🧵 Thread

•

Five ways we're going to see an end to NFT thefts and wallet scams. Until now crypto wallets have been fundamentally broken but here's how we're belatedly seeing a fight back against the scammers and thieves. A thread.

Not a day goes by without another hack or theft in cryptoland. Everytime it happens, it's ordinary users who are hit hardest. Inexplicably, social media is often full of comments ready to blame victims, including from developers.

Recently we witnessed millions of dollars hacked from wallets stemming from an attack on a Solana wallet, one which users could most likely do little about. NFT scams are so common and tricky to spot that even well known and experienced crypto users have been victims.

How did this become acceptable and what can we do about it? Bitcoin's ethos was to be your own bank but, as many have discovered, securing your own bank in a digital world is extraordinarily difficult.

Unfortunately many developers and early adopters still hold to this ethos without addressing how to actually do the 'secure' bit in a way which works for regular human beings across the world. Finally we're seeing real progress. Here are 5 ways the problems will be addressed.

1) Improved Transparency MM recently added a feature to indicate when you're being asked to "Set Approval For All" on your NFTs. It's not great UX but it's a start - and has saved me once already after an efficient social media scam.

2) Wallet Guards Multiple projects are developing wallet guards, such as @wallet_guard. These are similar to virus protection but will warn you if you're about to do a dubious transaction. Multiple methodologies are being developed but these will be standard in the near term.

3) Vaults and Signing Accounts For too long it's been normal to sign every transaction using your primary wallet. EIP5131 proposes a standard which separates your NFT account from one which is used to prove ownership, and perhaps mint in future.

By avoiding exposure to your primary NFT account or vault, it becomes impossible for scammers to steal your NFTs and other tokens. We've seen variants used recently but we aim to standardise how it's done.

4) Token Protection Some wallets already allow you to set on-chain limits on transactions, such as Gnosis Multisig. I'd like to see this extended to NFTs and off chain protection, a low cost option which can provide additional security against user error and scams.

5) MPC Wallets A relatively new technology and one which is yet to be in mainstream consumer use, MPC wallets avoid users having a single key at all, and avoids them trusting an entity. By using multiparty computation it's possible to never even have a single private key.

In future, I would hope that popular wallets move to a hybrid MPC approach by which only the user and metamask working together can sign transactions, preventing key theft on a local device. Business level MPC is offered by Fireblocks, Zengo, CryptoAPI and more.

Moreover, MPC wallets can allow free multi-sig support and asset protection rules. For example, tell Hybrid MPC MM never to sign a transaction involving your Bored Apes without 2FA on mobile and a 7 day wait period.

This is akin to how your bank and credit card providers can protect you from malicious transactions. Items 1-4 can be built into MPC wallets - and that's the ultimate wallet type we should be aiming for.

There's still a place for single key and on-chain multi-sig wallets, but the vast majority of users should have mobile and desktop MPC wallets protected with a username, password, 2FA and all the points above, as well as a recovery option.

It's only then that we'll stop seeing so many thefts and successful scams It will also mean regulators and the media will have to take note instead of the constant stream of reasonable criticism. Early days but the light is at the end of the tunnel.