Security is a game of cat and mouse that is evolving with new threats every week. Security and wallet clients are intertwined, contributing to the concept of security UX. But this landscape can put stressors on wallet client developers and can hinder the delivery of other necessary quality-of-life features. Not to mention persistent security UX issues that still need to be addressed, like obscure signature request messages.

I argue that we should move towards an ecosystem where we do not have to rely solely on core developers to improve the security UX of their wallet clients. As our crypto ecosystem was forged from the cypherpunk ethos, we should work towards decentralizing more parts of the user’s transaction process.

By integrating the best solutions available through composability, not just what the core developers have the cycles to work on, we can better safeguard the transaction experience as a whole.

Until this happens, the bad guys will continue to have the asymmetric advantage in their attacks against crypto users, which can impede mass adoption.

To bridge the gap towards a robust era of wallets that protect users from scammers, please humour me as we look to the genre of cyberpunk for inspiration.

Enhancements and augmentations like exoskeleton suits, cybernetic limbs, and ocular implants are cyberpunk tropes that empower individuals to transcend the limitations of human flesh and bone. In these fictional worlds—and let’s ignore that they are often dystopian for now—augmentations are created by multiple parties, from sprawling mega-corporations to solitary garage innovators.

Anyone can order augmentations from these parties through an open marketplace and install them at will. These added pieces of technology result in step function changes for the people that use them, enabling one to accomplish physical and cognitive feats that were not possible before.

What the wallet ecosystem needs are open marketplaces of augmentations mentioned above. An ecosystem that enables users to install extensions that enhance and protect their transaction experience, and thus their overall interactions with crypto and trickling down to a more robust ecosystem as a whole.

Developers have been taking advantage of the composability offered by smart contracts and dApps for years. But wallet clients still lack the systems needed to build "wallet legos" that can truly interoperate with other software. Thankfully, there are efforts to start moving towards a more decentralized way of observing and building transactions through wallet clients:

• Browser extensions that simulate transactions before they are submitted, such as Fire or Wallet Guard, that work alongside existing wallet clients

• MetaMask Snaps, which enables developers to extend the MetaMask experience and will allow users to acquire these extensions through a new marketplace

If wallet clients can further embrace this composability, we can alleviate the existing security UX gaps while allowing teams that may be more agile in developing solutions for tomorrow's threats to improve those same wallet clients.

The archetype for a wallet client has not changed much since the first ones like MetaMask, MyEtherWallet, and Status entered the scene several years ago. We have settled on useful security UX heuristics that have carried us to this point.

But these heuristics were developed at a time where we were a bit naive about the threat models in Ethereum—MEV for example—and we did not reach this point unscathed. Arguably, there are some heuristics that we should look towards completely rebuilding, like how operating systems switched their UIs from skeuomorphic design principles to one that resembles a pure and flat aesthetic.

Entrusting a few developers to build and evolve their wallet clients as new security threats loom is one holdover that we should rethink and rebuild. Towards an ecosystem where composability will help wallet clients weather the storm of the evolving security landscape.

Security is a game of cat and mouse that is evolving with new threats every week. Security and wallet clients are intertwined, contributing to the concept of security UX. But this landscape can put stressors on wallet client developers and can hinder the delivery of other necessary quality-of-life features. Not to mention persistent security UX issues that still need to be addressed, like obscure signature request messages.

I argue that we should move towards an ecosystem where we do not have to rely solely on core developers to improve the security UX of their wallet clients. As our crypto ecosystem was forged from the cypherpunk ethos, we should work towards decentralizing more parts of the user’s transaction process.

By integrating the best solutions available through composability, not just what the core developers have the cycles to work on, we can better safeguard the transaction experience as a whole.

Until this happens, the bad guys will continue to have the asymmetric advantage in their attacks against crypto users, which can impede mass adoption.

To bridge the gap towards a robust era of wallets that protect users from scammers, please humour me as we look to the genre of cyberpunk for inspiration.

Enhancements and augmentations like exoskeleton suits, cybernetic limbs, and ocular implants are cyberpunk tropes that empower individuals to transcend the limitations of human flesh and bone. In these fictional worlds—and let’s ignore that they are often dystopian for now—augmentations are created by multiple parties, from sprawling mega-corporations to solitary garage innovators.

Anyone can order augmentations from these parties through an open marketplace and install them at will. These added pieces of technology result in step function changes for the people that use them, enabling one to accomplish physical and cognitive feats that were not possible before.

What the wallet ecosystem needs are open marketplaces of augmentations mentioned above. An ecosystem that enables users to install extensions that enhance and protect their transaction experience, and thus their overall interactions with crypto and trickling down to a more robust ecosystem as a whole.

Developers have been taking advantage of the composability offered by smart contracts and dApps for years. But wallet clients still lack the systems needed to build "wallet legos" that can truly interoperate with other software. Thankfully, there are efforts to start moving towards a more decentralized way of observing and building transactions through wallet clients:

• Browser extensions that simulate transactions before they are submitted, such as Fire or Wallet Guard, that work alongside existing wallet clients

• MetaMask Snaps, which enables developers to extend the MetaMask experience and will allow users to acquire these extensions through a new marketplace

If wallet clients can further embrace this composability, we can alleviate the existing security UX gaps while allowing teams that may be more agile in developing solutions for tomorrow's threats to improve those same wallet clients.

The archetype for a wallet client has not changed much since the first ones like MetaMask, MyEtherWallet, and Status entered the scene several years ago. We have settled on useful security UX heuristics that have carried us to this point.

But these heuristics were developed at a time where we were a bit naive about the threat models in Ethereum—MEV for example—and we did not reach this point unscathed. Arguably, there are some heuristics that we should look towards completely rebuilding, like how operating systems switched their UIs from skeuomorphic design principles to one that resembles a pure and flat aesthetic.

Entrusting a few developers to build and evolve their wallet clients as new security threats loom is one holdover that we should rethink and rebuild. Towards an ecosystem where composability will help wallet clients weather the storm of the evolving security landscape.