"Writing Rust middleware with Copilot is magic, you still shouldn’t trust it bcz...."
This week on Coffee with Calyptus, we sit down with Alex Cyon, the engineering mind behind Radix Wallet and creator of the Sargon SDK. Alex shares his deep dive into decentralization, security, and next-gen wallet design. If you're into cryptography, Rust, or simply building smarter wallets, this one’s for you.
-modified.png)
You’ve gone from building Sweden’s most-used iOS apps to engineering cryptographic middleware at RDX Works, what pulled you from mainstream mobile into the world of DLT and Web3?
I was introduced to Ethereum in 2017 by a friend of mine and that was like opening Pandora's Box - I quickly became absorbed by the fascinating technology of not only consensus but also cryptographic primitives like hashes and signatures. Later I discovered Zilliqa - the world’s first sharded DLT and first to use Schnorr signatures - my grant application to develop a mobile wallet for them got accepted and I created Zhip (since, sunsetted).
Later I found and fell in love with the Radix DLT project where I’ve done many things but primarily led the development of their mobile wallet. We realized that the implementation of complex logic in two code bases (Swift and Kotlin) were too costly and hard to maintain, thus we decided to share logic using Rust + Mozilla Uniffi - so I created the middleware SDK Sargon.
Radix is known for pushing boundaries in user-friendly decentralization, what's been your biggest technical or philosophical challenge building secure, abstracted accounts and decentralized P2P wallet connect (Radix Connect) for a next-gen wallet?
Full account abstraction, or MFA, as Radix calls it, is not released (yet?). I’ve implemented most of the bigger challenging modules of it in 2024 and 2025. One of the trickiest modules were the SignaturesCollector: threshold signatures signing of a batch of transactions, each transaction with multiple accounts to sign with (e.g. if you use account B to pay for account A) where each account uses N/M threshold signatures scheme with factor sources of different kinds (Mnemonic in Secure Enclave authed by biometrics, Ledger Nano S, Arculus Card, Trezor, etc), were I also needed to allow user to be able to skip some of the signing factors, and inform the user which transactions would fail, if any, if said factor was skipped. There is in fact more details I had to omit in that description to make it even more complex.
You’ve been a consistent open-source contributor, from Swift-crypto to custom SDKs, how has contributing to public codebases shaped your approach to innovation and engineering leadership?
I take code review and testing very seriously and I think those two components of development become more important in Open Source Software (OSS) because some other contributors to some OSS project might not be a regular code reviewer, but that developer contributed with a PR some months ago and have missed the latest development or otherwise been out-of-loop. If I submit a PR without giving detailed context and a quick glanceable overview of the work done we risk excluding that contributor from the review. Furthermore, having a CI setup measure code coverage which gets reported back into the PR flagging that this PR does in fact increase code coverage and has a patch coverage of 99% sends a clear signal that this work is really ready to be reviewed. I tend to write pretty long PR descriptions with TOCs to be as inclusive as possible.
I also think linting and formatting tools are more important in open source projects, which brings together developers who might have different code preferences. Why I love tools such as typos and pre-commit.
Looking back at your time creating Zhip, the first Zilliqa mobile wallet, to now with Radix, how do you see the evolution of wallet UX and security design in Web3? What’s still broken?
I created Zhip in 2018 and back then “smart accounts”/Account Abstraction was not being talked about so much, at least Zilliqa did not have support for it back then. So Zhip was a pretty simple app - your private key controlled your account - singular. The Radix Wallet is orders of magnitude more complex, with support for multiple accounts, multiple decentralized logins (‘Personas’) and with Radix Wallet support both Desktop to Mobile and Mobile-to-Mobile. I think wallets have evolved to use the strengths of both traditional bank accounts - you can have many and if you lose your phone you have not lost control of your funds - the decentralized nature of crypto - you don’t need to trust any company/institution to be able to control your funds, you are “your own bank”.
What is still broken? Well most crypto wallets do not have support for smart accounts yet. And more importantly, many wallets lack recovery mechanisms. My grandmother - heck even my parents - won’t use crypto if they need to write down 24 words on a piece of paper which they “cannot under any circumstances lose”.
With your automation mindset and love for systems, how are you exploring or adopting AI in your cryptography or SDK work, and where do you see the biggest synergy between AI and Web3?
I use Microsoft Copilot everyday when I write Rust code, and I’ve been using it for almost a year now. It has become truly great at mundane boilerplate code and even writing documentation and unit tests. It is not “perfect” yet, but given how much and fast it has improved just the past 6 months I think it will forever be a great tool developers can use to be more productive. I think it is important though to not trust the AI tools (just yet) too much when it comes to critical code such as cryptographic applications.
I think there is an AI+Web3 hype train going on right now and I see it as just that; hype. Projects springing up trying to say they have a novel way of solving Web3 with AI. Some might in fact have some good ideas and value add to the Web3 world, but I have yet to see it. I think many unserious actors combine two hype words and wanna do an easy money grab with it.
Solidity Challenge 🕵️♂️
The below contract has a function that gets the location at which the balances mapping is stored. Can you tell what will be the output if the getBalanceSlot() function is called?
Solidity Challenge Answer ✅
Answer: The return value will be 0.
