Looking back at the 2025 Web3 wallet covert battles, what exactly are the major players competing for?

1. Introduction

In the blink of an eye, I have been working in the wallet track for four years.

Many people think that the wallet track has been solidified by 2025, but that’s not the case—there are underlying currents surging beneath the surface. Over this year:

• Coinbase released a new CDP wallet, built on TEE technology
• Binance’s MPC wallet introduced key sharding custody within a TEE environment
• Bitget just launched social login features last week, with the underlying custody managed by TEE
• OKX Wallet rolled out TEE-based smart account functions
• MetaMask and Phantom introduced social login, essentially key sharding encrypted storage

Although there haven’t been any particularly eye-catching new players this year, existing players have undergone earth-shaking changes in ecosystem positioning and underlying technical architecture.

This shift stems from drastic upstream ecosystem changes.

As BTC and inscription ecosystems recede, many wallets are repositioning as “entry points” to connect to emerging tracks such as Perps (perpetual contracts), RWA (stock-like assets), CeDeFi (combining centralized and decentralized finance), etc.

This transformation has actually been brewing for years.

Follow this article, and let’s delve into those flowers blooming in the dark, and their impact on future users.

2. Review of Wallet Track Development Stages

Wallets are a rare essential product in the blockchain industry and one of the earliest entry-level applications to surpass ten million users outside of public chains.

2.1 First Stage: Single Chain Era (2009-2022)

In the early industry (2009-2017), wallets were extremely difficult to use, sometimes requiring local node operation. We’ll skip this period directly.

By the usable stage, self-custody became the preferred choice—after all, in a decentralized world, “default distrust” is the foundation of survival. Products like MetaMask, Phantom, Trust Wallet, OKX Wallet, etc., are outstanding examples from this period.

From 2017 to 2022, the market experienced a boom in public chains and Layer 2 solutions. Although most chains still used Ethereum’s EVM architecture, a compatible and good tool was enough to meet demand.

During this period, the core positioning of wallets was “good tools.” While there was a commercial outlook for traffic and DEX entry points, security, ease of use, and stability remained the top priorities.

However, from 2023 to 2025, the situation is changing.

Heterogeneous public chains like Solana, Aptos, BTC (inscription era), have completely captured the user market. Although Sui is developing well, after hacking incidents, large funds have retreated due to the drawbacks of excessive centralization.

Driven by the “fat protocol, thin application” funding era, despite limited returns for VCs, the market landscape is indeed shifting.

2.2 Second Stage: Multi-Chain Era (2022-2024)

Faced with a multi-chain landscape, even veteran players like MetaMask have had to transform, starting to support chains like Solana and BTC. Leading players like OKX Wallet and Phantom have already achieved multi-chain compatibility architectures early on.

The key indicator of multi-chain compatibility is how many chains are supported and where transactions originate—this reflects the backend workload, with the client only responsible for signing. From the user’s perspective, it’s whether they need to find RPC nodes to use the wallet.

Today, multi-chain compatibility has become almost standard. Persisting with a single chain for too long is difficult because hot spots on chains are constantly changing.

A typical example is Keplr Wallet, which focuses on the Cosmos ecosystem, but this track has never truly taken off. Many application chains built quickly on Cosmos have gradually fallen silent after launch. As EVM Layer 2 solutions become easier to build, the situation for single-chain wallets may ease, but their upper limit remains.

Once foundational tools become sufficiently user-friendly, users begin to awaken to commercial needs within wallets!

True asset owners not only want to custody assets but also actively drive them—seeking the best yields, choosing interaction counterparts. But users are often tormented by complex interactions with various DApps and must stay alert for phishing sites.

Why not just use built-in wallet functions directly?

2.3 Business Competition Branch Period

The competition focus among wallets shifts to the business layer, such as aggregation DEXs and cross-chain bridges. Although Coinbase explored integrating social features, this demand was too pseudo and remained lukewarm.

Returning to essential needs, users want to complete cross-chain asset transfers within a single wallet interface. Coverage, speed, and slippage become core competitive points.

The DEX domain can further extend into derivatives trading: RWA (e.g., tokenized stocks), Perps (perpetual contracts), prediction markets (hot in the second half of 2025, after all, the 2026 World Cup is coming).

Alongside DEX, there is also DeFi yield demand.

Because on-chain APYs are higher than traditional finance:

• Token-based strategies: ETH staking yields about 4% APY; Solana staking + MEV yields about 8% APY (see detailed report: “The Evolution and Controversies of MEV on Solana”), more aggressive participants can join liquidity pools (LPs) or cross-chain bridge LPs.
• Stablecoin strategies: Although yields are relatively lower, combining cyclic leverage can boost APY.

Therefore, by 2025, at the peak of business competition, wallet infrastructure is once again set for upgrades.

The reason is that these transactions are too complex—not just in transaction structure, but also in transaction lifecycle complexity.

To achieve truly high yields, automation trading is needed: dynamic rebalancing, timed limit orders (not just market orders), dollar-cost averaging, stop-loss, and other advanced features.

But these functions are impossible in pure self-custody scenarios.

So, is it “safety first” or “profit first”? It’s not really a problem, because the market has different needs.

Just like during the Telegram Bot boom, many players handed over private keys in exchange for automated trading opportunities—high-risk mode of “if you’re afraid, don’t play; if you play, don’t be afraid.” Compared to that, big service providers must consider brand and reputation.

Is there a solution that can securely custody private keys while relatively ensuring service providers don’t run away?

Of course! This brings us to this year’s upgrade in underlying custody technology.

3. Custody Underlying Technology Upgrade Period

Returning to the industry’s underlying technology upgrade mentioned at the start, let’s analyze each aspect.

3.1 Farewell to the Fully Self-Custody Era

First, the actions of pure wallet providers like MetaMask and Phantom are relatively lightweight, more driven by user experience, because social login mainly addresses cross-device access and recovery needs, not fully entering application layer tracks.

But their transformation essentially signals a move away from the fully self-custody era to some extent.

Self-custody can be categorized by degree, but no one can truly define what is “fully” or “not fully.”

Self-custody originally means the user’s private key is stored only on their device. But this has had many issues.

Private keys stored locally with encryption are vulnerable if the device is compromised; strength depends on the user’s password.

When syncing or backing up across devices, copying out the key is inevitable, and the OS’s clipboard permissions become a critical security point.

A memorable case was a wallet vendor that limited copying the private key to only the first part, requiring the user to manually type the remaining few characters. This drastically reduced private key theft incidents by over 90%. Hackers learned to brute-force the remaining characters, entering a new phase of confrontation.

After Ethereum’s Bagel upgrade, due to the high permissions of 7702 and the subtlety of signatures, even affecting the entire chain, high phishing risks like permit 2 were triggered.

Thus, the core issue with self-custody is rooted in the industry’s background: users are not easily accustomed to fully controlling their assets.

Of course, if the private key stays with the user, that’s fine. But if an encrypted copy is stored on the server to prevent local device loss, assets are entirely lost if the server is compromised. Is that still self-custody?

MetaMask and Phantom’s answer is “somewhat,” but they also need to prevent malicious behavior by service providers.

3.2 Let’s talk about MetaMask

Their approach is simple: users log in with an email and set a password. Together, these form a thing called TOPRF (Threshold Oblivious Pseudorandom Function), which encrypts the user’s private key, allowing it to be backed up.

This TOPRF then uses a typical SSS (Shamir Secret Sharing) scheme to split and distribute shares. The social login providers verify via social authentication and, combined with the user’s password, can fully decrypt the private key.

So, the security risk isn’t zero—weak passwords and email account hijacking are still risks. If the user forgets the password, recovery is naturally impossible. But the benefit is increased convenience, with an experience close to Web2.

3.3 Looking at Phantom

The overall architecture appears more complex in diagrams, but fundamentally it’s still encrypted private keys stored on the backend, with shares managed for encryption and decryption.

Compared to MetaMask, the key used for encryption is split into two parts: Phantom introduces a service called JuiceBox, which stores one part. To use the share, social login plus a 4-digit PIN are required.

In summary, as long as the user’s email isn’t hijacked and the PIN isn’t forgotten, recovery is always possible.

Of course, in extreme cases, if JuiceBox colludes with Phantom, assets could be decrypted, but at least the attack cost shifts from a single point to multiple parties. Also, since JuiceBox is a network, its security design involves multiple verifiers.

In social recovery, these two are making certain compromises while adhering to bottom-line principles. But sacrificing user experience for low-probability events is a different matter.

I believe this is a positive shift—after all, the blockchain industry most needs to embrace ordinary users, not force everyone to become industry experts.

4. Self-Custody with Trusted Execution Environment (TEE)

The previous social login only solves recovery issues but cannot address automated trading.

Each company’s approach varies somewhat.

First, a brief background: TEE stands for Trusted Execution Environments. It’s essentially a type of server that ensures its memory environment and execution process cannot be read or tampered with, even by cloud providers like AWS or the server owner.

Once the program runs, it generates an Attestation document, which can be verified by the interacting party to confirm it matches the open-source version.

Only when the program matches the specified open-source version can trust be established. This approach has many applications:

• Avalanche’s official cross-chain bridge uses SGX (a TEE model) for notarization by verifiers.
• About 40% of Ethereum mainnet blocks are produced via buildr net, which is also based on TEE.
• Many financial institutions and banks, to strictly control insider risks, have also adopted TEE. Leading exchanges, under the 2025 compliance framework, are also investing heavily in TEE for hot and cold wallet signing custody.

However, using TEE has its challenges, such as lower machine performance (which can be compensated with hardware), risk of downtime (loss of memory info), and complex upgrades.

The remaining question is: how do various exchanges provide TEE services within wallets?

4.1 Coinbase and Bitget’s Solutions

Initially, it’s hard to imagine, but Coinbase, as a compliant US-listed exchange, is implementing a highly centralized version.

Bitget’s architecture is almost identical in logic.

Essentially, they use TEE to generate private keys and drive signatures. But how does TEE verify that this service truly reflects the user’s intent?

Coinbase relies entirely on user login, backend authentication, and forwarding commands to TEE to complete transactions.

Bitget is similar; although information is limited, it appears they do not display a signature page on the client. Instead, they directly set a new address with EIP-7702, enabling gas fee payment.

The advantage of this setup is that the user’s private key is indeed stored in TEE, but whether the backend inserts other strange commands cannot be verified or falsified.

Fortunately, there is on-chain evidence.

Therefore, I believe Coinbase and similar platforms essentially add a layer of trust in the exchange’s reputation. Since private key export records are kept, this can exclude malicious behavior by users. The only risk is the exchange’s own misconduct, which aligns with the trust model of centralized exchanges.

4.2 Binance and OKX

Comparing their MPC and SSS solutions, the core logic is similar. For transaction signing, OKX will pop up an authorization signature page, which, combined with TEE’s intent verification, grants higher user approval levels, but also increases understanding complexity.

Binance’s MPC is more influenced by its existing tech stack (MPC has limitations in multi-chain expansion). With TEE introduced, the user needs to encrypt and transmit a shard from their local device into TEE. OKX, on the other hand, encrypts and transmits the user’s mnemonic from their local device into TEE.

As users, there’s no need to worry too much about security risks here. Currently, TEE and client communication are very mature, theoretically immune to man-in-the-middle attacks, since asymmetric encryption with TEE’s public key ensures only the private key can decrypt.

Some details differ, such as how long MPC or private keys remain valid and how to renew them. These are engineering issues and won’t be elaborated here.

Analyzing the design motivation, the main benefit is migration cost—avoiding the need for users to migrate assets during the upgrade of advanced features.

For example, Coinbase’s approach focuses on payment applications, allowing traditional e-commerce providers without local private key management experience to invoke private keys via API for on-chain operations.

Binance’s approach is integrated into the CeDeFi track, making it easier for users who usually watch K-line charts to directly operate on-chain assets on similar pages, ignoring gas, slippage, multi-chain issues, etc.

5. Summary

How to evaluate 2025, and how to view the future?

I believe this year is a year of wallet dormancy and transformation. It’s not very loud, but it’s working on big things behind the scenes.

In today’s multi-chain environment, simply making a good tool can no longer sustain a large wallet team (and supporting infrastructure). It must provide various value-added services to sustain itself. Coinciding with this year’s application explosion, the Perps track reborn from its cocoon, RWA (stock-like assets), prediction markets, and payments are all gaining momentum.

The market is gradually shifting from fat meme to diversified DEX demands.

Moreover, memes are just because trading is too fast and the flow amount is too high, making the market seem large. In reality, it’s just a small group playing; hot spots change, but user growth is limited.

Coupled with the new custody systems supported by TEE and the reputation of various exchanges, the overall trend is clear.

And in the big picture, AI will become more powerful, including AI trading. Previously, wallets were designed for humans, not for AI.

So I see that next year, applications will have even richer explosive growth, as the underlying technology matures further. There will still be a gap period, because TEE is mainly a big exchange play; they are unlikely to fully open external access like Coinbase.

Additionally, user funds on DEXs are only part of user demand. There are many users just seeking stable earnings. With subsidies, airdrops, and APY, they are quite satisfied.

And products that can earn on-chain yields, like CeDeFi, will be the first on-ramp for many CEX users (note: this mainly refers to independent address CeDeFi; shared address platforms like Bitget may not benefit).

Finally, in cryptography, passkeys have also seen significant improvements this year. Although not discussed in this article, more public chains like Ethereum and Solana are gradually integrating R1 curves via precompiled contracts (supported by device passkeys). Combining passkeys with wallets is a potential future trend (though recovery and cross-device sync are challenging), but good applications are still scarce.

After all, any product that can optimize for high-frequency needs will eventually find its place.