Crypto wallets are essential for the participation of users in the crypto market. They are therefore also of utmost importance to providers of crypto services and often a central building block in the operation of the respective business model. The traditional design – one private key per wallet – allows access to the crypto assets held in the wallet only to those individuals that dispose over the associated private keys. In business models which include wallet services, the private keys regularly remain with the provider while the user is left to interact with the provider via his login information for instructing the provider to dispose over the crypto assets held in the wallet. The central risk for providers in this context is the loss of the private keys. A loss of the associated private keys makes it impossible to dispose over the crypto assets on the respective wallet. Private keys of traditional wallets may be recovered using a so-called seed which can also potentially be lost. The provider will generally be liable and obligated to compensate his client in cases, in which he loses both the private key and the seed.
Counterfactual Wallets – Smart Contract Wallets on the Blockchain
Counterfactual wallets are smart contracts executed on a blockchain. As such they offer certain advantages over traditional crypto wallet software. Notably with counterfactual wallets, the private keys which are required to initiate a crypto transaction are not associated with the wallet, as is generally the case with traditional wallet software. Counterfactual wallets instead provide the option to replace lost or compromised private keys. Another advantage of counterfactual wallets is the possibility to guarantee that only the current version of the wallet is being used. The latest version of a counterfactual wallet will automatically be retrieved from the underlying smart contract. Should the code of that smart contract be updated or expanded, all counterfactual wallets based on that smart contract immediately receive an update, e.g. to eradicate security gaps or enhance functionality. The aforementioned option to recover access to counterfactual wallets can e.g. be achieved via a so-called social recovery feature. In this process, a group of other participants of the blockchain is automatically defined, which can change the private keys to the respective crypto wallet upon request of the wallet owner via majority decision. These participants, who are also known as “guardians”, never have access to the private keys of the crypto wallets to which they can alter the private keys, because they do not know each other and, from a technical perspective, there are only fractions of the private keys of the counterfactual wallet stored with them.
Can the Offer of Counterfactual Wallets Be a Regulated Crypto Custody Service?
According to the wording of the law, crypto custody services which are subject to authorization can be given in three scenarios: the custody, management or safeguarding of crypto assets or private cryptographic keys. BaFin has not yet published its opinion on whether or not the operation of counterfactual wallets is subject to any or all of these alternatives and if the operation of counterfactual wallets can be qualified as crypto custody services. The decentralized design could be an argument against an authorization obligation of providers of counterfactual wallets. On the other hand, counterfactual wallets also work with private keys which must be stored, managed and safeguarded against unauthorized usage by third parties. In the case of crypto services with integrated wallet services, this task is always fulfilled by the operator for the clients. With counterfactual wallets, there is furthermore the task to determine guardians. The operator would need to request a social recovery, should it be necessary, and he would also need to correctly store, manage and safeguard the new private keys. The fact that counterfactual wallets are not executed within the central IT-structure of the operator but via a smart contract on a blockchain is irrelevant with regards to the handling of associated private keys. Therefore, the operation of counterfactual wallets for clients will most likely in most cases be a form of crypto custody service and therefore subject to authorization.
Rechtsanwalt Lutz Auffenberg, LL.M. (London)
Rechtsreferendar Gabriel Aslan