The Challenges of Custom Cryptocurrency Wallet Development
September 13, 2019
As you likely know, a cryptocurrency wallet is a type of software used to store digital currencies. The benefits of these wallets are that you have complete control over your own money, and users get all the best parts of decentralization, security, and transparency.
However, these benefits bring added risks to the software. With cryptocurrencies like Bitcoin and Ethereum becoming increasingly popular, securing crypto wallets and their private keys is an even bigger priority. As the designer of a cryptocurrency wallet, you’ll have to face risks that don’t exist with credit cards in order to create a great wallet.
What is the difference between crypto wallets to credit cards?
The main problems crypto wallets present that credit cards don’t are:
- Credit cards can easily be cancelled, but private keys can’t. This means there is no way to maintain an account without being exposed to potential future losses. It also ensures that any time the private key is lost, the wallet is fully compromised.
- Every credit card has a spending limit on it that prevents overspending or the complete withdrawal of funds. This creates a larger liability for wallets than would be present on the more restrictive credit cards.
- Users of credit cards have limited liability in the case of the card being lost or stolen, as long as they report the loss in a timely manner. If a private key is compromised, then the user is exposed to the full extent of their holdings.
- The banking system has had years to develop anti-fraud mechanisms that help detect a compromised credit card. If irregular spending patterns or locations are showing up on your statement, you would be flagged, whereas there are no such controls with your private key.
- Payment processors like Stripe or Braintree store credit card information in a safe place and facilitate payments while mitigating the liability for these users. Crypto wallets allow you to keep full custody of your payment information, but that also means you must provide that information every time.
Challenges of digital wallet development
Most of these issues don’t exist with credit cards, but are key issues with wallets due to the way blockchain technology functions. Custom cryptocurrency wallet development involves solving all of these problems.
The layperson doesn’t have a strong understanding of how this software works, and may expect similar controls to the conventions they were used to before when utilizing a credit card. That’s why these problems must be solved in order for cryptocurrency solutions to scale to the masses.
Many of these issues are solved by the banks, and this is why they are able to charge such high fees. Wallets are ideally able to solve these problems at scale, but still cost a fraction of the price.
Attacking wallet security issues
From a security standpoint, you are responsible for more when you hold a private key rather than a password. Password storing allows for users to use a cryptographic hash to verify the correct password, but without the password ever being stored in the database. Password storing allows users to log in using the stored hash, but prevents them from finding out what the password is.
This cryptographic hashing option does not exist for hot wallets, which instead require users to provide the private key each time they need to sign a transaction. There is no option to store private keys as a hash in the same way that passwords are. As such, private keys must be provided each time, unless they are to be stored on the system.
However, it is considered to not be secure to store private keys on IT systems, even if they are encrypted. Any inside job could result in unfettered access to the encryption key, the private keys it protects, and the related funds. This is where the largest security concerns arise.
Custom cryptocurrency wallet development
Building a custom cryptocurrency wallet requires you to address all these issues, face the above-mentioned security challenges, and try to deliver a similar quality of work like credit cards.
Cold wallets are considered the gold standard when it comes to secure wallets, however, they do not provide the flexibility a robust fintech crypto software as a service requires. Cold wallets depend upon human intervention, which is not suitable for this space. Instead, a (more challenging) hot wallet must be developed. I previous blogposts we explained the difference between cold wallet and hot wallet.
The crypto industry also has a strong stance on digital assets custodians, because of the security risks that come with not holding your private keys. Additionally, US and EU bank deposit protection policies do not cover cryptocurrencies, so you either have to pay a ridiculously high cost of insurance, or place all your trust in the custodian. A final problem with these parties is the slow withdrawal time (up to 2 hours with cold storage digital custodian like Vo1t).
Complex crypto knowledge
The complexity that must be handled in order to build a reliable and secure custom cryptocurrency wallet is no laughing matter. Deep knowledge of modern web service development, including networking, cloud services (AWS or GCP), clustering technology (Kubernetes), containerization, databases, programming languages, and cryptography solutions, are all essential to the design.
If you don’t have these, your comprehension of the potential attack vectors is limited. And that ignores the fact that the number of vectors is multiplied by 10 when you take the inside job into account.
And then to add further complexity to the design, you need to worry about maintaining cryptocurrency nodes as well. This is considered a massive challenge, as stories about unstable Bitcoin core, Geth, and Parity nodes illustrate. To bring your downtime down to zero, you have to factor in redundant nodes. This is difficult to do when you take into consideration the hours it takes for Bitcoin or Ethereum node to do the initial sync.
Finally, you’ll need indexers for all the blockchains. And these will need to be written yourself since the open-sourced options are either poor in quality or not designed with high availability in mind (and are therefore only suitable to be locally run).
Now that we’ve gone through all the challenges you may face while designing a custom cryptocurrency wallet, the next blog post is going to explain how we at Ulam Labs faced these challenges when designing a wallet for a Client.