Expert opinion

Q&A with Safe Co-founder and Technical Leader Richard Meissner on Wallet Security and protection against exploits

As cryptocurrency adoption continues to surge, securing digital assets has become a top priority for investors and traders. Safe is a leader in the space, providing a secure and user-friendly platform for managing cryptocurrencies and protecting users' funds from hacks, phishing attacks, and other exploits. 

In this Q&A session, we'll be speaking with Richard Meissner, Safe's Co-founder and Technical Leader, to gain valuable insights into the best practices for crypto wallet security, the latest developments in the field, and how Safe is innovating to stay ahead of the curve.

  1. As a co-founder and Technical Leader at Safe, can you explain to our audience what your platform does and how it enables users to manage their digital assets securely?

Safe is the most widely adopted platform and infrastructure provider making self-custody smarter through the technology of account abstraction. Our mission is to unlock ownership, and we are committed to advancing more user-friendly and dynamic Web3 platforms.

Safe{Wallet}, launched in 2018, is a multi-signature wallet, or multisig, which allows a smart contract account to be controlled by multiple private keys simultaneously. This innovation was aimed at supporting teams co-managing digital assets, but is also offers a number of security benefits for both individuals and organizations, enabling customizable guardrails and recovery solutions.

This year, Safe launched Safe{Core}, a modular and open-source stack already in use by developers to integrate account abstraction features into Web3 platforms. The underlying architecture of this developer stack, modular smart accounts, provides a strong foundation for developers. With Safe{Core}, builders leverage existing components and tools instead of building new features, which would require additional bug checks, providing greater security to the development process. 

  1. With the rise of DeFi scams and hacks, which have seen millions of dollars disappear out of thin air, how important is it for cryptocurrency holders to take security seriously? What measures should they be taking to protect their assets from these threats?

DeFi platforms have created unprecedented opportunities for digital ownership, but self-custody puts significant responsibility on the user. Centralized platforms are perceived to alleviate this burden by delegating control to custodians, but this also exposes users to potential mismanagement of funds. In contrast, full self-custody offers more financial sovereignty but comes with the responsibility to understand every detail of the stack.

Smart accounts expand the options for custody so users are no longer faced with a binary choice, and are empowered to customize their self-custody experience, optimizing for their specific risk preferences. 

For example, if I were more risk averse, I could designate a guardian for my account in case I lose my key. But if I value self-sovereignty more, I can choose to go without a guardian, though that option will always be there. It’s not my place to say what measures users should be taking, but I believe in giving individuals the most choice possible when it comes to how they secure their digital assets.

  1. Could you explain how Multisignature (multisig) wallets work, and how they offer increased security for cryptocurrency holders compared to traditional wallets?

A multi-signature Wallet or multisig is a type of smart contract account that can be controlled by multiple keys or users, Safe{Wallet} is an example of a multisig.

Whereas traditional hardware wallets require a single seed phrase to execute transactions, multisigs allow more flexibility which enhances security. Access can be customized to different levels per user to reduce the risk of internal fraud, and spending limits and time locks can be imposed to create more barriers for malicious actors. Multisignature wallets also enable social recovery, where users can designate a guardian to have access to an account in the case of a lost key. 

Multisigs have proved useful for a range of accounts, from individual users to DAOs and beyond – over 4.5 million Safe smart accounts have been created since the project began. 

  1. At Safe, how do you ensure your platform remains secure in the face of evolving cybersecurity threats? What steps do you take to stay ahead of the curve?

Prevention is key. On the developer side, the best defense is to build resilient code and maintain security through frequent auditing. Devs need to consistently test and assess whether there are any vulnerabilities in the code that could be exploited by hackers.

When it comes to self-custody, however, you can build the most resilient code but if the platform is not user-friendly it can lead to security breaches. That’s why the Safe team promotes the adoption of smart accounts – by simplifying user experience and removing many of the barriers associated with managing a hard wallet, we can prevent exploits caused by user error.

  1. Please discuss your proposal to standardise the on-chain auditing in the Ethereum ecosystem.

As an infrastructure provider, it’s our responsibility not only to make the Safe network secure but to also help developers across the crypto community build more resilient code. With this in mind, Safe, along with security experts from OtterSec, ChainSecurity, Ackee Blockchain, OpenZeppelin, and Hats Finance, has proposed a new Ethereum standard ERC-7512, to standardize onchain audit report representations.

Our industry has reached a critical juncture where we can no longer continue with the status quo – an estimated $667 million in assets was lost to DeFi hacks in the first half of 2023 alone. 

For context, auditing takes up significant resources from developers, with a lack of coordination and transparency at the heart of the problem. This solution acknowledges the challenges of auditing and allows devs to pool their resources to conduct efficient and transparent audits. By standardizing this process, adoption of ERC-7512 would enable developers to make full use of the flexibility of smart contract accounts, bringing Web3 into a new era of innovation. 

To put this into perspective, standardizing security measures in Web3 would be as monumental to the industry as the transition from mobile phones to smartphones; it would create numerous avenues for growth. That being said, we don’t see ERC-7512 as a silver bullet, rather, we see this standard as a catalyst for more initiatives to advance blockchain security.

  1. Are there any particular trends or innovations in blockchain security that you are particularly excited about? How do you see these developments shaping the industry's future?

One of the main issues in the account abstraction space right now is a lack of coordination. We’ve noticed a number of projects using different modular frameworks to build smart contracts. Constantly introducing new modules and plugins can create new security challenges and reduce interoperability. 

To combat this, Safe recently published a whitepaper for Safe{Core} Protocol, an interoperability protocol for modular smart accounts that would allow builders to develop applications more efficiently, benefiting from common tooling and components.

Improving coordination within the industry doesn’t just make the lives of developers easier, but improves user experience as well. Guaranteeing interoperability allows users to move their accounts across platforms as they wish, which means true digital ownership. 

So far, we have seen positive feedback on this framework, and we continue to look for opportunities to eliminate bottlenecks for developers and improve user experience.

____________________

Safe

Safe is the leading self-custody platform and infrastructure provider, currently securing nearly ~50 billion in assets. By leveraging account abstraction, Safe’s mission is to unlock digital ownership by bringing a Web2-level user experience to Web3. 

Safe{Wallet} has become the default wallet of choice for Web3 native projects such as AAVE and 1inch, as well as enterprises like Shopify, delivering security and usability without compromising on self-custody. Many of the largest individual asset holders like Punk6529 and Vitalkin Buterin also choose Safe{Wallet} to secure their personal assets. With the launch of Safe{Core}, developers have access to a modular and open-source stack enabling account abstraction, providing the foundation to build user-friendly and secure Web3 platforms.

To learn more about how Safe is unlocking digital ownership, visit: https://safe.global/

Richard Meissner, Co-Founder and Technical Lead at Safe

Richard Meissner is a co-founder of Safe and a software engineer. With almost a decade of experience as a developer, Richard is committed to expanding the scope of digital asset ownership. He believes that account abstraction will catalyze mass adoption of self-custody and set a new standard for security in the domain.