web3 security – Ontology News

The Role of CeDeFi in Non-Custodial Wallets

Mon, 12 Jan 2026 15:15:13 +0000

As Web3 matures, the line between centralized and decentralized finance is becoming less rigid. Users increasingly expect access to liquidity, efficiency, and familiar exchange experiences, while still retaining control over their assets.

This is where CeDeFi, the convergence of centralized and decentralized finance, is playing a growing role, particularly within non-custodial wallets.

Rather than replacing DeFi, CeDeFi is emerging as a complementary layer that helps bridge usability gaps without compromising user sovereignty.

Why CeDeFi Matters

Pure DeFi offers transparency and self-custody, but it can also introduce friction. Fragmented liquidity, complex interfaces, and variable execution outcomes can create barriers, especially for users navigating multiple chains or assets.

Centralized exchanges, on the other hand, offer deep liquidity and simplified execution, but often require users to relinquish custody and manage additional accounts.

CeDeFi combines elements of both models. It allows users to access centralized liquidity and pricing efficiency directly from a non-custodial environment, without transferring control of their assets to an exchange account.

For users, this means fewer steps and reduced operational risk.

For ecosystems, it means broader participation without lowering trust standards.

Non-Custodial Wallets as the Integration Layer

Non-custodial wallets are increasingly becoming the natural home for CeDeFi integrations.

From an architectural perspective, wallets already sit at the intersection of identity, assets, and transaction execution. Adding CeDeFi services within this context allows users to interact with centralized liquidity providers while maintaining self-custody and on-chain transparency.

In wallets such as ONTO Wallet, CeDeFi integrations enable users to:

Swap or bridge assets across chains without depositing funds into an exchange account
Retain full control of private keys throughout the transaction flow
Access multiple liquidity providers through a single interface

The wallet becomes an orchestration layer, rather than a gatekeeper.

Partner Integrations in Practice

ONTO Wallet integrates with established CeDeFi partners to expand exchange options while preserving non-custodial principles.

Services such as Changelly, SimpleSwap, and Exolix provide access to aggregated liquidity and cross-chain execution, allowing users to complete swaps or bridges directly from within the wallet interface.

From an ecosystem perspective, these integrations:

Reduce friction for users entering or moving within Web3
Improve price discovery and execution reliability
Allow wallets to offer flexibility without rebuilding exchange infrastructure

Importantly, these services operate as optional pathways, not mandatory dependencies. Users remain free to choose how and when they engage.

Trust, Control, and Optionality

CeDeFi is sometimes misunderstood as a compromise between decentralization and convenience. In practice, its value depends on how it is implemented.

When integrated into a non-custodial wallet:

Custody remains with the user
Execution is transparent
Identity and compliance requirements can be applied selectively
Risk is reduced through choice rather than restriction

This model aligns closely with Ontology’s broader approach to Web3 infrastructure, where trust is applied deliberately and proportionally, rather than universally enforced.

Looking Ahead

As Web3 adoption expands, users will continue to demand both autonomy and efficiency. CeDeFi, when embedded thoughtfully within non-custodial wallets, offers a practical path forward.

Rather than forcing users to choose between control and convenience, this approach allows both to coexist.

Ontology will continue supporting infrastructure and identity standards that make these integrations possible, while products like ONTO Wallet demonstrate how they can be delivered in practice.

]]>

Ontello: Connect, Explore Web3, and Use AI, Securely

Tue, 23 Dec 2025 11:42:46 +0000

Today, we’re opening the Ontello Beta to our community. This is your first look at a new kind of social and Web3 experience that brings private messaging, on-chain identity, and crypto-native AI agents into a single, simple app.

Why We Built Ontello

Ontello started from a simple belief:

Your conversations, your identity, and your digital actions should belong to you, not to a platform.

In the Ontello Beta, you will see the beginnings of that idea come together:

A secure, end-to-end encrypted messenger
A self-sovereign identity powered by ONT ID
A built-in smart wallet that works with your device’s passkey
A growing library of AI agents designed for Web3 life

What You Can Do in the Ontello Beta

Below is a practical overview of what works today and how you can try it.

Create Your Ontello Account (With Your ONT ID)

Your Ontello account begins with ONT ID, your decentralized identity.

It acts as your display name and your passport across the Ontello ecosystem.

You can customise your display name later, but your ONT ID is permanent.

Private, Encrypted Chat, Backed by On-Chain Identity

Ontello uses the Matrix protocol to deliver end-to-end encrypted messaging.

Because you sign in with ONT ID, every message is tied to a real, verifiable, self-owned identity.

To start a chat:

Click + Create Chat
Search for a contact by ONT ID or Matrix ID
Begin your conversation, everything is encrypted by default

Your Smart Wallet, Automatically Created and Passkey-Secured

Ontello generates a self-custodial smart wallet automatically when you register.

No seed phrases.

No private key management.

No complexity.

Your wallet is secured by your device’s Passkey, the same authentication you use to unlock your phone. It is safer, easier, and avoids the common pitfalls of manual key storage.

In this beta release, the wallet supports: Ontology EVM (ONT, ONG)

You can send assets to ONT ID, ENS, or standard addresses.

Explore the AI Agent Store

One of Ontello’s early standout features is the AI Agent Store, a curated collection of agents built specifically for Web3 users.

In beta, you can:

Browse available agents
Chat with them directly
Ask questions or perform simple on-chain actions (where supported)

Our Philosophy: Privacy, Identity, and Intelligence Should Belong to You

Ontello is built around a simple vision.

Identity should be decentralized.
Communication should be encrypted and interoperable.
AI should empower individuals, not platforms.

This beta release is a first community step toward that vision.

]]>

Web3 Horror Stories: Security Lessons Learned

Fri, 07 Nov 2025 06:22:16 +0000

Web3 horror stories lessons learned — this summary turns scary headlines into simple education: self custody, bridge safety, venue vetting, stablecoin plans, and an incident checklist. We posted the full session on X here. If you missed it, this summary gives you the practical habits to use Web3 with more confidence.

Note: The information below is for education only. It describes options, questions, and factors to consider.

Web3 security foundations

Blockchain in one sentence: a public ledger where many computers agree on the same list of transactions.
Private key: the secret that lets you move your coins. Whoever controls it controls the funds.
Self custody vs custodial: self custody means you hold the keys. Custodial means a platform holds them for you.

Choosing venues: exchanges and custodians

What people usually try to learn about a venue

How customer assets are held and whether segregation is documented
Whether the venue publishes proof of reserves and whether liabilities are discussed
What governance or policy controls exist for large transfers
How compliance, KYC/AML, and audits are described
Incident history and the clarity of post-incident communications
Withdrawal behavior during periods of stress

Common storage language

Hot storage: internet-connected and convenient
Cold storage: offline and aimed at reducing online attack surface

Trading and custody involve process and oversight. Public signals such as disclosures, status pages, and audit summaries help readers form their own view of venue risk.

Bridge security: moving across chains safely

Think of bridges as corridors, not parking lots. A bridge locks or escrows assets on one chain and represents them on another. Because value crosses systems, bridges can be complex and high-value points in the flow.

Typical points to check or ask about

Official interface and domain
Current status or incident notes published by the team
Fee estimates and expected timing
Any approvals a wallet is about to grant and to which contract
Whether a small “test” transfer is supported and how it is verified
How the project communicates delays or stuck transfers
Whether there is a public pause or circuit-breaker policy

Terms that appear in bridge discussions

Validator and quorum or multisig: several independent signers must approve sensitive actions
Reentrancy: a contract is triggered again before it finishes updating state
Toolchain: compilers and languages a contract depends on; versions and advisories matter

Movement across chains touches multiple systems at once. Understanding interfaces, messages, and approvals can help readers evaluate their own tolerance for operational complexity.

Stablecoins: reserves, design, and plans

What a “dollar on-chain” can be backed by

Cash and short-term treasuries at named institutions
Crypto collateral with over-collateralization rules
Algorithmic or hybrid mechanisms

Questions readers often ask themselves

What assets back the stablecoin and where are they held
How concentration across banks, issuers, or designs is handled
What signals would trigger a partial swap or a wait-and-see approach
Which sources are monitored for updates during stress

Example elements of a personal depeg plan

Signals: price levels or time thresholds that prompt a review
Actions: small, incremental adjustments rather than all-or-nothing moves
Sources: issuer notices, status pages, and established news outlets

Designs behave differently under stress. Defining personal signals and information sources ahead of time can make decisions more methodical.

Human layer protection: phishing, privacy, browser hygiene

Patterns commonly seen in phishing or social engineering

Urgency or exclusivity, requests to “verify” a wallet, surprise airdrops
Lookalike domains, QR codes from unknown accounts, unsigned or opaque transactions
Requests for seed phrases or private keys (legitimate support does not request these)

Privacy points that often come up

Use of a work or pickup address for hardware deliveries
Awareness that marketing databases can leak personal details

Browser and device considerations people weigh

A separate browser profile for web3 use with minimal extensions
Regular device and wallet firmware updates
For shared funds, whether a multisig or policy-based account would add useful checks

Many losses begin with human interaction rather than code. Recognizing common patterns can help readers evaluate messages and prompts more calmly.

Web3 security glossary

Bridge: locks an asset on chain A and issues a representation on chain B
Wrapped token: an IOU on one chain representing an asset on another
Oracle: external data or price feed for smart contracts
Reentrancy: re entering a contract before the state updates which can enable over withdrawal
Multisig or quorum: multiple keys must sign before funds move
Proof of reserves: an attestation that holdings cover obligations and is meaningful only if it includes liabilities
Self custody: you hold the private keys which brings more responsibility and less venue risk
Cold storage: offline key storage that is safer from online attack
KYC or AML: identity and anti money laundering controls
Seed phrase: the words that are your wallet. Anyone with them can empty it

Important definitions

Keys

Where are long-term funds held
Is there a way to verify address and network before larger transfers
Is a small confirmation transfer practical in the current situation

Approvals

Which contracts currently have spending permission
Are there tools to review or remove old allowances if desired

Bridges

Is the interface official and the status normal
Are there recent notices about delays or upgrades
If something looks off, where are the official communications checked

Monitoring

Which status pages are bookmarked for wallets, bridges, and venues
Which channels are considered primary for updates during turbulence

Venues

Is there public information on liabilities alongside assets
How are customer assets segregated according to the venue
What governance and audit information is available

Comms hygiene

How are links verified before use
What is the process when receiving unexpected DMs or QR codes
What information will never be shared (for example, seed phrases)

Playbooks

What are the personal thresholds for a stablecoin price review
What are the steps if an exchange pauses withdrawals
What is the process if a wallet compromise is suspected

Note for readers

This article is an educational takeaway from our community call. The full call is on X here. It is not advice. It is meant to help readers develop their own questions, checklists, and comfort levels when using web3 tools.

]]>