Imagine paying millions of dollars for a JPEG of a monkey just to have it stolen from your digital wallet. That's exactly what happened to actor Seth Green, who ended up pleading with the hacker (and likely paying them over $100,000) to return the NFT back to him.
Green's predicament is more common than one would think, and it raises the question of how NFT platforms should handle helping its customers get recourse when this happens, if at all. Cracking down on thieves and enforcing ownership rights is particularly difficult in an industry that values decentralization and self-sovereignty as core tenets. Still, NFT holders need to feel safe holding the digital assets they purchase, Upstream founder and CEO Alex Taub told TechCrunch in an interview.
"Security is really rough with crypto. People lose their seed phrase, their export keys, they click on a bad thing, they sign -- that person could take a lot of stuff out … Sometimes, you're doomscrolling when you're half asleep, and you click on a bad link, and it's over," Taub said.
Upstream, which most recently raised a $12.5 million Series A round in March, refers to itself as a no-code, full-stack platform to build DAOs (decentralized autonomous organizations). Now, the startup has leveraged its DAO tooling know-how to roll out a new product Taub says will improve security for NFT holders called the "Vault DAO."
A screenshot of the homepage interface of the Upstream Vault DAO. Image Credits: Upstream
Before we get into how a Vault DAO works, it's worth examining why Taub might have felt the need to build out a new solution altogether. Security isn't a new issue in crypto by any means, but the existing solutions, especially for individuals, are limited.
Hardware wallets, for example, provide a secure option for people to store the private keys to their wallet on what's essentially a hard drive, but these "cold" wallets aren't exactly known for being user-friendly. What's more, Taub noted, one could just as easily misplace a hardware wallet as they could lose the seed phrase that enables them to access their crypto. "Hot" wallets, which are connected to the internet, are another solution, but Taub said he wouldn't deposit any valuable assets into one because most solutions for NFTs are custodial or operated by a centralized entity. Additionally, Taub said he worries about the possibility that assets in a hot wallet could get lost in the shuffle of connectivity issues.
The Vault DAO, Upstream's solution, operates as a multisignature wallet that can be configured to require sign-off from multiple discrete accounts to authorize a transaction on behalf of a user. A user can set up multiple accounts directly through Upstream and can choose a threshold for the number of signatories needed to execute any given type of proposal, Taub explained.
A screenshot of the multiple signatories associated with Taub's own Vault DAO. Image Credits: Upstream
For example, a user could require three signatories to sign off on any transfer of assets from a specific wallet, and those three signatories could either all be accounts operated by the user or could include accounts delegated by the user to a trusted friend. Mechanically, the product operates as a user's personal DAO, because each transaction takes place in the form of a proposal being made by the user, voted on by a predetermined critical mass of DAO members and then executed as such.
It's fundamentally similar to Gnosis Safe, a popular multisig wallet tailored toward organizations, but Taub says the Vault DAO is much more user-friendly from a design standpoint. Unlike most popular multisig wallet products on the market today, Taub added, Vault DAO is specifically designed for individual users to secure their own assets rather than for groups that require multiple parties to sign off on a transaction.
As for where the assets are actually held, the Vault DAO product connects with major existing wallets including MetaMask and Rainbow as well as the WalletConnect protocol, allowing users to link assets held in "cold" storage to their Vault DAO, Taub said.
Upstream's website currently allows users to sign up to request early access to the product, though Taub did not share any details on the expected timeline for its public launch.
Taub described Upstream's platform as two-sided -- one side is a "Shopify for DAOs" that helps people set up the groups and the other side helps people manage their DAOs through an easily navigable front-end experience.
"At the end of the day, we aren't holding your NFTs, we aren't holding your crypto. It's in this multisignature wallet that you have complete access to," Taub said. "So that's how I sort of see it -- I feel not only comfortable that I'm protecting myself from clicking on a link and losing all my stuff, but I also feel comfortable because I still own my stuff."