An underlying theme of this cycle is challenging preconceived notions of how people use Bitcoin around the world. New behaviors are emerging and different cultures are using the asset in ways that disrupt previously established patterns.
One major trend emerging from this chaotic environment is the resurgence of seedless security models, which take a radically different approach to securing Bitcoin private keys. Proponents argue that established security practices are failing to meet the expectations of a growing number of users. Coupled with the maturation of custody alternatives, the rise of ETF products raises concerns about the prospect of future users migrating to more complex self-custodial solutions.
It’s not the first time security experts have pointed to seed phrases when asked about Bitcoin self-custody’s difficulties in bridging the gap. Industry veteran Jameson Lopp has long discussed the challenges of the security model and remains outspoken about its pitfalls. His company, multi-signature wallet provider Casa, was founded in part to address the problems caused by traditional backup methods.
In a conversation with Bitcoin Magazine, current House CEO Nick Neuman expressed his colleague’s concerns:
“We We need to think more carefully about how we use them as an industry because the user experience of getting a seed phrase the first time you set up a wallet is very difficult.”
The Dangers of Seed Phrases
Despite significant advances in the quality of Bitcoin products and applications, the self-custody landscape remains dangerous for those whose comfort with technology stops at their iPhones. Every day, reports surface of multiple successful phishing attacks that target victims’ funds by compromising their wallet seed phrases.
Earlier this January, popular hardware wallet provider Trezor announced that it had reason to believe sensitive customer data had been leaked following a breach of a third-party service provider. In the months since, X users have reported a new wave of phishing attempts in their inboxes.
Another reminder of the average citizen’s vulnerable state when it comes to security came in 2022 when a security breach occurred in the popular password manager LastPass.
After a series of curious incidents involving hacking of mobile and hardware wallet users, researchers eventually figured it out that seed phrases stored on the service’s servers had been compromised. From a a few months agolosses have been estimated reached over $250 million in various cryptocurrencies.
While popular Bitcoin influencers have been calling for the adoption of more robust security systems with hardware wallets, many market participants are still getting used to the practice. Shehzan Maredia, founder of Bitcoin financial services company Lavasees a significant gap between security product developers and much of the Bitcoin market.
“I’ve noticed that most people start to doubt their ability to supervise themselves when you use hardware wallets and seed phrases. Half of them will be bad at following instructions and the other half will just prefer to use custodians,” he noted.
Security experts are adamant that private keys should remain offline at all times. However, Maredia argues that the secure enclaves in modern mobile phones are sufficient to thwart most attacks on users today.
“If you look at the most common reasons responsible for user fund loss, you rarely find examples of compromised mobile keys,” he says. Rather, it’s more likely that users poorly secure their seed phrase backup or give it away in a phishing attack.
Challenges and opportunities for seedless agriculture
Bitcoin products have undergone many improvements since Casa introduced the seedless wallet approach years ago, but few have followed the company’s lead. While self-custodial applications are more robust than ever, some of the changes have added extra steps to an already significant learning curve. It’s worth asking whether a nihilistic attitude toward security has reduced the practice to rituals that are unpleasant for the average person.
Neuman remains optimistic, suggesting that there has been a noticeable shift in the industry toward more realistic approaches, though he believes Bitcoin products are lagging behind
“There are still quite a few wallets that force you to store (your seed phrase) up front. I guess it’s a bit of a risk management thing on their part, but it actually works against the goal of helping users feel comfortable holding their own keys.”
Regardless, the trend suggests that the rest of the industry is starting to realize the risks of users handling sensitive information. Recent technologies such as passkeys, implemented in Coinbase’s new “Smart wallet,” offer interesting alternatives for this new generation of products. Access codes are a new standard promoted by internet giants like Apple and Google. They aim to replace traditional passwords with cryptographic keys tied to a user’s device and identity.
According to our research, testimates by early adopters indicate that the technology still needs to solve important standardization issues. Lava’s Maredia agrees that there is room for improvement. He recently launched a seedless solution that he believes delivers the best security compromises you can expect from mobile devices.
The Lava Vault is heavily inspired by older contributions from ex-Spiral developer Tankred Hase, called Photon SDK. Photon implements a seedless cloud backup similar to Casa’s early mobile key wallet implementation, but is fully open-source, though it has not been maintained for some time. Maredia is confident that the 2-of-2 solution he adapted from existing designs in the ecosystem is resistant to most known attacks.
“We’ve looked at things like passkeys, but we just don’t think they’re designed to protect important key material like Bitcoin. They essentially swap one piece of sensitive information for another, and are typically stored in a password manager. In practice, most password managers do a terrible job of handling them, and they can be deleted very easily, even on iCloud.”
Lava secures users’ seed phrases with a high-entropy key stored on a separate server. After the seed is encrypted, it is stored in a special directory in the user’s cloud, which can help prevent accidental deletion or malicious access. Users authenticate with a keyserver, which enforces rate limiting, using a 4-digit PIN of their choosing. Lava does not require account creation, which protects users’ privacy from the service and servers. For day-to-day operations, the wallet uses a different key stored on the device’s secure enclave.
“Even if a party has access to encrypted information, there is no single point of failure because they need to know the encryption key. Forgetful users can set up a PIN recovery method that allows them to change their PIN after a 30-day delay.”
Maredia expects its security protocol to evolve based on users’ needs and different risk profiles. Wallet policies such as 2FA, withdrawal or spending limits, and whitelisting addresses are already on the way. “Lava Smart Key is a very flexible solution. Users can easily upgrade their self-custody settings, and we are open to accommodating users who have specific requirements,” he explains.
While seedless backups have been criticized for exposing individuals to unnecessary third-party risks, open-source implementations such as the Photon SDK and Lava’s vault model suggest that more vendors and service providers could implement similar standards and solve this problem.
Seed phrases are still an important part of the security stack, but the two entrepreneurs consulted for this article believe it is essential to abstract them away from most future users.
“Seed phrases in general are a really useful tool to make your keys more portable between wallets and give you the ability to opt out if something happens to the wallet software you’re using,” said Nick Neuman, CEO of Casa.
To eliminate single points of failure, Casa promotes a combination of multi-sig plans with hardware devices, but adheres to seedless principles where possible.
“Wallet software is designed to manage private keys. Humans are not designed to manage private keys. So we should leave that task to wallets.”