Bitski Wallet as a Service

November 30, 2023

We're excited to announce Bitski's Smart Wallet as a Service Platform – powered by Account Abstraction. This is a product that we've been offering to Fortune 500 brands, games and orgs. And now, it's open for anyone!


Account abstraction can be used to solve many of the onboarding challenges facing the Web3 ecosystem. But it often still requires multiple service providers, and in the end, users are less in control than with self-custody options. Bitski WaaS stands out by offering a complete wallet journey – with tooling for wallet creation, in-app experiences, and the transition to self-custody.

We provide customers with three key elements:

Try the Demo:

We created a WaaS demo app called Desolaris, deployed on Base. Once you create an account, a wallet will be generated for you. You can then claim that wallet.

  1. Create a Desolaris account
  2. Claim Deck
  3. Claim Wallet via Desolaris settings
  4. Login to Bitski iOS or Extension to view Desolaris NFTs

Under the hood

Each time a new user signs up we deterministically generate a series of smart contracts that provide the functionality we need to onboard users quickly and also migrate them down the line.

Server-Side Wallet as a Service

Typical crypto wallets and WaaS systems lean on local key storage in the user's browser for app interactions. This approach often complicates the backend work, making key management between the server and client a tangled affair, and might even slacken key security for users.

Bitski takes a different path. We store keys in hardware security modules, ensuring robust security. Our setup includes a user-friendly authorization process for client-side apps, like web interfaces, and a developer-centric suite of APIs and tools for server-side applications. It's the best of both worlds: developers get the tools they need for standout experiences, and users keep firm control over their digital assets.

Our system generates wallets using your app's user IDs, letting you access any user's address without a UI or a client-side session. We've made this smooth with an easy-to-use API, available whenever you need a user's address. Plus, you have the option to store these addresses in your database. This approach not only streamlines onboarding but also cuts out the complexities of transferring keys between server and client.

Built on EIP 4337, the Account Abstraction Standard

Account abstraction isn't a new idea, but getting everyone on the same page about how it should work has been challenging. EIP 4337 steps in to make things clearer. It introduces a 'user operation' as a universal meta-transaction format. These user operations are then grouped and relayed on the blockchain through a bundler and relay, each connected to a smart contract that checks and runs them.

Handling gas costs is still a part of the equation, with relayers initially covering these fees. To reimburse relayers, there are a few strategies. One way is through a sponsor covering the transaction's gas. Another method involves a 'paymaster' who pre-approves transactions and handles gas costs on behalf of the user. Users also have the option to use standard ERC20 tokens for gas, which are internally exchanged, or they can bypass the paymaster and pay gas costs directly.

Bitski Private Keys and OAuth

To carry out a transaction, it's essential first to sign a user operation. This process starts by assigning an owner to our wallet before deploying our contract. At Bitski, we utilize OAuth2 and OIDC standards to link keys to each user, with these keys being dynamically generated via our Hardware Security Modules (HSMs). Developers have the flexibility to integrate these into their existing authentication systems or use popular services like Auth0, Stytch, Okta, Firebase, and others. The beauty of this open standard is its simplicity and ease of implementation, requiring minimal effort to get started. Additionally, OAuth’s compatibility with various platforms, including gaming consoles and mobile apps, enables seamless cross-platform interoperability.

In Bitski’s model, the unique identifier from the OIDC handshake is pivotal, allowing us to steer clear of needing any personal user information. This approach ensures both robust security and user privacy, streamlining the process for developers and maintaining a high level of trust and integrity in user interactions.

Avoiding Onboarding Gas Costs

Bitski utilizes deterministic algorithms for wallet generation. This approach circumvents the need for on-chain transactions when creating new accounts, effectively reducing gas costs associated with deploying smart contracts. Deterministic wallet generation lowers onboarding expenses and enables the creation of thousands of wallets per second, a rate difficult to achieve on most blockchain networks.

The process begins with the generation of private keys via BIP 32 deterministic wallets, followed by the use of deterministic deploys to compute account addresses. The result is that accounts can be set up, and they are capable of receiving assets and conducting meta transactions without incurring gas costs. Gas costs become relevant only when there's a need for account modifications or when executing non-meta transactions, such as cryptocurrency transfers or certain types of smart contract interactions. In these cases, deploying the wallet incurs gas fees, although these can be covered by sponsors if necessary.

Connect to Other Applications

Once these accounts are generated, users can interact with your application without any additional software or accounts. If you want to allow your user to take their wallets to the rest of the Web3 ecosystem, you can have them set up a Bitski account. Their wallet will continue to work without any changes in your application, but they can also take the wallet to other places, such as OpenSea. They can also connect to our mobile applications or browser extensions to interact with any Web3-compatible website.

Offboarding to Self Custody

Adding Additional Signing Keys to a Wallet

At any point, users can add additional signing keys to their wallet (either via the Bitski Wallet interface or the Safe web wallet). These new keys now have full permission to their wallet.

Removing the Default Bitski Signing Key

Users can even remove the default Bitski generated key, thus fully migrating a user to a wallet of their choice (although at this point, the OAuth-based flows will no longer work for signing transactions. Applications that enable users to move to their own keys will need to add a wallet picker if they want to sign transactions). On-chain, nothing changes; the wallet address remains the same and all assets stay put.

Start Building!

Bitski WaaS is free for developers needing up to 10k wallets. Get started and view docs here. We're actively working to improve our WaaS experience. We have a lot more coming and would love your feedback: if you have any questions or thoughts, reach out to us at @bitski or