Looking back at the Web3 wallet battle in 2025, what exactly are the major players vying for?

1. Introduction

In the blink of an eye, I have been working in the wallet industry for four years.

Many people believe that the wallet market in 2025 is already solidified, but this is not the case—it is undergoing subtle changes, and this year:

• Coinbase has released a new CDP wallet, built on the underlying TEE technology.
• Binance's MPC wallet introduces key sharding and hosting to the TEE environment.
• Bitget just released its social login feature last week, which is hosted on a TEE (Trusted Execution Environment).
• OKX Wallet launches TEE-based smart account feature
• MetaMask and Phantom's introduction of social login essentially involves key-sharded encrypted storage.

Although no outstanding new players have emerged this year, the existing players have undergone tremendous changes in their ecosystem positioning and underlying technical architecture.

This transformation stems from drastic changes in the upstream ecosystem.

With the complete decline of the BTC and Inscription ecosystem, a large number of wallets have begun to take on the new role of "entry point" and take over emerging tracks such as Perps (perpetual contracts), RWA (stocks), and CeDeFi (a combination of centralized and decentralized finance).

This transformation has actually been in the works for many years.

Follow along in this article to gain a deeper understanding of those flowers that bloom in the shadows and their impact on future users.

2. A review of the development stages of the wallet industry

Wallets are a rare essential product in the blockchain industry, and they are also the first entry-level application outside of public chains to break through ten million users.

2.1 First Stage: The Single-Chain Era (2009-2022)

In the early days of the industry (2009-2017), wallets were extremely difficult to use, and sometimes even required running local nodes. We will skip this stage.

Once it reached the usability stage, self-hosting became the preferred choice—after all, in the decentralized world, "default distrust" is the foundation for survival. Well-known products such as MetaMask, Phantom, Trust Wallet, and OKX Wallet were among the best performers during this period.

From 2017 to 2022, the market witnessed a boom in public blockchains/L2 blockchains. Although most chains still use Ethereum's EVM architecture, creating a compatible and good tool is sufficient to meet the needs.

During this period, the core positioning of wallets was "good tools." Although the industry could see the commercial prospects of traffic entry points and DEX entry points, security, ease of use, and stability were the primary requirements.

However, the situation changed between 2023 and 2025.

Heterogeneous public chains such as Solana, Aptos, and BTC (during the inscription era) have completely dominated the user market. Although Sui itself is developing well, after the hacking incident, large funds have hesitated due to the drawbacks of excessive centralization.

Driven by the era of "fat protocols, thin applications" in financing, although VCs have only made little profit, the market landscape is indeed changing.

2.2 Second Phase: The Multi-Chain Era (2022-2024)

Faced with the multi-chain landscape, even established players like MetaMask have had to transform, incorporating built-in support for Solana, BTC, and others. Leading players such as OKX Wallet and Phantom have long since implemented multi-chain compatible architectures.

The core indicators for determining multi-chain compatibility are the number of chains supported and the origin of the transactions—this indicates that the backend handles a significant amount of work, while the client only handles signing. From the user's perspective, it boils down to whether they need to manually find RPC nodes to use the wallet.

Nowadays, multi-chain compatibility has almost become standard. Sticking to a single chain in the long run is easily unsustainable because blockchain trends are constantly changing.

A prime example is the Keplr wallet, which focuses on the Cosmos ecosystem, but this sector has consistently failed to take off. Many application chains quickly built on Cosmos have gradually faded into obscurity after launch. As the barrier to entry for building EVM L2 becomes lower, the situation for single-chain wallets may ease, but their potential is limited.

Once the basic tools are good enough, users begin to realize their business needs in their wallets!

True asset owners not only need to manage their assets but also actively drive them—finding the best places to generate returns and choosing the right interaction partners. However, users are also plagued by the complexity of interacting with various DApps and must constantly be wary of phishing websites.

In that case, why not just use the built-in functions of the wallet?

2.3 Business Competition in the Branch Phase

The focus of competition among wallets has shifted to the business level, typically through aggregating DEXs and cross-chain bridges. Although Coinbase explored integrating social features, this demand was considered too quasi-demand and remained lukewarm.

Returning to basic needs, users require a single wallet entry point to complete multi-chain asset transfers. At this point, coverage, speed, and slippage become the core competitive advantages.

The DEX space can be further extended to derivatives trading: RWA (such as stock tokenization), PERPS (perpetual contracts), and prediction markets (which will be hot in the second half of 2025, given that the World Cup will be held in 2026).

Alongside DEXs, there is a demand for DeFi yields.

After all, on-chain APY will be higher than that of traditional finance:

• Coin-based strategy: ETH staking yields approximately 4% APY, Solana staking + MEV yields approximately 8% APY (see the 10,000-word research report: The Evolution of the MEV Landscape on Solana and Its Merits and Demerits for details). More aggressive investors can participate in liquidity pools (LPs) and cross-chain bridge LPs.
• Stablecoin strategy: Although the returns are relatively low, combining it with cyclical leverage can increase APY.

Therefore, in 2025, at the peak of business competition, the wallet infrastructure will be upgraded again.

The reason is that the above transactions are too complex—not only in terms of the complexity of the transaction structure, but also in terms of the complexity of the transaction lifecycle.

To achieve truly high returns, it is necessary to combine automated trading: dynamic rebalancing, timed limit orders (instead of only supporting market orders), dollar-cost averaging, stop-loss orders, and other advanced features.

However, these features were simply impossible to achieve in the era of pure self-hosting.

So, should we prioritize "safety first" or "profit first"? It's not a difficult question, because the market naturally has different needs.

Just like during the Telegram bot boom, many users handed over their private keys in exchange for automated trading opportunities—a high-risk model of "if you're afraid, don't play; if you play, don't be afraid." In contrast, large service providers must consider brand and reputation when making wallets.

Is there a solution that can securely manage private keys while also relatively ensuring that the service provider doesn't abscond?

Of course! This has led to the upgrade of the underlying hosting technology this year.

3. Hosting underlying technology upgrade period

Returning to the initial point about the industry's underlying technological upgrades, let's analyze them one by one.

3.1 Saying Goodbye to the Era of Fully Self-Managed Systems

Firstly, as pure wallet vendors, Metamask and Phantom's actions are relatively lightweight and more experience-driven, because social login is only addressing user needs across devices and for account retrieval, rather than fully entering the specific application layer.

However, their transformation actually marks a departure from the era of complete self-management to some extent.

Self-hosting has different levels of sophistication, but no one can really define what is complete and what is incomplete.

First, self-hosting inherently means that a user's private key can only be stored on the user's device. However, this has had many problems in the past.

The private key, which is stored locally in encryption, is vulnerable to brute-force attacks if the device is compromised; its strength depends on the user's password.

When syncing and backing up across devices, you always need to copy the data, so the clipboard permissions of the operating system become a critical threshold.

What I remember most vividly is that a certain wallet vendor only pasted the first few characters of the private key copy page by default, requiring users to manually type the remaining characters. This directly caused a sharp drop of over 90% in private key theft reports during that period. Later hackers learned their lesson and began brute-forcing the remaining characters, effectively ushering in a new era of countermeasures.

Following the Ethereum Prague upgrade, the 7702 permission, with its extremely high authority, obscure signature, and even chain-wide impact, has reignited the high phishing risk associated with Permit 2.

Therefore, the root cause of self-management is that users cannot easily get used to the industry context of having complete control over their assets.

Since the private key is with the user, that's fine. But if an encrypted copy of the private key is left on the server to prevent the complete loss of assets if the user's local device is lost, can that still be considered self-hosting?

Metamask and Phantom agree that it does. However, it's also important to guard against malicious actions by service providers.

3.2 Let's start with Metamask.

His approach is simple: users log in to an email address and set a password. The two are combined to form something called TOPRF (Threshold Oblivious Pseudorandom Function), which is used to encrypt the user's private key. The encrypted private key can naturally be backed up.

Then, this TOPRF is distributed in fragments using a typical SSS (Shamir Secret Sharing) algorithm. The social login service providers then obtain the encrypted data through social verification and require the user's password to fully decrypt it.

So security risks aren't entirely nonexistent. After all, weak passwords plus email account theft are risky, and if a user forgets their password, it can't be recovered. But the advantage is that it's more convenient, and the experience is basically the same as web2.

3.3 Watching Phantom

The overall architecture appears more complex when viewed in the diagram, but essentially it involves storing the encrypted private key on the backend and managing the keys used for encryption and decryption through sharding.

The difference between JuiceBox and JuiceBox is that the encryption key is divided into two parts. JuiceBox introduces another service provider to store one of the parts, and social login and a 4-digit PIN are required to use the shards.

In summary, as long as the user's email address is not stolen and the PIN is not forgotten, the account can be restored at any time.

Of course, in extreme cases where JuiceBox and Phantom collude, they could decrypt the assets, but at least the cost of the hacker's attack would change from a single point to multiple parties. Moreover, since JuiceBox is a network, its security design involves multiple validators.

It can be said that in terms of social recovery, both companies have made certain compromises while adhering to their bottom lines, but it is unacceptable to suppress user experience for the sake of a low-probability event.

I believe this is a positive shift, since what the blockchain industry needs most is to embrace ordinary users, rather than forcing them to become industry experts.

4. Self-hosting of Tee using a trusted technology environment

The social login mentioned earlier can only solve the recovery problem, but it cannot solve the problem of automated trading.

Therefore, each company has a slightly different approach to this.

First, let's go over some background information. Tee is an abbreviation for Trusted Execution Environments. Essentially, it is still a type of server, but this server can ensure that its memory environment and operation process cannot be read or interfered with, even by AWS service providers or server owners.

In addition, once he starts running the program, he will publish a file called Attestation. The party interacting with Tee can verify whether this document is consistent with the one he published in the open source.

Only when the program he runs conforms to the specified open-source version will the two correspond, thus proving trustworthiness. This is already widely used in the industry.

• For example, Avalanche's official cross-chain bridge uses SGX (a certain T-shirt model) as a notary validator.
• For example, on the Ethereum mainnet, 40% of the blockchain already uses the Builder Net, which is also based on the TEE, to complete transactions and generate blocks.
• Not to mention various financial institutions and banks, which strictly control and prevent internal risks, have also basically introduced Tee. Under the background of compliance in 2025, leading exchanges have also introduced Tee at high prices for cold and hot wallet signature custody.

Although there are many difficulties in using Tee, such as low machine performance (which can be addressed with money), risk of downtime (loss of memory information), and complex upgrades.

The remaining question is how various exchange providers offer Tee services within wallets?

4.1 Coinbase and Bitget's solutions

It's hard to imagine at first that Coinbase, a US-listed and compliant exchange, actually uses the most centralized version.

Moreover, the bitget is almost identical in its logical architecture.

In essence, he only uses Tee as a service to generate private keys and drive signatures, but how can Tee verify whether this service is truly the user's intention?

Coinbase operates entirely on a user login process, where backend authentication is used to forward instructions to the Token (TE) for transaction completion.

Bitget is similar. Although there is very little information, it appears that there is no process of a signature page appearing on the client side. Instead, it directly sets the new address to the EIP-7702 address, thereby realizing gas payment on behalf of the client.

The advantage of this system is that at least the user's private key is indeed in the Tee. However, whether the backend will put other strange instructions in is neither verifiable nor disprovable.

Fortunately, there is evidence on the blockchain.

Therefore, I believe that Coinbase and similar exchanges have essentially enhanced the credibility of exchanges. After all, there is definitely a record of whether private keys have been exported, which can eliminate the possibility of users committing fraud or other malicious acts. The only risk is that the exchange itself acts maliciously, which is actually consistent with the underlying model of users trusting CEXs.

4.2 Bn and Okx

Comparing the MPC and SA of these two companies, the underlying logic is essentially the same. Regarding driving transactions, OKX pops up an intent authorization signature page. Combined with the intent verification logic within the Tee (Tee), this allows for a higher level of user authorization, but also increases the overall user understanding cost.

Binance's MPC is largely due to its existing technical system (MPC actually has limitations in multi-chain expansion). After the introduction of Tee, users need to encrypt and transmit a fragment from their local device to Tee. OKX, on the other hand, encrypts and transmits the user's own local mnemonic phrase to Tee.

As a user, you don't need to worry too much about the security risks here. Currently, the reliable communication between Tee and the client is very mature, and in theory, it completely eliminates man-in-the-middle attacks. After all, as long as you use the public key that Tee publishes for asymmetric encryption, then naturally only the private key can decrypt it.

There are also some minor differences in user experience, such as MPC, private key transfer to the Tee, expiration time, and renewal. These are all engineering issues, so I won't go into detail.

The design motivation behind this approach is to reduce migration costs and avoid the cold start problem where users have to migrate assets to experience new advanced features.

For example, CB's approach focuses on the payment sector, allowing traditional e-commerce service providers without local private key management experience to use APIs to call private keys to complete on-chain operations.

Furthermore, Binance's approach is combined with other methods to compete in the CedeFi sector, making it easier for users who usually view stock charts to directly purchase on-chain assets through similar interfaces, while ignoring issues such as gas fees, slippage, and multiple chains.

5. Summary

How should we evaluate the past 25 years, and how do we view the future?

In my opinion, this year was a year of silence for Wallet, but also a year of transformation. He didn't make a big splash, but he was quietly doing great things.

In today's multi-chain environment, simply creating a useful tool is no longer enough to support a large wallet team (and its supporting infrastructure). It inevitably needs various value-added services to sustain it. And this year happens to be a year of explosive growth for applications. The perps track has been reborn, and RWA (stock-related), prediction markets, and payments have all shown simultaneous improvement.

The market is gradually shifting from fat memes to diverse Dex demands.

Moreover, the meme market only appears large because of its fast transaction speed and high turnover. In reality, it's always the same group of people playing it. The hot topics change, but the user growth is not significant.

This is combined with various new custody systems from different exchanges, each staking their reputation on the back of different TEs.

Moreover, in the long run, AI will become increasingly powerful, including AI trading, whereas previous wallets were designed for humans, not for AI.

Therefore, what I foresee is that there will be a richer explosion in applications next year, because the underlying technology is becoming more mature. There will definitely be a gap period in between, because TEE is still a big exchange's approach, and they are unlikely to open up external access completely like Coinbase.

In addition, using user funds to play DEX is only the demand of some users. There are also a larger number of users who just want to earn some stable money. They are very satisfied with the subsidies and airdrops during the promotion period of various companies, plus the APY.

Cedefi products that allow users to earn on-chain rewards will be the first step for many Ceex users to exit the blockchain (Note: This mainly refers to Cedefi products with independent addresses; those with shared addresses, such as Bitget, will not be eligible).

Finally, there have been many improvements in cryptographic technology for passkeys this year. Although these have not been covered in this article, more and more public chains such as Ethereum and Solana have gradually integrated the R1 curve (which is supported by default for device passkeys) through pre-compiled contracts. Therefore, wallets that combine passkeys are also a foreshadowing (although their retrieval and cross-device synchronization are not easy to handle), so there are not many good applications yet.

After all, any product that can streamline high-frequency needs will eventually find its place in the market.