What is the difference between custodial and non-custodial wallets?
In a custodial wallet, the platform stores and manages the user's private keys the user trusts the platform to secure their assets and execute transactions on their behalf. This is the model used by centralised exchanges (Coinbase, Binance) simple UX, platform is responsible for security, but the user does not "own" the keys in the cryptographic sense (the platform could freeze the account). In a non-custodial wallet, the user controls their own private keys the platform has no access to the keys and cannot move funds without the user's signature. This is the model used by MetaMask, hardware wallets, and self-custody wallets. MPC (Multi-Party Computation) wallets offer a middle ground: the private key is split between the user and the platform using a threshold signature scheme neither party holds the complete key, both must participate in signing, and the user can recover access if they lose their device. The choice depends on your regulatory environment and user base: custodial is simpler for regulated financial products, non-custodial is preferred for DeFi and Web3-native users.
What is MPC (Multi-Party Computation) for wallet key management?
MPC (Multi-Party Computation) is a cryptographic technique that allows multiple parties to jointly compute a function (in this case, a digital signature) without any party revealing their input (their key share) to the others. In wallet key management: the user's private key is mathematically split into multiple shares, distributed between the user's device, the platform's server, and optionally a third backup. To sign a transaction, a threshold number of shares (typically 2-of-3) must participate in a distributed signing ceremony the complete private key is never reconstructed in any single location. Advantages over HSM-only custody: no single point of compromise (an attacker who compromises the server does not have the complete key), user recovery (if the user loses their device, the remaining shares can be used to generate a new key share), and better UX than seed phrases (no 24-word phrase to manage). Privy, Dynamic.xyz, and Fireblocks all use MPC for non-custodial or semi-custodial wallet key management.
What is EIP-1559 and how does it affect transaction gas management?
EIP-1559 (implemented in Ethereum's London upgrade, August 2021) changed the gas fee mechanism from a simple auction to a base fee + priority fee model. Before EIP-1559: users bid for block space with a gas price unpredictable, often resulted in overpaying. After EIP-1559: every block has a base fee (algorithmically determined by network congestion, burned not paid to validators), plus an optional priority fee (tip to validators for faster inclusion), and a max fee per gas (the maximum the user is willing to pay prevents overpaying if the base fee spikes between transaction submission and inclusion). For wallet developers: use `eth_feeHistory` to estimate an appropriate max fee and priority fee based on recent blocks, set maxFeePerGas and maxPriorityFeePerGas in the transaction rather than gasPrice (legacy format), and display the estimated transaction cost to the user before signing.
What compliance requirements apply to crypto wallet applications?
Compliance requirements for crypto wallet applications depend on the jurisdiction and business model. For custodial wallets (where the platform holds keys on behalf of users): KYC/AML (Know Your Customer / Anti-Money Laundering) requirements apply in most jurisdictions user identity verification before allowing transactions above thresholds, transaction monitoring for suspicious patterns, SAR (Suspicious Activity Report) filing obligations. Travel Rule (FATF Recommendation 16): for transactions above $1,000/$3,000 (jurisdiction-dependent) between custodial service providers, the originating VASP must transmit identifying information about the sender and recipient to the receiving VASP. For non-custodial wallets where the platform does not hold keys: less stringent requirements in most jurisdictions, but the regulatory environment is evolving rapidly. ClickMasters integrates compliance tooling (Chainalysis, Elliptic for transaction monitoring; Onfido, Jumio for KYC) but recommends the client obtain specific legal advice for their jurisdiction before launch.
