Why EOA Wallets are a Threat to the Future of Blockchain

Or: How to Bring Self-Custody to Billions of People

Tagged

Julien Niset

Oct 3, 2024

Quick summary

Before I start I want to make it clear that there are some great teams working on EOA (Externally Owned Account) wallets and I have used them extensively in the past. Ethereum wouldn't be where it is today without them. But, behind the (slightly) provocative title, I do believe there's a serious case on why we should move away from EOA wallets now if we want Ethereum to become mainstream without losing its core properties of self-custody and open access.

Blockchain is a fantastic technology. One that can transform our society in many aspects by redefining the concepts of ownership and identity. For example, the recent emergence of decentralized finance (DeFi) shows a future where anyone can connect to a global, open and transparent financial system to exchange and generate value.

DeFi is not just a better financial system; DeFi is different. It's a financial system where users are truly in control of their financial assets. And one where services - a.k.a protocols - are open and composable.

The challenge of mass adoption

With great power comes great responsibility - and blockchain is no different.

To benefit from this global, open and transparent financial system you are typically responsible for the security of a unique secret that identifies you to the system. This cryptographic secret can have multiple names - EOA, private key, seed phrase, secret phrase - but the rules of the game are the same. If you lose it, or someone else accesses it, you've lost everything. Literally everything!

That is both the beauty and the catch of blockchains: there is no central authority to censor or block you from using the system, but there is also no central authority to turn to when things go wrong. And things do go wrong.

The short history of blockchains is filled with stories of desperate users who have lost that secret, can't remember how to access it, or had it stolen after installing some malicious software on their computer. And we are talking about early adopters who are typically tech savvy and more inclined to understands the risks of the technology. Even experts have been tricked and lost millions!

Enabling a simple, reliable and secure on-chain experience is one of, if not the, main challenge in our journey towards mass adoption.

Do we really expect billions of people to borrow, lend, invest and pay on a financial system with no safeguards or safety nets? Normal people expect to see a "Forgot your password?" button when they login to an application. Just like they expect that they can call their bank to block a card that was lost or stolen.

Taking a step back, these safeguards are the reason we no longer store piles of cash under our mattresses.

So, if we agree that blockchain or DeFi is the future of finance, and we agree that mass adoption will not happen based on a system where users are solely responsible for managing their identifying secret with zero safety net, where do we go from here? What is our path towards mass adoption?

This is a question that I've discussed intensively with my 2 co-founders, Itamar and Gerald, over the years. Our answer to that question is the genesis and the driving force behind Argent.

The risk of trading self-custody for convenience

We basically see two possible futures for DeFi and blockchain in general.

We can continue with the current model of EOA wallets with seed phrases and somehow hope that the next billion users will all be security and opsec experts. But if we go down that route the most likely scenario is that we'll see a gradual shift towards custodial services that will "help" users to manage their keys and provide these much needed safeguards.

This slide to custodians will take a few iterations and maintain the illusion of self-custody for some time, but we will end up back in the old financial system where a few central operators control the user access to the system.

Just as physical systems follow the path of least resistance, users will naturally converge towards the solutions that provide the most convenience.

I'm sure the next waves of users will value self-custody, but only up to a certain point. The history of our modern society is filled with great technologies that addressed a user problem but never became mainstream because the effort to use them was bigger than the perceived value of their benefits.

Think of the privacy protocol PGP: we all complained at some point of Google (or the NSA) being able to read our emails yet none of us (with the exception of a few cypherpunks) use PGP to secure our emails even though it's been around for decades. Or think of how we all agree to give our personal data to Facebook or Twitter for the benefit of a convenient social network.

I believe this risk of trading self-custody for convenience is very real and when that happens we will have failed as an ecosystem.

A different route exists

Fortunately, we can also choose another route, and a radically different paradigm.

One that can maintain true self-custody without the need to secure and back-up seed phrases. One where users can make mistakes without delegating their ownership to a central service. One where users are fully in control yet can sleep at night without being afraid of losing it all. One where users don't need to choose between self-custody and convenience. Such solutions already exist today and leverage smart-contracts to program the safety nets that users expect.

With smart contract wallets, or "smart wallets", (in contrast to EOA wallets), we can have social recovery such that users are protected in case their wallet is lost, or we can have fraud monitoring such that additional confirmations are requested when the wallet suspects a fraudulent operation.

All these safeguards can be programmed at the blockchain level. Doing so unlocks unprecedented user experience without compromising true self-custody.

Smart wallets have been available for several years, already secure tens of billions of dollars in assets, and are gradually being recognised as the most secure and most convenient wallets available to users. The discussions around Account Abstraction are an effort by core developers of Ethereum to generalise and embed smart wallets lower in the protocol (EVM).

The choice is ours

Which path we choose is entirely up to us as an ecosystem, but we must choose wisely. The choices that we make today - either as users or developers - will shape the blockchain of tomorrow. And a lot is at stake!

This post used DeFi as an example but the applications of blockchain go way beyond finance. If blockchain becomes the foundation for a generalised personal profile that is used to login to both web2 and web3 applications then the consequences of compromising self-custody are even more profound.

At Argent we strongly believe that smart contract wallets are the only path towards mass adoption if we are to maintain true self-custody and ownership. And we are committed to make that happen. You can learn more at www.argent.xyz.

Thanks to Vitalik Buterin, Itamar Lesuisse and Matthew Wright for their feedback.