Will the next leap in Web3 happen in the "account system"?

On November 13th, Vitalik Buterin announced the signing of the Trustless Manifesto, aiming to rethink the Web3 trust model and proposing three laws for judging whether a system achieves Trustless: no critical secrets (protocol steps do not depend on the private information of a single actor), no indispensable intermediaries (participants are replaceable and open), and no unverifiable results (state changes can be reproduced from public data). It is worth noting that, following closely on November 18th, the Ethereum Foundation's Account Abstraction team proposed the "Ethereum Interop Layer" (EIL) solution, which is built upon the ERC-4337 Account Abstraction standard and the principles of the Trustless Manifesto. While the market has been critical of Ethereum's decision-making regarding its abstract approach, objectively speaking, this is not merely a matter of philosophical discussion. If we hope Web3 will reach billions of people, are the existing account models "accessible" enough? When users permanently lose their assets due to the loss of their private keys, have we truly achieved "self-sovereignty"? These questions are crucial. This article will also begin with the "Manifesto" to try to explain why Ethereum needs Account Abstraction (AA), what the limitations of EOA are, and what kind of next-generation account experience AA represents. I. What are the problems with traditional accounts (EOA)? As is well known, the vast majority of accounts on the Ethereum network are still EOAs (Exclusive Accounts). These accounts are controlled by a public-private key pair, typically expressed as a 12- or 24-word "mnemonic phrase." This constitutes the most prominent feature of cryptocurrency security in the eyes of newcomers—"private key/mnemonic phrase is asset": As long as a user holds the private key/mnemonic phrase of that address, the asset belongs entirely to the user. Neither exchanges nor miners can freeze, confiscate, or operate on your behalf. However, at the same time, this complete decentralization is also a double-edged sword, setting extremely high barriers to the large-scale adoption of assets: Cognitive barriers: Users must understand basic concepts such as public keys/addresses, private keys/mnemonic phrases, and gas fees; Storage risks: In the traditional EOA model, ownership is extremely fragile. Because "private key = account," once the private key is lost or stolen, your ownership is instantly lost and irrecoverable, with no customer service or platform recovery service; In short, in EOA... Under this mechanism, everyone is primarily responsible for the security of their own assets. This is why new users are often repeatedly reminded not to screenshot their mnemonic phrases or save them to cloud storage; it's best to handwrite them and make multiple backups. In addition, EOA has another typical feature: to send any token, the account must have ETH as a gas fee. This means that many novice users, even with 1000 USDT in their account, are unable to make any moves because they lack ETH. Objectively speaking, this experience of "having to buy another currency before spending money" greatly hinders the widespread adoption of Web3. Finally, there's the cumbersome process, almost like "signing a document," because EOA's logic is "hard-coded" on the blockchain, resulting in very limited functionality. For example, when buying and selling tokens on a decentralized exchange (DEX), you often need to click "Approve," sign your name, and pay a fee; then click "Swap," sign your name again, and pay a fee again. This entire process is not only cumbersome but also costly. In the "Trustless Manifesto," there is an important concept called "Accessibility." If a system is technically trustless, but its operation is so complex that only geeks can use it, then it is difficult to truly serve the public and cannot be called a "trustless public infrastructure." It is precisely because EOA has the aforementioned inherent flaws that explorations in areas such as Account Abstraction (AA) have emerged. II. What is Account Abstraction (AA)? To put it simply, if a traditional EOA account is like a single-function "old-fashioned Nokia," then AA (Smart Contract Account) can be understood as an upgrade to a programmable "smartphone." From a developmental perspective, AA's underlying technical standards have undergone multiple iterations and expansions, including proposals such as ERC-4337, EIP-7702, and EIP-3074. However, as ordinary users, we only need to remember the essence of AA: it decouples the account from the private key, turning the account into a piece of code (smart contract). Because the account is essentially code, its logic is no longer rigid but programmable. This means we can write various complex logic into the account, such as "who can use it," "how much money can be transferred per day," and "who pays the transaction fees." These functions were previously completely impossible with EOA itself and required complex external contract wrapping. Therefore, AA accounts can be used in a variety of ways. For example, traditional EOA security relies entirely on the slip of paper with the mnemonic phrase written on it; if lost, it's lost without any remedial measures. AA accounts, however, support "social recovery." By setting up n guardians (your other device, trusted friends, or even third-party institutions), when you lose your key, a new key can be generated through the guardian's signature, allowing you to regain control of your account. Traditional EOA requires ETH in the account as gas fees for sending any token, which is a significant barrier for new users. AA accounts, however, support Paymaster (a payment mechanism), allowing applications to pay gas fees on your behalf, or you can directly use USDT in your account to pay gas fees, even achieving seamless interaction. Therefore, it's said that if EOA is a single-function "old-fashioned Nokia," then AA (smart contract account) is a programmable "smartphone." By decoupling the account from the control logic, the account is no longer solely controlled by private keys but by code (smart contracts), allowing for the addition of more functionality and security. After all, for Web3 to reach billions of people, it must bring more behaviors onto the blockchain and reduce the psychological burden and operational costs for users. III. What can AA accounts bring to ordinary users? In general, for ordinary users, we don't actually need to understand the underlying code logic. We only need to know that upgrading to an AA account will bring the following qualitative leaps in our Web3 experience: Firstly, thanks to mechanisms like social recovery, we can potentially say goodbye to mnemonic phrase anxiety. This is also one of AA's core values. Because the account and private key are unbound, you can set up more user-friendly security logic, such as setting up 3-5 "guardians" (like your other phone/address, trusted friends, etc.). Furthermore, if we accidentally lose our current phone, we can simply use a guardian to generate a "new key" to regain control of the original account. In short, the account is still there, the assets are still there, only the key has changed—this is closer to the experience of modern financial services. In addition, AA accounts support a feature called Paymaster, completely breaking the "must hold ETH" curse. For example, any project wanting to promote itself can proactively pay gas fees for potential customers to attract users, and users can use it just like a Web2 App, completely unaware of the gas fees. Of course, if your account only has USDC, AA also allows you to directly pay gas fees with USDC; the conversion is automatically completed in the background, so you no longer need to specifically buy ETH for transfers. Furthermore, through smart contract accounts, multi-step operations can be packaged into a single transaction (atomic), saving time and money. Taking the DEX transaction mentioned above as an example, previously it required "authorization -> signature -> transaction -> signature," but now AA can complete all steps with a single click. And because it's an atomic transaction, it means either all steps succeed at once or all fail, preventing the loss of gas on the blockchain due to a single failed step—it's both secure and efficient. Finally, because it has built-in smart contract logic, AA accounts can achieve granular permission management, just like our bank accounts. This means we can tier different accounts and set daily limits based on actual circumstances—for example, exceeding 1000 USDT requires multi-signature, while less than 1000 USDT allows password-free payments; or we can set up "blacklists and whitelists," allowing only interactions with specific secure contracts. Even if a hacker steals your private key, due to the limits and whitelists, it will be difficult for them to transfer all your assets in a short time. In conclusion, as advocated by the "Trustless Manifesto," a truly "trustless" system should not belong only to cryptographers and geeks, but should be readily accessible. Account abstraction (AA) is not intended to overthrow Ethereum, but rather a return to a "human-centric" approach. Through the flexibility of its code logic, it compensates for the inherent weaknesses of humans in managing keys, clearing the final hurdle for the large-scale adoption of Web3. With wallets like imToken gradually supporting AA features, we have reason to believe that the future of Web3 will be a free network that offers a smooth Web2 experience while upholding "self-sovereignty." And you simply need to enjoy this change.