The Missing Link Between Web2 and Web3: Custody

Crypto faces a major barrier when it comes to mainstream adoption: The user journey is complicated and not yet built-out, and it’s not at all easy or intuitive for people new to crypto to even do the simplest possible thing — hold complete control over their own digital assets.

Of course, it’s not required that users hold complete control over their assets to invest in crypto. Centralized exchanges like Coinbase have proven the efficacy of the “custodial” model for trading crypto, in which people keep their assets with a custodian that secures and keeps track of them. The key advantage of this model is convenience: It’s become relatively easy for anyone to use the Coinbase app or other exchanges to buy crypto without having to write down a “seed phrase,” the string of words that constitute the “private key” controlling access to the assets. In this way users can buy and sell various cryptocurrencies, trade them for other cryptocurrencies, use assets for purchases and payments, and soon purchase NFTs.

Venturing further into the broader web3 ecosystem of fully decentralized interoperable apps and networks — not just exchanges, but play-to-earn games, tokenized social networks, fan-engagement communities, and other rich user experiences — is largely inaccessible through a custodian, however. That web3 experience requires sending their crypto to a non-custodial wallet, in which no one but the user holds the private keys and there are no limits to the types of transactions that can be done.

Indeed, this is the most exciting part of crypto, but also where we see so many first time users drop off. Web3 products can’t expect users to immediately make the leap from familiar centralized experiences into the deep end of decentralization in one step. The future of mass-market crypto experiences lies within apps that provide familiar, custodial experiences with the ability to graduate into non-custodial experiences.

This article will outline some ways that developers can think about a user journey that introduces users to crypto while leveraging some familiar Web2 constructs, and helps those users understand the potential of web3 before then handing them the keys to their assets – ultimately leading to greater adoption of their products.

Tokens and NFTs are already unfamiliar for many people, and there is a theoretical limit to how far the average person is willing to go to explore new experiences. In a purely non-custodial environment, most people will take one look at the screen where they are prompted to write down a 24-word “seed phrase” (the randomly generated phrase that constitutes their “private key,” or password) and decide it isn’t worth it. 

If the goal is to onboard first-time crypto users, the experience must be custodial — at least to start.

This chart shows a pathway toward more widespread adoption of the full web3 experience — and the streamlined user journey that it will take for people to comfortably move from a custodial system to a non-custodial one.

Below we go into more detail about each of these steps, why they are important, and how they build on each other to promote confidence and excitement in emerging web3 activities.

Step 1: Onboard first-time crypto users seamlessly through familiar Web2 constructs (e.g., logging in with your email address). Many web3 apps that exist today invite users to log in by connecting their wallet.

This will likely be a default option for many applications in the future — wallet logins are extremely convenient and secure. But first time crypto users may be confused, overwhelmed, or even suspicious if they don’t recognize what they’re looking at. For many first-time crypto users who don’t have wallets, traditional login methods are the only option they’re willing to use when experimenting with a new app. 

This is an especially important step of the user journey forcreators who are increasingly seeking to use web3 technologies to create new forms of fan engagement. Fans who support an artist early in their career might receive benefits in the form of creator access, recognition, and perks. (The design space here is almost infinite, and waves of innovation and experimentation are just beginning.)

Most fans will not be crypto-native, however, and asking them to obtain hardware wallets and create security systems is asking too much. A fan should be able to sign up, pull out their credit card, buy their favorite creators’ token, and see it in their account — it has to be intuitive and it must mirror familiar web2 experiences in order to see the user through their whole journey. No crypto wallet, key management, “gas” (transaction) fees, stuck transactions, or any other foreign user experiences.

In this way, creators can build shared digital economies with fans that they could take with them anywhere on the internet, but in a way that isn’t too intimidating or cumbersome for fans to join.

Step 2: Give the option to start engaging with the product in a simple, fully custodial experience. Managing private keys or seed phrases is part of everyday life for experienced crypto users, but most users that are encountering crypto for the first time will immediately give up when they see a message like this: “These 12 words are the only way to restore your accounts. Save them somewhere safe and secret: exhaust turtle silly pretty fog midnight enact throw journey nephew animal reward. Write this down.”

Instead of greeting users with this experience, it’s crucial to set them up with a familiar experience and then offer them the non-custodial option further down the user journey. Their initial signup flow should go more like: sign up, create username/password, agree to terms, start buying crypto. And then once they’re in the app and making transactions, they should have the option to self-custody and enter the broader web3 ecosystem.

Some projects have tried other solutions like embeddable iFrames that store the users’ seed phrases via their Google Drive. This is a tempting solution – super easy for the user and no need to write down their seed phrase. But the crypto community was quick to point out that this creates dangerous user habits, doesn’t adequately educate users on the risks they face, and makes their Google accounts hack targets. Rather than a halfway measure, it’s better to keep the experience clean for the user: start with the custodial experience they’re used to and then help them graduate to full self-custody when ready.

Step 3: Educate the user in the product and off platform. This is particularly important when it comes to security – most users don’t even use current day best practices (e.g. password managers, 2FA, etc) in Web2 apps and products. Introducing new experiences requires more education. Metamask does a good job providing their users with the content they need to stay safe.

As wallets build out more “first-time crypto user” features, expect to see wallets integrate this kind of education and content directly into the product.

Step 4: Create pathways to web3 wallets. Once users previously unfamiliar with crypto have been onboarded, web3 products can seek to move them along a path toward self-custody. An accessible web3 product has to make sure users can exit the system, such as by converting their assets to other forms of currency, or by taking them outside a given ecosystem into the wider web3 world. As users become more familiar, it should become easier for them to participate in creator economies seamlessly and not be beholden to a given platform. Coinbase, for example, makes it simple for users to move their assets to a non-custodial wallet. This means they can sign up, experiment with buying crypto, and then send their assets to a web3 wallet and interact with an entire ecosystem of apps.

At Rally, a social token community that I co-founded, users have the freedom to convert creator tokens to $RLY, the community’s native token, which they can then transfer to an ERC-20 (Ethereum-compatible) wallet that enables them to convert it to any cryptocurrency or interact with other communities (while the creator social tokens themselves are fully custodial right now, the ability to bridge out the tokens is coming soon).

The key to educating non-crypto-native users is to create an experience where fans can get onboard easily and participate in a highly functional product experience around social tokens, but still retain the flexibility to trade assets, liquidate, and pull value out as needed.

Of course, different consumer products necessitate different approaches. For Rally, we were already building on a sidechain, so it made sense to start out with a custodial approach. Just as we envisioned progressive decentralization for the RLY ecosystem, we decided the best approach for Rally would be to begin with a familiar experience for end users and build out capabilities to expand mainnet and self-custody capabilities over time. But other products would make different decisions; for example, decentralized trading, daily fantasy sports, or hardcore games that cater to higher spend users may be better suited for a non-custodial experience from the start. The sophistication of these user bases and increased need for trustlessness warrants a non-custodial user journey from the beginning.

Of course, building apps that custody assets comes with its own hurdles and challenges. Namely, compliance and security. Allowing users to move from custodial to non-custodial wallets means that know-your-customer (KYC) and anti-money-laundering (AML) checks will be unavoidable. In addition, by custodying assets you’re also taking on the risk associated with keeping these safe on behalf of your users in the face of some very sophisticated attackers. 

Right now, crypto companies are largely on their own for this. You either have to build and manage infrastructure yourself or find one of the few trustworthy partners out there. This was no small task for Rally – it’s doable, but not straightforward or cheap. The simple truth is that there really isn’t any prescriptive advice when it comes to compliance, as there are so many factors that determine a crypto project’s compliance strategy: what phase of growth is the company? What jurisdictions does it operate in?  What level of risk tolerance does leadership have? 

One great example of how two different approaches can work is Coinbase and FTX. Coinbase was always based in the U.S. and took a careful approach to regulation with heavy investment in compliance. FTX, on the other hand, mitigated risk by launching outside of the US first and growing the company internationally. Both approaches have proven to be successful with users.

In fact, we’re currently seeing a new wave of crypto adoption coming from emerging markets that were previously ignored by web2 companies who couldn’t profitably run advertising models in these regions. Non-custodied experiences make emerging markets really easy to access, as the app is not responsible for compliance. Custodial experiences, on the other hand, involve a well-thought out approach to enabling these users across unique payments providers. For example, credit cards are often declined in these regions, yet there are often “non-traditional” rails such as buying crypto with cash at 7/11s.  Even how and where you incorporate your company has an implication on what kind of custodial experiences you can offer.

But as the big web2 social and financial platforms like Facebook, Twitter, Square, and PayPal begin pushing further into crypto and requiring more services, the ecosystem will rapidly grow and finding reliable and affordable partners will be much easier.

We’re closer to this evolution towards web3 than many realize. It’s fairly safe to say that within five years, more than half of the large web2 platforms will launch initiatives to embrace web3 in some way, most likely taking into account many of the UX principles outlined above.

There’s no doubt that there’s a pent-up demand that is only growing. When Robinhood announced that it would launch its crypto wallet imminently at Messari’s Mainnet conference in September, everyone expected a big response. After all, a standalone crypto wallet was one of the firm’s most requested features. This would allow Robinhood users to send their coins off the firm’s platform to any address they wished.

But even the most bullish crypto believers might not have predicted how enthusiastic users were for a wallet from Robinhood. The firm’s co-founder Vlad Tenev told a CNBC conference that the waitlist stretches to well over a million names—and that’s for a feature that will launch sometime in the next quarter.

The massive interest in a wallet from Robinhood hints at something else going on in the crypto product mix. After all, users already had a slick, fun and safe environment trading coins within the Robinhood app. Why were so many hankering for a wallet just so they could send coins out? It’s clear that people want to move around their crypto, participate in other crypto protocols, and store their assets in different ways.

As more applications work to meet the user where they are and lead them into new experiences, and crypto infrastructure becomes more inexpensive and accessible to projects, the path to the next iteration of the internet will become increasingly clear.