO, re-open claim, etc.). Some of the increase in Safe activity this year was hypothesized to be “airdrop hunting,” but with such a large portion left unclaimed, it is hard to say that thesis is correct.
Today, Safe is truly a public good, as they take no fees on their contracts. But custody is a lucrative game, with Coinbase and other institutional options charging 50bps and Fireblocks MPC (while not disclosed) known to be a cash cow. At the current $35B of assets, 50bps is a hypothetical $175M annual run-rate for Safe. We use this just to give a rough approximation of potential fees, and there are more levers to look at like a subscription fee or fee-sharing with protocols built on top. While it is true that anyone could just fork Safe’s contracts and remove any fees, you can’t fork the lindyness of the contracts and team and you can’t fork the ecosystem built around it. Custody is something users are usually willing to pay for. Still, we imagine that SAFE will be a pure governance token for at least the next few years as the main focus is adoption of Safe and building the ecosystem around it. Also note that SAFE, while launched, is not yet transferable and thus does not have a market price or valuation.
We’ll now move from Safe to Argent, the other well known SC wallet on Ethereum today and the leader in mobile.
Argent is another well known SC wallet, but differs a bit from Safe in that it has a mobile-first strategy. In fact, Argent actually had more users than Safe for a few years until users were driven away by gas fees. A difference worth highlighting here is how gas fees are paid for in a Safe vs. Argent. For a Safe, deployment is permissionless and users set their own EOA keys and pay fees themselves. Argent, on the other hand, runs a relayer service which listens for off-chain messages signed by users and then wraps them in a transaction to put on-chain. Argent used to pay gas on behalf of their wallet users but stopped when L1 fees got prohibitive. Many mobile users who liked the experience of Argent moved back to EOAs, trading security for cost. Being a mobile-first and individual-first product, they saw a steep drop-off over the past year while Safe continued adding accounts from power users and DAOs.
Comparing some metrics to Safe, it becomes clear that Safe has a much higher value/user. This makes sense, as some exchanges and DAOs use Safe to custody funds. Safe and Argent also differ a bit in their target blockchains, with Safe being focused on EVM chains and Argent only supporting Ethereum L1 while building out L2 solutions on the zk-rollups StarkNet and zkSync.
Why did Argent pick these zk-rollups specifically? Because they are able to build account abstraction at the protocol level, and Argent will use these layers to test and develop AA features before bringing them back to L1. While Ethereum has the ERC-4337 proposal due to be implemented, it still doesn’t get rid of EOAs and does not add protocol-level account abstraction. Moving the entire Ethereum L1 from EOAs to contract wallets is not a decision to take lightly, and one that may never happen at all due to the risks it entails. ERC-4337 is a nice middle ground that can enable the majority of AA use cases to be unlocked, but it is notable that Argent does not have any plans for it (it’s not like ERC-4337 will solve gas fees). Argent’s focus is on L2s with ArgentX on StarkNet, and it’s been working closely with the team on wallet development, aiding infra-level specifications like having multicalls (complete many transactions in one transaction) natively in StarkNet accounts. What’s nice about multicalls on a zk-L2 is that they only post state-diffs to L1, so combining all these transactions into one makes it cheaper for the user. StarkNet is a completely blank slate; designing accounts here is an open canvas.
Now, even though Argent isn’t focused on ERC-4337, a lot of teams are, and we should touch a bit on the implementations and wallets being built around it.
The high-level summary of ERC-4337 is that it creates a higher-level mempool. This mempool will listen to UserOperations from SC wallets generated by a dApp. Bundlers (which can be block builders) will then take these user operations, construct a bundle transaction, and then add it in a standard Ethereum block. What ERC-4337 really enables here is a common standard. SC wallets will not need to relay transactions themselves (like Argent does), but can instead use this higher-level mempool. Compared to the normal Ethereum mempool, it allows for new signature schemes (including quantum-resistant ones), wallet upgradability, and flexible execution logic (e.g., multicalls).
However, it still does not fix the gas issue, as that would require changes at the protocol level.
Both of these points from @lightclients are worth considering. They illustrate why Safe will wait until it’s completely tested and audited before adding support and Argent will be focusing on L2s instead.
One final point on the ERC-4337 implementation is that it also introduces the concept of Paymasters, which are optional contracts that allow a user’s gas fees to be paid (i.e., sponsored) by some other party. This could be used for things like covering user gas costs, partial/MEV reimbursement, or allowing users to pay fees in another token (fee abstraction). Some new and upcoming wallets that will be focused on ERC-4337 out of the gate are Soul Wallet, CANDIDE, Biconomy, Infinitism, Stackup, and Etherspot.
Squads is Solana’s leading SC/multi-sig, and one of the nicer ones from a UX perspective, having features like Jupiter integration, Magic Eden app with NFT vaults, its own xNFT for signing transactions from Backpack, and more. But Squads faces similar challenges to Ethereum SC wallets in that Solana does not have account abstraction at the protocol level, and so SC wallets are second-class citizens on Solana as well. While Squads has integrated some apps natively, they can’t keep up with every new protocol launching. Their answer to this is unique, as they will be launching their own wallet browser extension Fuse, allowing users to connect to any Solana DeFi protocol and initiate transactions on behalf of a Squads SC wallet. This not only adds functionality for DAOs, but opens Squads to a larger market of individuals, as users can now take advantage of SC wallet functionalities without missing out on certain DeFi apps, and gas fees won’t be a deterrent like they are for Ethereum L1 wallets.
A few other SC wallets worth mentioning:
Nucleo: Private multi-sig built on private chains like Aleo and Aztec.
Ambire: Ethereum & EVM wallet, Ambire is distributing 30% of their token over 4 years in the form of a continuous airdrop for funds held (proportional to user balance : total balance). It’s a cool distribution mechanism, but it’s also potentially dangerous to pay people to store funds in their contracts (not saying this is the case with Ambire, just something to consider).
Pillar: Ethereum & EVM wallet, also has a token (PLR).
Linen: Mobile-friendly wallet built on Safe. Again, this goes back to Safe being more than just a multi-sig, but an entire ecosystem built around their contracts.
Sequence: Ethereum & EVM gaming-focused wallet.
UniPass: Ethereum & EVM wallet with social log-in and recovery. Their seedless accounts are very user/”normie”-friendly, using things like Google, Twitter, Facebook, and email addresses to log-in. Obviously, if one were to use such accounts as a multi-sig for recovery, emails and passwords associated should not be the same…
MevWallet: An early proof-of-concept from James Prestwich, MevWallet adds the ability for users to set up tip escalators — variable fees that can even be negative if their transactions will generate MEV for searchers. This is a neat design because transactions go to a pool that searchers can permissionlessly access, instead of the more dystopian EOF outcome.
Smart contract wallets are a big improvement in security and UX, and crypto will probably never scale to the masses without them. In a similar vein to SC wallets are MPC wallets, although they achieve this granular programmability in a slightly different manner. Policies and signing schemes are held off-chain, whether by a centralized provider like Fireblocks or a decentralized network like Lit, Entropy, or Odsy.
We’ve talked about standard/EOA wallets and we’ve talked about SC wallets. SC wallets and account abstraction seem like they solve all of our needs, so why has so much focus been put on MPC wallets, and how do they differ from the other two? We should begin with the understanding that MPC wallets are EOA wallets themselves. The easiest way to conceptualize what MPC wallets are and how they differ from SC wallets is with an example.
Suppose you want to whitelist addresses from your wallet so that you can only transfer assets to these whitelisted addresses. The keys get compromised, and the attacker initiates a withdrawal to a non-whitelisted address. The way this works with a SC wallet vs. MPC one is slightly different. With a SC wallet, the user signs the malicious transaction and the SC recognizes the valid signature (or signatures if a multi-sig). It then checks the on-chain policy and notices that this address is not whitelisted and blocks the transfer. With MPC, the attacker signs with the compromised key but only generates a portion of the signature. The other nodes in the network check the off-chain policy, notice that this address is not whitelisted, and do not sign their shares or complete a valid signature. Remember, MPC wallets utilize EOAs, so all of the programmability needs to be done before the signature is generated, vs. SC where it is done after.
This is why some people give MPC the moniker of a “hacky” SC wallet solution. At the end of the day, you’re still using normal EOAs and adding off-chain programmability before you get to the signature part. MPC should not be discounted though, as there are some benefits to this structure. First, since MPC uses EOAs, users do not need to deploy new addresses on any chain. Compare this to a SC wallet where a new contract needs to be deployed on every chain. Second, MPC policies and their signature schemes can be private, as they’re not doxxed on-chain. Third, MPC wallets do not need to be designed specifically for a certain chain or VM and are not reliant on protocol upgrades. For example, whether or not ERC-4337 goes through is irrelevant to MPC wallets.
So what’s better, MPC or SC? The reality is that while they have some overlap in use cases, they still have their own benefits and both are viable solutions. You could even envision a scenario where one uses an MPC signing scheme to control a smart contract wallet. This would be like using a MetaMask snap integration with Web3Auth to sign a Safe transaction and take advantage of SC wallet features like transaction batching. The benefit is that the MPC scheme acts as a multi-sig but is more user-friendly, and the user still gets the benefits that SC wallets can provide.
There are two types of MPC wallet providers, centralized and decentralized. The centralized ones keep their policies off-chain in a database, the most well known ones being Fireblocks for institutions and ZenGo or Coinbase MPC for retail. The other side of the spectrum is decentralized MPC providers. For these, we can look to Lit Protocol, Entropy, and Odsy.
Lit is a middleware service made up of a federation of nodes where nodes hold key shares and are able to sign and decrypt data. Lit utilizes a 2/3 threshold for signing, so if there are 100 nodes on the network, 67 of them will need to sign to produce a signature. Lit works around their programmable key pairs (PKPs) which are represented as NFTs, and whoever holds the NFT can authorize the signing of the underlying key shares. This has some added flexibility in that if a user wants to sell an entire wallet, they can just transfer the NFT. Some use cases enabled by Lit are things like limit orders (without a DeFi protocol needing limit order support), recurring payments, condition-based execution, and many more.
In Lit, all the key shares are held by the node operators. This differs a bit from other MPC solutions and means that users are relying on Lit for both liveness and safety. Lit will have a token that nodes will need to stake and can be slashed for unavailability. Of course, the assets secured will be of much higher value than Lit tokens staked, so some additional trust is placed in node operators here. Right now, Lit runs all of the nodes and is moving to a whitelisted group before the permissionless end state.
Entropy differs from Lit in that users will still hold their entire seed phrase. If they ever want to retrieve their wallet, they can do so permissionlessly. The way Entropy is intended to be used is that users will hold one share themselves with Entropy handling the others. Users will then use their partial share (while keeping the full key secure offline) as their daily signing wallet, with the added benefits of whitelisting, spending policies, and other customizations. The trade-off here is that users still need to securely store the seed somewhere but aren’t reliant on Entropy. Entropy could go down and users could just restore their seed to use the wallet as a normal EOA. We do note, however, that Entropy aims to eventually move to a state where users aren’t exposed to the single point of failure risk of seed phrases.
Odsy is a blockchain built around their dWallets. Users hold one share and Odsy validators hold the others. While users can use their Odsy dWallets to access blockchains like Bitcoin and Ethereum, they can also use them for applications built on top of the Odsy network. If you imagine a centralized exchange, it could be built on top of Odsy’s infrastructure with dWallets as the underlying custody infrastructure — where dWallets hold assets on their native blockchains. Odsy calls this “bring your own wallet”/”custody as a service.” Odsy’s token will be used as a gas and governance token, with inflation going to validators.
We’ve gone over the three main categories of wallets here and are left with a lot to digest. While the future is uncertain, one thing looks fairly clear — wallets that are essentially just a way for users to connect to dApps will die and be driven away by their competitors who offer more compelling features. These are the standard wallets that are able to leverage SC wallets where feasible, smart contract wallets at the infra layer that succeed in building the largest ecosystems on top of their contracts, and MPC wallets for those who want the off-chain programmability and flexibility that they provide. While we don’t know who the winners will be from the wallet side, users are sure to be big winners. Crypto UX is about to 100x.
Special thanks to Jose Villacrez for designing the cover image for this report and to Can Gurel and Brian McRae for editing.
Readers also enjoyed