Crypto tools on the market are divided into non-custodial and custodial according to the type of wallet custody.
Non-custodial: the most widely used, such as the metamask wallet, each transaction requires manual operation. The advantage is that it does not leak private keys and is relatively safe. But the disadvantage is that it is based on browser plug-ins and has limited functions.
Custodial: There are relatively few users, most of whom are high-frequency traders, such as trading bots. The advantage is that it is easy to use, like the cex mode, which can automatically execute the set trading tasks. The disadvantage is that the private key is exposed, which may lead to the theft of tokens. The Dexx platform platform caused a sensation some time ago. The private key leakage incident of all user wallets, up to 20 million US dollars in assets were stolen.
I personally believe that wallet security is the premise of all encryption behaviors, and all behaviors that expose private keys are dangerous.
Will the secure and powerful encryption tools (of course there will be some limitations) be popular? Can we achieve it?
Here are some of my thoughts after a period of technical exploration:
- Many encryption tools are based on browser plug-ins, but the interaction between them and wallet plug-ins must be participated by users, such as signing, confirming transactions, etc. If this model is moved to the desktop, and some interaction optimization is performed, more powerful tools can be produced.
- First, develop a desktop wallet application and open source it. Open source means that everyone can audit the code to prevent the program from having backdoors that threaten the wallet private key, such as plain text storage, being sent to the server, etc. Of course, the application functions are far more than these, such as batch generation of wallets, batch management of wallets, and secure backup of wallet private keys.
- Then design a set of secure transaction signature protocols, and all external applications can request signatures from wallet applications to encrypt data, confirm transactions, etc.
- Then develop various encryption tools (closed source) based on the wallet, similar to snaps on metamask. At this time, you can use the characteristics of desktop applications to interact with the operating system, such as scheduled tasks, reading and writing files, etc., which are more powerful than browser plug-ins and even have most of the capabilities of server applications.
The product form is a wallet desktop application + a large number of encryption tool plug-ins, similar to utools. Its ultimate vision is to become a desktop encryption tool ecosystem. After I investigated the market applications, I am very sure that it can make more browser encryption tools more secure, such as mct, bbctool, cointool, slerftools, abot, etc. Of course, this is also an opportunity.
Now I have started some work on these ideas, and everyone is welcome to put forward ideas and suggestions.
市场上的加密工具根据钱包托管类型,分为非托管和托管。
非托管:使用最为广泛,比如 metamask 钱包,每笔交易需要手动操作。优点是不泄漏私钥,比较安全。但缺点是因为基于浏览器插件,功能受局限。
托管:用户相对较少,大多是高频率交易者,比如交易 bot。优点是使用方便,像 cex 模式,可以自动执行设定的交易任务。缺点是暴露了私钥,有可能导致代币被盗。前段时间弄的沸沸扬扬的 Dexx 平台所有用户钱包私钥泄漏事件,高达 2000w 美元资产被盗。
我个人认为,钱包安全是一切加密行为的前提,所有私钥暴露的行为都是危险的。
那安全又功能强大的加密工具(当然会有一些限制),是否会受到欢迎?我们是否可以实现它?
下面是我经过了一段时间技术探索后的一些想法:
1.很多加密工具是基于浏览器插件,但是它们与钱包插件之间交互必须用户参与,比如签名、确认交易等。如果把这套模式搬到桌面端,再进行一些交互优化,可以生产出更强大的工具。
2.首先开发一款桌面钱包应用并开源。开源意味着所有人可以审计代码,杜绝程序有威胁钱包私钥的后门,比如明文存储、被发送到服务端等。当然应用功能远不止这些,比如批量生成钱包、批量管理钱包、安全备份钱包私钥等。
3.然后设计一套安全的交易签名协议,所有外部应用可以向钱包应用请求签名加密数据、确认交易等。
4.再基于钱包开发各种各样的加密工具(闭源),类似 metamask 上 snaps,这时可以运用桌面应用的特性,与操作系统进行交互,比如定时任务、读写文件等,比浏览器插件功能更为强大,甚至拥有服务器应用的大部分能力。
产品形态是钱包桌面应用 + 大量加密工具插件,与 utools 类似,它最终愿景是成为一个桌面端的加密工具生态。在我调研了市场应用后,非常确定它可以让更多的浏览器加密工具更加安全,比如 mct、bbctool、cointool、slerftools、abot 等,当然这也是机会。
现在我已经开始了关于这些想法的一些工作,欢迎大家提出想法和建议。