You may have noticed that wallet companies are getting gobbled up recently:
- Privy -- bought by Stripe
- Portal -- bought by Monad
- Dynamic -- bought by Fireblocks
With all the M&A activity, I wanted to break down the wallet landscape -- what wallets are and how the various companies differentiate themselves. Finally, I conclude with some thoughts on why one might buy a wallet company.
What is a wallet?
"Wallet" can be a confusing word as it's used to describe two different things:
Wallet address = Your account. This is where your money is stored (like a bank account number).
Wallet software = Your access tool. This is the application or program you use to manage your accounts (like a banking app).
Wallet software helps you create a wallet address, securely stores your "private key" (the password that proves you own the account), and it allows you to access your private key when you need to interact with your account.
Why wallets matter
Wallets are core to blockchains. Trading, stablecoin money movement, interacting with your favorite dApp, market making -- they all need wallets. Even companies like Coinbase, PayPal, and Robinhood are built on wallet infrastructure.
Every blockchain interaction requires a wallet.
Understanding the wallet landscape
The novelty of blockchains is that anyone can create a wallet without permission. The challenge is in storing and accessing the private key in a manner with the right tradeoff between ease of use and security.
Different approaches to key management serve different customers, whether individuals, institutions, or applications.
Storing keys: Non-custodial wallets
Wallets like MetaMask, Phantom, Ledger, or Trust Wallet store the private key hidden on your device -- in your browser, on your phone, or in a file on Google Drive. These wallets are examples of "non-custodial" wallets. The point is the user (you) is the only one that holds that key, and the wallet is the software layer that manages accessing that key when you need it to interact with your account.
You might have heard of a "seed phrase" before. This is a backup code you can use to retrieve your private key if you lose access to your device.
A seed phrase can generate billions of unique wallet addresses. The benefit is that you can have multiple wallet addresses but only have to manage a single seed phrase for backup. The big disadvantage is that if your seed phrase is leaked or stolen, the person who has it now has access to all the wallet addresses you generated using that seed phrase.
The benefits of these wallets is that you, the user, are completely in control. You, and only you, have complete and total access. The problem is the user is completely in control -- you could lose access to your key, or you could accidentally click a malicious transaction and reveal the key. Things can go wrong.
Custodial wallets
Because things can go wrong, some users or entities want (or are required by law) to use a trusted third party to manage the private key.
The word "custodian" just means that someone else is holding your key. It doesn't say how they're doing it, just that they have access to it and you do not.
Exchanges like Coinbase or Gemini hold the private keys that control their customers' crypto assets. This allows them to offer an experience where users can hold and swap tokens without worrying about losing keys, paying gas fees, or clicking malicious transactions. On/off-ramps work similarly -- these money movers can create wallets for each user and move money in and out of it on behalf of their users.
Wallet providers like Fireblocks, Anchorage, DFNS, and Turnkey have APIs that make it easy for businesses to create and manage custodial wallets for their users.
One thing to note is that "custodial" has both a technical and legal definition. Above, I've defined custodial in the technical sense -- the user doesn't own the private key. But there's also an important legal definition: if you hold assets on behalf of someone else, you may need to meet certain regulatory requirements as a qualified custodian under SEC rules. This distinction matters because whether or not you want to meet the legal definition of a custodian will impact what wallet architecture you choose.
Novel approaches: MPC wallets
You can imagine that users may want the benefits of non-custodial wallets -- user ownership (and the lower legal standard of care/liability for the application) -- with the benefits of custodial wallets (better user experience and key recovery).
One popular approach that has had recent success is the MPC wallet. Examples of companies with MPC technology are Privy, Dynamic, and Portal.
These wallets work in two key ways:
-
Split the key so that the private key can only be "made" when N number of actors approve it. Typically, the actors include the user, the MPC provider, and the application that created the wallet. The user themselves often must be one of the N number of signers for the wallet to be considered "non-custodial" from a legal standard. By having many holders, you unlock the ability for key recovery and add checks on interactions with a wallet.
-
Social login authentication. Users don't need to save the private key on their device -- they just need access to a social account (e.g., your email) to prove who they are, and that gives you access to your key.
This has profound applications for companies that want to onboard customers to crypto without having them deal with private keys -- giving them a better user experience while not meeting the legal definition of a custodian.
How wallets compete
Like every product, wallets compete on the features that best serve their customer segment:
- Direct to consumer (retail): MetaMask, Phantom, etc. are user-facing software layers. If you're an application, you can't use MetaMask to create wallets.
- Direct to consumer (institutional): Fireblocks, Anchorage, BitGo are purpose-built for large institutions who likely need a qualified custodian, layers of security, and audits.
- Direct to business: Privy, Dynamic, Para, Turnkey, DFNS, Fireblocks, etc. are infrastructure that lets other businesses create wallets for their end users.
At a high level, wallets really do just fall on a spectrum of key management. On a technical level, they all have different ways of creating, storing, and accessing the key. These different approaches are nuanced but result in security trade-offs and feature trade-offs that likely matter to the customer they're serving.
So why buy a wallet company?
Wallets are foundational infrastructure for crypto. Whether you're building blockchain applications, serving developers who need blockchain tools, or managing institutional on-chain activities like stablecoin treasury services, wallets are essential.
The answer to why you'd buy a wallet company comes down to who your customer is. Stripe, Fireblocks, and Monad all serve developers who want to build on blockchains. For companies in this position, offering wallet infrastructure is critical -- it lowers barriers to getting started and enables the product experience you're aiming for.
But why buy instead of partner? The answer is stickiness -- specifically, the stickiness of non-custodial wallet infrastructure. If you can move money on behalf of users, stickiness disappears. But if users must take action themselves to move funds, you have a truly sticky product.
With MPC wallets -- the type all three acquired companies offer -- developers use them non-custodially because they often lack the proper licenses to be legal custodians (which are expensive, hard to obtain, and likely not related to their core business). To move off of a non-custodial wallet, the end users must actively transfer funds themselves. This creates powerful vendor lock-in.
When you're building what could become a trillion-dollar stablecoin business line serving the developer ecosystem, you can't afford to depend on a third-party wallet provider who controls a core part of your customers' experience and could extract rents at will. Owning wallet infrastructure isn't just about adding a feature -- it's about controlling your destiny in the developer platform market.