MetaMask IP-Sharing Debacle Highlights the Scourge of Crypto Centralization
Last week, the leading crypto wallet provider MetaMask came under fire for a change to its terms of service that revealed it was sharing user IP information with Infura, a piece of blockchain infrastructure created by MetaMask creator ConsenSys.
ConsenSys, a research and development company led by Ethereum co-founder Joe Lubin, built MetaMask to offer users a convenient way to store and trade their crypto without needing to trust centralized exchanges like Coinbase and Binance – platforms that store, or “custody,” funds on a user’s behalf.
Relative to “cold” wallets that allow users to custody their crypto keys on a kind of USB thumb drive, MetaMask, a “hot wallet,” is installed on your phone or web browser and is continuously connected to the internet. While convenient – you only need to keep track of a username and password, not a physical thumb drive – “hot wallets” are theoretically more vulnerable to attacks and information leaks because they are always connected to the Web.
But compared to centralized exchanges, hot wallets like MetaMask are, at least in theory, more private and secure than allowing someone else to manage your assets.
The revelation that MetaMask was sharing IP information with Infura set off a firestorm on Twitter, with many users upset to learn their identifying information could have leaked to Infura – meaning their transaction history was not as private as they once thought.
Where we store our crypto keys matters
The FTX debacle, along with last week’s MetaMask controversy, resurfaced a familiar refrain in the world of crypto: “not your keys, not your crypto.”
If you hold your funds on a centralized platform, they risk being stolen or misappropriated (as happened in the case of FTX, which apparently loaned out user funds without users knowing).
Downloading a hot wallet was supposed to be a safer way to get around the “not your keys” problem – your MetaMask funds are only accessible to you. But when users realized that MetaMask, too, was vulnerable to centralizing parties, they scrambled to figure out how they might be able to use the wallet without connecting it to Infura – a so-called RPC service that MetaMask uses to communicate with the Ethereum blockchain.
While ConsenSys noted in a statement that it is technically possible to use MetaMask sans Infura, users quickly realized that doing so would be confusing and impractical – requiring one to jerry-rig a new solution for reading information from the Ethereum blockchain.
The MetaMask controversy – and the anti-centralization discourse that surrounded it – serves as a harsh reminder of a hard truth that the crypto industry must face as it rebuilds from the FTX rubble: Centralized intermediaries have seeped deep into the crypto user experience.
In the crypto world – particularly within the Ethereum ecosystem – “centralization,” the idea of influence and oversight from central parties, is viewed as anathema to the core, post-2008 concepts upon which the technology was born.
But time and time again – at every single level of the crypto user experience – centralization continues to rear its head.
When Mt. Gox, the first large crypto exchange, lost user funds to a hack in 2014, it was – at the time – processing around 70% of all Bitcoin transactions. The Mt. Gox calamity was supposed to be a wake-up call to the dangers of centralized parties in crypto, a time to return to self-custody and first principles.
But almost a decade later, FTX collapsed in an even more cynical fashion – with the exchange’s own creators misappropriating user funds.
Decentralization vs. ease of use
Though there has been early evidence of users moving to decentralized platforms in response to FTX, centralized platforms such as Binance, Coinbase and Kraken remain the dominant methods by which people store and trade crypto.
It’s hard to tell someone to go out and buy a cold wallet and use Uniswap to exchange their crypto when there’s an abundance of nicely packaged, easy-to-use centralized platforms waiting around.
Even if more of today’s centralized incumbents fall apart, it’s difficult to imagine that traditional financial institutions won’t eventually fill the void they leave behind with their own heavily regulated crypto entry points.
And it’s not just the technology by which retail users access crypto that has lent (and will continue to lend) power to centralized intermediaries; even the core technology upon which blockchains operate has not been immune to centralization.
The validators that operate Ethereum’s blockchain do so by “staking” some sum of cryptocurrency with the blockchain in order to help write and authenticate transactions. But staking is a technically complicated endeavor, and misconfiguring a staking node can incur costly penalties.
As a result, more and more users are opting to stake (and earn rewards for doing so) via centralized platforms like Coinbase and Binance. Even community-driven “decentralized” staking services, like Lido, have caught the ire of decentralization maximalists due to their massive influence over the Ethereum ecosystem.
And then there’s the block-building process, the technically complicated means by which validators compile user transactions and write them to the blockchain. In order to extract MEV – extra profit that can be earned by ordering transactions in a clever way – validators are increasingly turning to third parties like Flashbots to build blocks for them.
Heavy use of the Flashbots block builders, while convenient and lucrative, has led to fears that certain kinds of transactions – like those associated with U.S. Treasury Department-sanctioned Ethereum addresses – might have a harder time making it onto the blockchain because Flashbots excludes the transactions from blocks to avoid angering regulators.
While tech-savvy, ideological-driven crypto users might find ways to run and transact on blockchains in accordance with the movement’s founding principles, retail investors and financial institutions – those that need to adopt crypto technology in order for it to achieve internet-scale ubiquity – will continue to gravitate toward easy-to-use middlemen that abandon decentralization in favor of convenience and capitalism.
While it is reasonable to strive for a fully decentralized financial ecosystem, it is difficult to imagine that the financial instruments of the future – or, at the very least, the means by which most people access them – won’t look more like Coinbase than Uniswap.