Infinex is currently in beta testing for a new Chrome browser extension that allows users to log in to the leading 100 crypto sites across 20 chains using any basic phone equipped with fingerprint or facial recognition.
Utilizing a phone passkey linked to a Google or Apple account for logging in and approving crypto transactions is arguably simpler for newcomers compared to mastering wallets and seed phrases, and more convenient for seasoned users than having to approve each transaction through a Ledger or Trezor.
“Understanding seed phrase security and private key operational security is complex for many, acting as a barrier to onboarding users to blockchain,” said founder Kain Warwick in Singapore last week during a Cointelegraph interview.
However, while passkey systems provide solid security, they might not be as infallible as dedicated crypto hardware wallets, which are nearly impossible to hack.
According to hardware wallet manufacturer Ledger, non-dedicated devices carry the risk that their screens could be compromised, tricking users into signing harmful transactions, as demonstrated by the recent Unity Android game platform vulnerability that has since been patched.
The secure enclave on phones, where passkeys are stored, is also a form of Trusted Execution Environment (TEE) that has been compromised by attackers with physical access.
Therefore, they provide a middle ground for users seeking convenient access to their working capital but might not be suitable storage for Bitcoin whales.
“It’s genuinely a better solution for the average user,” Warwick asserted. “Those with a billion dollars should probably consider a different operational security approach.”
Infinex’s early supporters, identified as Patrons, commenced testing the system today on approximately 40 DeFi applications such as Aave, Uniswap, Hyperliquid, Polymarket, Pump.fun, OpenSea, and Jupiter across six chains: Ethereum, Solana, Base, Arbitrum, Optimism, and Polygon.
Warwick acknowledged, “There are still a few minor issues,” but he is confident they will be resolved by the time the system is launched to retail users, with 100 DApps kicking off initially.
He mentioned that passkeys are already safeguarding half a billion dollars in total value locked on Infinex without incidents.
Why aren’t passkeys more widely used in crypto?
Despite their user-friendliness, the decentralized finance sector has been unexpectedly slow to embrace Google and Apple’s passkeys, following their initial implementation by centralized exchange Binance in 2023, later followed by Coinbase and Gemini.
Though it is possible to upgrade wallets with seed phrases to adopt passkeys, the latter do not require seed phrases for new users, are more easily transferable between devices, and provide secure recovery options.
Related: Phishing scams cost users over $12M in August — Here’s how to stay safe
Bitcoin Improvement Proposal 39 facilitated the extensive adoption of seed phrases back in 2013; however, while nearly impossible to brute-force, anyone who gains access to the written backup, or who tricks users into sharing the phrase through phishing, can completely deplete the wallet’s funds.
Other major wallets are starting to incorporate passkeys and biometric authentication. The leading smart wallet, Safe, includes passkeys, although most accounts there operate with multisignature and support only EVM chains.
The Solana Seeker phone employs a thumbprint for transaction approval, but is exclusive to Solana and remains a relatively niche product, with only 150,000 units shipped. Phantom Wallet and other phone wallets provide biometric login to their crosschain wallet app, yet still depend on private keys and seed phrases.
MetaMask dominates the market with over 60% share and 30 million monthly users. It still relies on seed phrases and passwords to access its standard browser interface. Following the introduction of account abstraction this year, MetaMask has started offering passkeys for smart accounts, although only a small fraction of ETH wallets have upgraded.
Passkeys enhance phishing protection
Passkeys also mitigate the risk of phishing, which resulted in losses totaling $12.5 million in cryptocurrency during August alone, according to ScamSniffer.
“The creation of passkeys is domain-specific. Therefore, if you possess a passkey for Amazon, you cannot log into a counterfeit Amazon site someone has created,” Warwick explained.
While this prevents a passkey from being corrupted by a malicious site, users can still be deceived by phishers into signing something while using the extension. Infinex addresses this gap by implementing whitelisted DApps and real-time threat monitoring through Blockaid.
Patrons participating in Infinex’s NFT-based fundraising initiative have proven to be eager beta testers this year.
Around 200 Patrons executed trades worth $100 million over a month while beta testing the platform’s Hyperliquid integration, which was made public last week.
Magazine: They solved crypto’s janky UX problem — you just haven’t noticed yet
