- The Rise and Risks of SaaS-Based MPC Wallets
- Challenges of Dependency and Trust in MPC Custodians
- A New Paradigm for Crypto Custody
Traditional software-as-a-service (SaaS) based multi-party computation (MPC) custodians are often seen as convenient, but deeper examination reveals their limitations and risks.
The Rise and Risks of SaaS-Based MPC Wallets
The emergence of SaaS-based MPC wallets has significantly impacted the crypto landscape, allowing businesses to manage digital assets with convenience and perceived security. Despite being labeled as non-custodial, these solutions still require trust in a centralized party to securely coordinate signing and key generation. This reliance creates situations where control and security are not entirely in the hands of the user, increasing vulnerability. SaaS-based providers split cryptographic keys required for transactions into multiple parts distributed among various parties, enhancing security. However, the centralization of these services makes providers attractive targets for hackers.
Challenges of Dependency and Trust in MPC Custodians
Dependency on third-party vendors for daily operations and security introduces significant risks. MPC wallets often require vendor involvement for key policy and procedural changes, causing delays and reducing operational flexibility of institutions. These dependencies present operational risks and inability to promptly respond to threats, which is critical for regulated financial institutions with stringent security requirements.
A New Paradigm for Crypto Custody
Transitioning from a 'trust us' model to a 'verify and never trust' approach allows customers to host software partially or fully, providing greater control and security. This includes managing key aspects of asset security and infrastructure, significantly reducing risks and vulnerabilities.
Current SaaS solutions for MPC may not meet high standards of security and operational control, highlighting the need to revise approaches. Moving to models providing partial or complete control over key management and policy enforcement better aligns with decentralization principles.
