Custodial vs. Non-Custodial vs. Semi-Custodial Wallets
Own your digital assets
Cryptocurrency wallets, custodial services and other storage solutions can be divided to the three major groups, depending on the level of access by the owners of the digital assets. Wallet providers may have different operation structures, but in general we can call them Custodial, Non-custodial, and Semi-custodial (or mixed-custodial) wallets. Also, some wallets may support different modes, limiting or giving full access to the assets for their owners.
Custodial wallet is a website or an app that is storing assets for a user and that is being operated by a third-party company. A typical example of a custodial wallet is a centralized cryptocurrency exchange, that lets its users easily buy, sell, store, trade and transfer cryptocurrencies.
Crypto exchanges support hundreds of tokens on most mainstream blockchains, and provide liquidity for the users to exchange their crypto to other tokens, many of them also provide fiat gateways and/or P2P services, staking, lending services, leverage trading.
Opening an account on a crypto exchange often requires only email or a mobile phone number, with extra security levels such as extra passwords or Google authenticator. Centralized exchanges were the most convenient choice for the new users in crypto; however, users must remember that centralized exchanges are the actual holders of the crypto. Only a small amount of funds is being stored on exchange’s hot wallets and available for withdrawal, while the most of users’ funds are being stored separately on cold wallets. Because the users do not have the private keys of the wallets, every time a user wants to withdraw his or her funds, he or she can withdraw only the limited amount, and must get the exchange’s approval for each operation. Most crypto exchanges require their users to pass KYC verification to enjoy a full range of services and raise the limits for withdrawing funds.
Despite that the exchanges are holding the crypto, in most cases they are not responsible for hacks, technical problems, insolvency and loss of funds. Besides, an exchange may freeze a user’s funds or block the access to the account due to any reason, including governmental policies or security measures.
This is why we can say that Custodial wallets are not censorship-resistant, significantly limiting the users’ rights for a free flow of their assets.
Non-custodial wallets are a group of wallets where the users have an ultimate right to access and transfer their funds, without any third-party approval.
Non-custodial wallets, majorly, are represented by hot and cold wallets, where the users can sign the transaction with their own private key. Owning a private key gives not only the right to transfer the funds at any time, but also brings the responsibility of storing the private key. If a user loses or exposes his or her private key, the assets that were stored in the wallet will be irreversibly lost. Private keys (and seed phrases, that are used as a wallet recovery method) are the critical vulnerabilities and are the targets for hacker attacks.
Semi-custodial wallets are wallets where the authorization for signing a transaction is being shared among multiple parties or devices.
Multisignature wallets can be associated with Semi-custodial wallets as the transaction is being signed through a smart contract by multiple parties where each of them uses its own private key. Multisignature wallets distribute the responsibility thus adding an extra security level; however, they have numerous disadvantages making them less convenient than other types of wallets. Those include longer signing time as many parties must find a consensus and sign together, paying higher gas fees, deploying a smart contract and paying gas fee for it, a limited number of blockchains and limited number of Dapps supporting such smart-contracts, less anonymity as the transaction details includes information about connection between addresses; also, it is impossible to add or remove signing parties once the wallet and a smart contract is deployed. These obstacles slow down multisig wallets adoption and make them less convenient to operate in Web3.
Secure MPC-based wallets are a relatively new area in the crypto industry. Multi-party Computation (MPC) Technology implemented in the MPC wallets is a new word in digital asset security. Such wallets do not have private keys, thus removing all the risk related to hacking, stealing or losing them; instead, they have multiple independent key shares that are stored on multiple separate devices and used to jointly compute a transaction signature through the MPC signature generation protocol.
Older generations of MPC wallets, such as Zengo, have two co-signing parties: there are two key shares, one of them is stored on the wallet provider’s server; another one is stored on the user’s device. Signing a transaction is only possible when both parties jointly compute the signature. Wallets, where the responsibility is shared among the wallet provider and a user can be called semi-custodial; the wallet does not have full access to the user’s funds, but can decline the signing transaction procedure.
Newer generation of MPC wallets, such as Bitizen wallet, has two modes: semi-custodial and non-custodial. When a user is creating a new Bitizen wallet on his mobile phone, two key shares are being generated: one for the Bitizen server, another one for the user’s mobile phone. Two key shares can jointly compute the signature and co-sign the transaction (mixed-custodial mode).
A user can also add his second device, such as laptop/desktop/second mobile phone or iPad and generate the third key share. By doing that, the user is opening a non-custodial mode: by 2-of-3 TSS (Threshold Signature Scheme) he is able to compute a transaction signature with his devices that are storing two out of three existing key shares, without addressing the Bitizen server. By adding an extra device, the user becomes independent from the Bitizen wallet.
By switching from Semi-custodial to Non-custodial mode, Bitizen wallet user has the security level higher than in cold wallets (non-custodial) or multisig wallets (semi-custodial) and achieves full-censorship resistance.