Building a hybrid-custodial wallet was a great learning opportunity for me to break into the crypto-space. It allowed me to familiarize myself with security precautions that I would have never considered otherwise. Typically, in cryptocurrency the idea between a Custodial and Non-Custodial wallet is black and white, so you may be thinking.. what is a Hybrid Custodial Wallet?

A custodial wallet is the concept of a cryptocurrency wallet where the service provider holds your keys and as such they typically have complete control over your funds. To put things in simple terms, it's basically the same as a bank. You deposit your money into the account and then the bank has free control to do whatever they want with the money, it's likely that you'll get it back, but there's always a chance that you won't. A custodial wallet is often (but not always) backed up by a ledger system, similar to a bank as well. This allows the business to transfer funds between customers without conducting fees for on-chain transactions.

A non-custodial wallet is different, instead of a service-provider having access to your funds, you hold your own private keys. You must write down this key and keep it safe and secure as this key provides access to your money and without it, there is zero chance to re-obtain it. However, on the flip-side, if someone else gains it, there's nothing to stop them from taking it and due to the nature of the blockchain, you'll likely never figure out who took it.

So, then what exactly was the Zulu Republic Hybrid-Custodial Wallet? Well, similar to a custodial wallet we actually did keep your private key within our database, however we did not have access to it. This is because your key was double-encrypted. First, we would encrypt the key on the backend using our own encryption key and then we would take the encrypted output and encrypt it again utilizing a password provided by the user. We used some other secret variables to provide additional security here as well, but the important part is that the value that we stored was the value that was encrypted by the users passcode. This means that even though we technically had ownership of the key, we could not in any-way utilize the key without the users password.

The Zulu Republic Wallet was interesting because it was an ecosystem before a wallet, there were other products focused around it such as Lite.IM and the Zulu Passport. Zulu Republic later went on to rebrand and distribute popular services such as Popsicle Finance and Abracadabra. Because of this ecosystem, you were able to do things such as send cryptocurrency to people by email. This was an interesting and unique feature, because you were able to send money to people outside of the platform too, here's how it worked.

Whenever you sent a transaction to an account that didn't exist, the money was sent to one of the Zulu Republic wallets, which basically served as an Escrow. We then sent an email out to the recipient which allowed them to create an account to claim their funds. Whenever they created an account, the system would detect that an account associated with a pending transaction was created and send the transaction to that user. This did mean that there were some incurred costs, however the platform ate these fees as a "marketing cost" so the user always got the appropriate amount of money.

Infrastructure was a bit odd as we started the project with a tech-lead that wasn't making the best choices, he was certain that Firebase being the new shiny thing on the market was capable of handling everything that we needed. This couldn't have been farther from the truth, however we made it work through extremely careful data-structure planning and overcomplicated middleware services. Eventually, after that lead was let go from the company, we moved everything over the the use of PostregreSQL which allowed us to much more efficiently handle processing ongoing blockchain state for mapping users and their pending / completed transactions. This backend later went on to power Lite.IM and reached nearly a million users.