πSecurity & Self-custody
The first self-custodial telegram bo
Always-On Security
Space Wallet uses ERC-4337 Account Abstraction together with Multi-Party Computation technology to ease the setup for the user and manage always-secure access to the wallet. Both of the technologies have shown bullet-proof security and received adoption by such companies as Binance, TrustWallet, and Safe.
Commonly in telegram bots (but not for the Space Wallet) the private key is available to the backend services of those bots. They use it to sign transactions and create a potential to leak all of the funds for those wallets. This stops many of the users from using those bots.
βNot your private key, not your cryptoβ one could say, and would be right. Thatβs why Space Wallet never stores or sees the userβs private key or seed phrase on the backend services. Space Wallet guarantees the seed phrase is in a secure place, accessible to a user, but no-one else has access to it.
Letβs dig into the details.
Email-less social-recovery sign-up
Space Walletβs ability to instantly create a wallet and have access to it with no additional steps (literally 1-click) has been greatly appreciated by users. When SpaceWallet is opened user has the account and can execute the transactions from a certain address on-chain. How did we achieve that, while keeping Always-On Security?
Moreover, users can (and should) create a social recovery once they deposit money. Space Wallet starts to aggressively push the user for this action, as to increase the security to one more level. Why do we do that and what it brings?
Seed-Phrases and Account Abstraction
To answer those questions, we have to understand where the seed phrase is stored, why it changed, why the user has access to it, and how to preserve the Address and the wallet itself.
The introduction of Account Abstraction created the ability to build smart wallets which can be more secure and recovered easily in case of loss with social-recovery. Meaning that as long as you have access to your socials, you can recover the private key in case of a loss. The user is in control of how many socials are required to get access.
Once the users sign up, Telegram is the provider of social-recovery, and users with the collaboration of Telegram and Space Wallet can always receive their private key. Private keys are always stored such that neither Telegram nor Space Wallet alone can retrieve them (also known as Multi-Party Computation).
Last updated