Centralizing SaaS wallets: Killing autonomy for the sake of convenience?

Disclosure: The opinions and ideas expressed here belong solely to the author and do not represent the opinions and views of the crypto.news editorial board.

Traditional SaaS-based multi-party computing custodians are often seen as the “convenient” solution in the crypto world, managing a staggering portion of decentralized assets. But the reality is that convenience is quickly fading, revealing a host of unexpected limitations and challenges. RisksThe challenges you face as you delve into the technological aspects of cryptocurrency protection.

Regardless of your position on decentralization or centralization, it is important to realize that the appearance of private key control can be distorted by a lack of control over policy governance and infrastructure that you do not manage yourself.

The Rise and Risks of SaaS-Based MPC Wallets

The emergence of SaaS-based MPC wallets has had a major impact on the crypto landscape, allowing businesses to manage digital assets with ease and remarkable security. These wallets are typically provided by technology companies that increasingly position themselves as non-custodial service providers. However, despite this designation, these solutions still require users to trust a central party to securely coordinate signatures and generate keys, placing them high on the custodial spectrum in terms of control over assets.

Relying on a centralized service provider creates a situation where control and security are not entirely in the hands of the organization using the service. While these technology providers do not act as traditional third-party custodians, such as BitGo or Anchorage — which are heavily regulated and offer fully managed custodial services — they still provide a central point of control and potential vulnerability. As used by both SaaS-based providers and traditional custodians, MPC involves splitting the cryptographic keys required for transactions into multiple pieces distributed among different parties to enhance security.

However, in the case of SaaS-based solutions, the centralization of these services within a few dominant players poses new risks. One is that these providers become attractive targets for hackers due to their significant control over many customers’ assets, creating a vulnerability similar to that of centralized exchanges. Second, the concentration of control in these SaaS models not only increases security risks, but also indirectly limits the autonomy of crypto companies.

By relying on an external provider to manage critical aspects of digital asset security, institutions may find themselves constrained in managing the policies, procedures, and overall governance of their assets. This centralization runs counter to the decentralized spirit of the crypto industry, where individual sovereignty over digital assets is paramount.

Challenges of Accreditation and Trust in MPC Trustees

While MPC wallets often claim to be non-custodial because the institution holds a portion of the key, the reality is much more complex: heavy reliance on third-party vendors for day-to-day operations, security, and service availability. He presents The significant risks that can arise from using key shares fall on the client organization. Although the client organization owns the key share, all other components that affect the use or misuse of key shares remain under the vendor’s control. This setup creates vulnerabilities around the integrity of key signing, but more importantly, it introduces friction into the customer experience, an operational risk that must be accounted for. For example, any policy change can take up to several weeks if it is not prioritized by the vendor, resulting in significant delays and operational inefficiencies.

Analyze this potential impact further. MPC wallets can Owns Longer transaction times, and their reliance on vendors for routine account changes and maintenance can be problematic. If a team member leaves, their access is revoked according to the vendor’s cadence. This can take a long time, leading to a period where the security of assets may be compromised. Additionally, downtime for maintenance during business hours can disrupt operations. Additionally, in disaster scenarios, asset recovery can take up to 48 hours – a very long time for any organization that handles high-value transactions. These operational dependencies can be extremely inconvenient. Ultimately, they pose security risks that go against what decentralization stands for – running your own wallet infrastructure.

For regulated financial institutions or companies with stringent security requirements, these dependencies present significant obstacles. This is because the operational risks and costs associated with relying on third-party MPC wallet solutions are often unacceptable to internal risk teams. These teams cannot accept the inherent uncertainty and potential latency that these products entail. As a result, many MPC wallet solutions fail to pass rigorous risk assessment audits, to forbid Prevent its adoption by organizations that require the highest levels of security and operational control.

A new model for cryptocurrency storage

If current SaaS solutions represent a “trust us” model, the ideal solution should shift toward a “trust us but verify” approach and, ultimately, a “never trust, always verify” model. This shift allows customers to host the software in part or in full, giving them control and ownership of critical IT infrastructure. By eliminating the opaque processes inherent in SaaS solutions, organizations not only mitigate the operational risks hidden in the friction of operating in a third-party environment, but also enable more flexible and agile infrastructure management.

This enhanced control supports better risk management and allows organizations to quickly adapt to market demands, ultimately driving revenue growth and positively impacting the bottom line.

The practical solution integrates critical governance controls and policies into a comprehensive platform, allowing organizations to manage their digital assets within a trust-free security framework. This architecture continuously validates every interaction, eliminating implicit trust and enhancing security. By adopting a service-oriented architecture, organizations can customize the system to their unique requirements, ensuring scalability, high performance, and robust security.

Current offerings on the market, which rely entirely on SaaS-based MPC wallets, place excessive trust in vendors who control all components, including cryptographic processes, keys, policies, and transaction data. By moving toward solutions that enable organizations to own and control critical parts of their digital asset infrastructure, the industry can Relieves Risk and vulnerability mitigation while working closely with decentralization principles. This shift is essential to fostering trust and security in the rapidly evolving crypto landscape.

Now is the time for organizations to take control of their policies. By adopting models that provide partial or full control over key management and policy enforcement, organizations can better align with the proper treatment and oversight of service providers or outsourcing arrangements. This paradigm shift is essential to the future of the industry, and is poised to protect the core values ​​of cryptocurrencies while paving the way for continued innovation and trust.

Haden Patrick

Haden Patrick He is the COO of Cordial Systems, a company that provides enterprise-grade self-custody software using a zero-trust security model. Haden brings executive experience in team leadership, engineering, and education stemming from his 24-year career as a naval officer. After co-founding SoloKeys, the first open-source security key company, he ran projects bridging web3 and traditional finance at a cryptocurrency exchange before joining Cordial Systems.

autonomyCentralizingConveniencekillingSaaSsakeWallets