The founder of Ethereum  wrote a blog post listing the qualities he would like to see in a bitcoin and cryptocurrency wallet.

Vitalik Buterin Teaches You How to Find the Ideal Crypto Wallet


Vitalik Buterin, founder and developer of Ethereum, described in an article of his own the qualities and properties that an ideal cryptocurrency wallet should have. The article, which was published on December 3, 2024, stated that cryptoasset wallets are one of the most important technological products, but most neglected by the developer community. While many of the optimizations he proposes do not yet exist or are in development, his article serves as a useful decalogue that helps to know the most suitable and advanced properties that a cryptocurrency wallet should have.

The goal of the post, in the developer’s own words, was to provide his “own take on some of the properties that an ideal Ethereum wallet would have.” He commented that, broadly speaking, this wallet reflects his cypherpunk leanings and is focused on cryptocurrency security and privacy.

Buterin gave his own definition of a wallet before going on to define the technical and design features that an ideal version should possess:

Wallets are the window between a user and the Ethereum world, and a user only benefits from any decentralization, censorship resistance, security, privacy, or other properties that Ethereum and its applications offer to the extent that the wallet itself also has these properties.

Interoperability between second layers (L2)

For Vitalik Buterin, cryptocurrency wallets should support integrated and easy transfers between different L2s. This would make it possible for users to send funds to specific addresses automatically and, above all, regardless of which chain the funds are initially located on.

To do this, cryptocurrency wallets must be able to allow requests for payments and deposits to specific chains. To do this, they must handle addresses that include metadata from the receiving chain. To send a transaction from Arbitrum to Optimism, both second-layer networks of Ethereum, it would be enough to enter the following address in the sender and click send: [email protected].

In short, these wallets should be able to move funds from one layer to another via explicit, dedicated addresses. “When someone (or some app) gives you an address in this format, you should be able to paste it into the ‘to’ field of a wallet and click ‘send.’ The wallet should automatically process that send in any way possible,” Buterin said.

Security with “social recovery” and multi-signature features For the founder of Ethereum, the security section of a cryptocurrency wallet must be able to “(i) protect the user from being hacked or malicious by the wallet developer, and (ii) protect the user from their own mistakes.”

Their preferred response to the two problems listed are “social recovery” functions with multi-signature functions.

Social keying is a wallet design model that works with shared keys. These accounts have a primary key held by the main user, and N number of guardian keys held by other people, such as friends and family. Applying a larger number of these keys when performing actions with the wallet will allow for more complex and higher value transactions.

The primary key can perform non-financial and low-value operations. Most keepers are required to perform (i) high-value operations, such as sending the entire value of the account, or (ii) changing the primary key or any of the keepers. If desired, the primary key can be allowed to perform high-value operations with a temporary lock.

Wallets should make life easier for new users

These technically advanced security features should be configurable by new and inexperienced users using this ideal Vitalik wallet.

New users will not want to have to enter a large number of guardian keys on their first experience. Therefore, wallets should offer them a very simple option.

The simple route he proposes is a multisig that allows the wallet to run with 2 out of 3 signatures using zk-email (a security and privacy focused email service), a key stored locally on the user's device, and a backup key held by the wallet provider, which can be operated through a third-party app.

In-app wallets are inevitable, because apps trying to attract non-crypto users don't want the confusing user experience of asking them to download two new apps (the app itself, plus an Ethereum wallet) at the same time.

The founder of Ethereum also believes that wallet developers should continue to strive to help users detect fake addresses, phishing, scams and other external threats, although he believes there is no magic, one-size-fits-all solution to these problems.

Wallets should have built-in privacy features

Vitalik thinks it's time for Ethereum to take more advanced privacy solutions, such as ZK-SNARKs, seriously. His ideal wallet would be able to host private transfers directly integrated into users' wallets.

Until now, making private transfers on Ethereum required users to explicitly download and use a “private wallet,” such as Railway (or Umbra for stealth addresses).

To avoid the average user having to go through this detour to enjoy private fund transfers, Buterin recommends a solution that he considers simple to integrate into his ideal wallet: “You could store a portion of a user’s assets as a ‘private balance’ in a private pool. When a user makes a transfer, it would automatically be withdrawn from the private pool first. If a user needs to receive funds, the wallet could automatically generate a stealth address.”

Another way that the developer sees as plausible to apply in his ideal wallet is this: that said wallet allows generating new addresses for each application connected to the wallet. This would give the wallet imagined by Vitalik the ability to reduce the traceability of operations while protecting the identity of the user.

Buterin argues that this ideal wallet should integrate privacy features that apply not only to asset transfers, but also to the user’s identity. Especially in a digital environment where human identification mechanisms are becoming more and more common. “A native ecosystem of multiple accounts per user helps achieve this,” the developer suggested in his post.

Cryptocurrency wallets and data wallets

Wallets need to become not just software for storing on-chain access permissions, but also software for storing your private data. This is something the non-crypto world is increasingly recognizing as well.

According to Vitalik, his ideal wallet, capable of being efficient in terms of privacy, would also be a bank of private data stored off-chain. This wallet must therefore guarantee both control of access permissions and accessibility and non-disclosure of private data.

Cryptocurrency wallets as “privacy banks” are explained because the cryptography and security solutions used today for transactions could also be used to protect individuals’ data on the Internet.

Most of people's data on the web is in unencrypted states, making it more vulnerable to attack by hackers and malicious actors. According to Buterin, a cryptocurrency wallet must therefore protect both the funds and the identity of the individual.

Secure access to the chain 

Vitalik's ideal wallet requires standardized light clients for layers one and two that directly verify the consensus of the ledger on the network (blockchain).  

This is contrary to current practices, where wallet developers rely on RPC ( Remote Procedure Call ) providers to obtain information about the chain , which implies at least two vulnerabilities: 

i) The RPC provider could try to steal money by providing false information, for example about market prices. ii) The RPC provider could extract private information about the applications and other accounts a user interacts with. 

Private Information Recovery (PIR) is a thin client-like solution that can address these vulnerabilities, but would require optimization to do so.  

PIR works with a server that maintains a copy of all data. A client sends an encrypted request, and the server performs a calculation on the data and returns it encrypted with the client's key. It does not reveal to the server what specific data was requested, which contributes to the privacy of the user and the system accessing information on the chain. 

 Security of decentralized applications

The weakest link in a user’s security is often decentralized applications. Most often, a user interacts with an application by accessing a website, which implicitly downloads the UI code in real time from a server and then executes it in the browser. If the server or DNS is hacked, the user will get a fake copy of the interface.

To solve this problem with his ideal wallet, Buterin suggests that access to these decentralized applications be done within the functional limitations of the chain. Users would access a decentralized application (dapps) through its Ethereum Name Service (ENS), for example, and any update to the interface of these dapps would require an on-chain transaction from a multisig or a decentralized autonomous organization (DAO).

Additionally, this wallet would allow dapp developers and firms to pay a bonus to users affected by a hacked or fraudulent dapp. Wallets could display a user score based on the size of the bonus.

Finally, Buterin's ideal wallet, or at least a more futuristic model of one, would incorporate advances in three important technological areas: artificial intelligence, brain-computer interfaces (such as Neuralink), and programs that defend users against ads, trackers, viruses, and online threats.

How do you rate this article?

7



Blockchain Development
Blockchain Development

A blog that covers everything that's happening in crypto world.

Publish0x

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.