Centralizing SaaS wallets: Killing autonomy for the sake of convenience? | Opinion

Disclaimer: The opinions expressed in this article are solely those of the author and do not necessarily reflect the views of the editorial team at crypto.news.

Many businesses in the crypto industry rely on traditional software-as-a-service-based multi-party computation (MPC) custodians to manage decentralized assets. While these custodians offer convenience, they also come with limitations, risks, and challenges related to the security of digital currency.

You might also like: How crypto can reach the next one billion users | Opinion

Whether you prefer decentralization or centralization, it is important to understand that while you may control your private keys, you may lack control over policy governance and infrastructure that is managed by third-party service providers.

The Impact of SaaS-based MPC Wallets

SaaS-based MPC wallets have revolutionized how businesses manage digital assets by offering convenience and perceived security. These wallets are typically provided by tech companies positioning themselves as non-custodial service providers. However, users still need to trust a centralized party for key generation and signing, placing a significant level of control in the hands of these service providers.

Centralizing these services with a few dominant players introduces new risks, such as making them attractive targets for hackers and limiting the autonomy of crypto businesses. This centralized control goes against the decentralized nature of the crypto industry, where individual sovereignty over assets is crucial.

Challenges of Dependency on MPC Custodians

Despite claiming to be non-custodial, MPC wallets heavily rely on third-party vendors for day-to-day operations, security, and service availability. This dependency introduces risks around key signing integrity and operational inefficiencies, such as delays in policy changes and account maintenance.

For regulated financial institutions and firms with strict security requirements, these dependencies pose deal-breakers due to the uncertainties and potential delays associated with third-party MPC wallet solutions. Many of these solutions fail to meet the rigorous risk assessments required for adoption by institutions seeking high levels of security and operational control.

A New Approach to Crypto Custody

A shift from the ‘trust us’ model of incumbent SaaS solutions to a ‘trust but verify’ and ‘never trust, always verify’ approach is crucial. Empowering customers to host software partially or fully grants them control over critical IT infrastructure, mitigating operational risks and enabling more agile infrastructure management.

By adopting a service-oriented architecture within a zero-trust security framework, institutions can tailor systems to their unique requirements, ensuring scalability, high performance, and robust security. Moving towards solutions that allow institutions to own and control critical parts of their digital asset infrastructure reduces vulnerabilities and aligns with the principles of decentralization.

Now is the time for institutions to take control of their policies and align with the correct treatment of service providers. This paradigm shift is essential for safeguarding crypto’s core values and fostering trust in the evolving crypto landscape.

Read more: The ownership of everything: Сentralization vs. decentralization | Opinion

Haden Patrick

Haden Patrick is the director of business operations of Cordial Systems, a provider of institutional-grade self-custody software using a zero-trust security model. Haden has executive experience in team leadership, engineering, and education originating from his 24-year career as a Naval Officer. After co-founding SoloKeys, the first open-source security key company, he managed projects connecting web3 to traditional finance at a cryptocurrency trading firm before joining Cordial Systems.