Is MetaMask The Best Non-Custodial Wallet?

Your non-custodial wallet could turn custodial with a single update. Learn about this risk, and how to counter it, in our latest post.
Account Abstraction
• Aug 2, 2023
4 min read
Is MetaMask The Best Non-Custodial Wallet?

In the rapidly expanding digital asset landscape, we encounter a wide array of non-custodial wallets.

Many describe these wallets as the holy grail of financial freedom, promising to grant users complete control over their crypto assets. 

But beneath this appealing promise lies a significant and often overlooked catch: the very real possibility that just a single software update could turn these wallets into custodial wallets.

Let’s unpack that.

First off: How does a non-custodial wallet work?

To answer this question, we need to understand the mechanics of non-custodial wallets. 

Non-custodial wallet, not your keys, not your coins

The wallet’s operation begins when you create an account, initiating the generation of a unique cryptographic private key. In its unencrypted state, the wallet client can directly access this key, the interface that enables you to interact with your on-chain account.

After the generation of the key, encryption takes place. The user sets a password that the wallet client uses to encrypt the private key. This encrypted key is then stored locally on the user’s device. The encryption makes it tough for unauthorized users to utilize the encrypted key without knowing the password.

Whenever the user unlocks their wallet client using the password, the client decrypts the private key on the user’s device. This action gives the wallet direct access to the decrypted private key during usage. It enables the wallet to sign transactions and messages on behalf of the user.

However, the seemingly secure process of using a non-custodial wallet has a hidden caveat.

From the moment you set up your account, you could potentially compromise your private key, and consequently your assets. You also potentially compromise your private key each time you unlock your wallet for use.

More alarmingly, the software of your non-custodial wallet maintains full control over your private key. A simple software update could silently transform your non-custodial wallet into a custodial one without your knowledge.

But why aren’t more users aware of this?

Some users clearly understand this aspect of wallet security, but it slips under most people’s radar.

The process of account creation and encryption seems secure enough at face value, causing users to overlook the potential security loophole that exists. This loophole can transform any standard non-custodial wallet into a custodial wallet overnight, with just a single software update.

Is Binance a non-custodial wallet? No, Binance is a custodial wallet because you rely on the Binance platform to hold your funds, placing them under Binance’s custody.

Is MetaMask non-custodial? Yes, it is by definition, but it’s considered a weak type of non-custodial wallet because it can issue a software update that could potentially access your funds.

Once the wallet software client has access to the private key, it could potentially transmit the key to a remote server or use it directly on your device without your explicit approval.

In essence, when you’re using such non-custodial wallets, you’re unknowingly placing trust in the wallet provider to safeguard your assets. You are also trusting it to maintain bug-free software, and resist potential regulatory pressures.

How do software updates tie into this trust zone?

In the digital world, staying updated is crucial. 

This is why most users enable automatic software updates. They aim to maintain the most up-to-date version of the wallet client, which includes the latest features, bug fixes, and security enhancements. 

However, every software update potentially exposes your wallet client to unknown changes. Those updates could contain malicious content that transforms a non-custodial wallet into a custodial one without your knowledge. 

Even for tech-savvy users, ensuring that the wallet remains non-custodial after each update is a daunting task. It is because it involves tracking countless software changes, including hundreds or even thousands of dependencies and libraries.

So, is there a way to move out of this ‘trust zone’ and ensure genuine self-custody?

Indeed, there is. The solution lies in a system where your funds stay secure, even if your wallet vendor turns malicious.

Braavos’ Hardware Signer is designed to provide just that. It effectively navigates you out of the ‘trust zone,’ assuring genuine self-custody of your assets. It assures authentic self-custody even if your wallet provider faces difficulties or regulatory pressures.

How does the Braavos wallet achieve true self-custody?

The Braavos Hardware Signer capitalizes on the security chip within your mobile device, generating hardware keys that remain confined to your device and unknown to anyone. These keys are employed to sign transactions, but only after confirming your unique biometric identity.

This double-layered approach offers solid protection against phishing attacks since the private key remains hidden (even from you). It ensures the security of your keys, even if the device application processor kernel becomes compromised.

Furthermore, this means that even if the application turns rogue, it cannot auto-sign a transaction without the user’s explicit consent.

Why doesn’t every non-custodial wallet utilize this approach?

The main barrier is that the signature scheme utilized in many popular blockchains, including Bitcoin, Ethereum, and even Starknet, isn’t compatible with the secp256r1 signature scheme supported on mobile devices.

However, the Braavos wallet transcends this limitation. Utilizing the unique capabilities of account abstraction and its smart contract structure, Braavos inherently supports the secp256r1 scheme.

As a smart contract-based non-custodial wallet, Braavos operates on two main pillars:

1. A client-side application that allows the user to review and sign transactions.

2.  An account smart contract on the blockchain that verifies the signed transactions.

By carrying out the signature verification in the account smart contract (instead of the blockchain OS), we’re able to implement custom signature verification logic that caters to the secp256r1 scheme supported by mobile devices.

So the Braavos Hardware Signer presents a powerful solution to address the inherent security vulnerabilities associated with traditional non-custodial wallets. 

It guarantees that your private key remains inaccessible to anyone, including Braavos’s own client, without your explicit approval. It reaffirms that your wallet remains non-custodial, verifiably so, down to the silicon level.

And this superior security measure doesn’t compromise on user experience. In fact, it enhances the experience by making the transaction signing process as seamless as making payments via mainstream services like Apple Pay or Google Pay.

Conclusion: What is the best non-custodial wallet?

Braavos is the best non-custodial wallet because contrary to MetaMask and Binance, no one can ever control your funds thanks to Braavos’ 2FA Hardware Signer.

Want to experience the peace of mind that comes with genuine self-custody? Take the first step today by downloading Braavos wallet here.

Abraham Makovetsky

Abraham Makovetsky

Be The First To Know

Subscribe now and receive monthly updates and interesting news about Braavos and Starknet ecosystem.