Blockchain wallets in 2025: when the technology reaches maturity

1. Quiet Revolution in the Wallet Ecosystem

It seems that the wallet sector is stagnating, but this impression is deceptive. Over the past year, radical changes have occurred in asset storage architecture and product positioning:

· Coinbase introduced a TEE-based wallet · Binance implemented an MPC scheme with fragmented storage in a TEE environment
· Bitget launched social login via TEE infrastructure · OKX developed smart accounts relying on trusted execution environments · MetaMask and Phantom integrated social login features with encrypted key storage

No revolutionary newcomers have entered the market, but existing players have fundamentally rethought their roles. The ecosystem has shifted from simple storage to comprehensive financial services. Confronted with changes in the upper layers of the ecosystem, wallets are now positioned as entry points for perpetual contracts, tokenized assets (RWA), and hybrid financial solutions (CeDeFi).

2. Stages of Evolution in the Wallet Industry

2.1 Single-Chain Phase (2009–2022)

Early wallets required running a local node and were impractical. When they became user-friendly, the principle of self-custody prevailed — a fundamental belief of the decentralized world.

Leaders of this period (MetaMask, Phantom, Trust Wallet, OKX Wallet) set standards for reliability and security. During 2017–2022, when public chains and L2 solutions grew exponentially, the wallet was primarily a “good tool.” Security, convenience, and stability remained priorities. Commercial prospects (as an entry point for traffic, DEX integration) were considered but did not dominate.

2.2 Multi-Chain Transition (2022–2024)

The emergence of Solana, Aptos, BTC inscriptions, and heterogeneous public chains forced even veterans like MetaMask to adapt. OKX Wallet and Phantom had already adopted multi-chain architecture.

Multi-chain compatibility is now standard. Wallets that remained single-chain (for example, Keplr in the Cosmos ecosystem) quickly lost relevance. Lowering the barrier to creating EVM L2s may improve the position of narrow wallets slightly, but their potential is fundamentally limited.

2.3 Transition to Business Competition

When the toolset became sufficiently convenient, users realized the commercial needs. The true asset owner not only stores assets — they actively manage their portfolio, seek income opportunities, and choose optimal counterparties.

Wallets began aggregating DEX solutions and cross-chain bridges. The focus expanded to derivatives: perpetual contracts, tokenized stocks (RWA), prediction markets. Simultaneously, demand for DeFi strategies grew: staking (ETH — ~4% APY, Solana + MEV — ~8% APY), participation in liquidity pools (LP), cross-chain operations.

However, the complexity of these operations requires automation: dynamic portfolio rebalancing, limit orders, dollar-cost averaging (DCA), stop-losses. This cannot be fully implemented in autonomous wallets.

A dilemma has arisen: what is more important — maximum security or maximum income potential? In fact, it’s not a contradiction. The market has different segments. Some users are willing to entrust private keys to services for automation. Large companies developing wallets must balance between functionality and reputation.

The solution was found in modernizing basic storage technologies.

3. TEE and Modern Key Storage Architecture

3.1 Farewell to the Era of Absolute Autonomy

MetaMask and Phantom, as pure wallet developers, easily implemented social login. This solved access recovery and device synchronization issues but did not address operation automation.

Their transformation signals the end of the era of full self-storage. Self-storage exists on a spectrum, but the boundary between “full” and “partial” is blurred. Traditionally, it meant the private key is stored only on the user’s device. But this has long created difficulties.

Compromised devices allow attackers to locally steal encrypted keys — security depends on the user’s password. Synchronization between devices requires copying the key, making the clipboard a vulnerable point. One wallet developer reduced key thefts by 90%, requiring users to enter only part of the key during copying.

Ethereum Prague update (section 7702 and hidden signatures) again increased phishing risks via permit 2. The problem of self-storage is that users find it hard to manage full control. If the key is with the user — that’s good, but if an encrypted key is stored on a server for device loss protection — is that still self-storage? Modern wallets answer: yes, if it prevents service abuse.

3.2 MetaMask Architecture: TOPRF and SSS

The user logs in via email and sets a password. Together, they form TOPRF (Threshold Oblivious Pseudorandom Function), which encrypts the private key. The encrypted key can be backed up.

TOPRF is split into fragments using classical SSS (Shamir Secret Sharing), distributed among social login providers. Providers receive encrypted data via social verification, but full decryption still requires the user’s password.

The risk remains: weak password + email hack = threat. If the user forgets the password, recovery is impossible. The advantage is a web2-like experience.

3.3 Phantom: Networked Recovery Architecture

The architecture is more complex: the server stores an encrypted private key, and the keys for encryption are distributed. Unlike MetaMask, the encryption key is split into 2 parts, one stored in JuiceBox Network. To use it, social login + PIN are required.

If the email is not compromised and the PIN is not forgotten, access can be restored at any time. In a hypothetical collusion between JuiceBox and Phantom, this could allow decryption of assets, but the attack cost for hackers increases. JuiceBox, as a network, distributes security among verifiers.

Both companies have found a balance between principles and practicality, without sacrificing user experience.

3.4 TEE: Trusted Execution Environment Technology

TEE (Trusted Execution Environments) — a server that guarantees its memory and processes cannot be read or altered even by the owner or provider (AWS). When a program runs, it publishes an Attestation file. The interacting party can verify the code’s compliance. Only if fully compliant is the program considered trustworthy.

Applications are already widespread: official cross-chain Avalanche bridge on SGX; 40% of Ethereum blocks produced via TEE-based builders; banks use TEE to prevent internal risks; major exchanges plan to implement TEE for signing cold/hot wallets by 2025.

TEE faces challenges: low performance, risk of shutdown (data loss), update complexity.

3.5 Coinbase and Bitget: Centralized Approach

As a NASDAQ-listed public company, Coinbase opts for a centralized version. Bitget uses a practically identical architecture. TEE generates private keys and signs transactions. But how does TEE verify user authorization?

Coinbase relies on user login via frontend. The backend authorizes and passes commands to TEE for completion. Bitget similarly: no client-side signature, address created as eip-7702 for gasless operations.

Advantage: the private key is truly in TEE. Whether the backend issues unauthorized commands — cannot be confirmed or denied without on-chain proof. Reliability depends on the exchange’s reputation, similar to CEX models.

3.6 Binance MPC and OKX Smart Accounts

Binance MPC is linked to the previous technological base (limitations of multi-chain scaling). The user transmits a key fragment from their device to TEE in encrypted form. OKX user transmits an encrypted mnemonic.

OKX displays a signature authorization page, combined with TEE verification, increasing authorization level but complicating understanding. Secure client-TEE communication theoretically prevents man-in-the-middle attacks via asymmetric encryption with TEE public key.

Motivation: reduce migration costs so users can use new features without transferring assets. Coinbase focuses on the payment sector (e-commerce without key management). Binance combines this for CeDeFi, allowing familiar exchange users to buy assets without worrying about gas, slippage, or cross-chain issues.

4. Prospects and Conclusions

2025 will be a calm but transformative year for the wallet sector. Little noise, lots of work. In a multi-chain environment, simplicity and convenience are not enough for large teams. Additional services are needed. This year, the application market exploded: perpetual contracts, RWA, prediction markets, payments.

The market is shifting from “big memes” to diverse DEX needs. Meme seems large, but it’s the same group with minimal user growth. New TEE systems backed by exchange reputation open new opportunities.

In the global AI trend, trading automation is becoming more powerful. Previously, wallets were only for humans, not AI agents. Expect explosive applications, though the adaptation period will be long. TEE remains a game for large exchanges, unlikely to open access to third parties (except Coinbase).

For many users, stable income suffices. CeDeFi products with separate addresses (like Bitget) provide on-chain income signals and will be the first stop for many CEX users.

Equally important is progress in cryptography: passkeys. Ethereum and Solana are gradually integrating R1-curve (by default for passkey devices). Wallets with passkeys are another direction, though recovery and synchronization are complex. Currently, few quality applications exist, but any product that simplifies frequent needs will eventually find its niche.