Today, we’re thrilled to announce that Magic has raised $27 million in Series A funding, bringing our total funding to $31 million.

This round is led by Northzone, with participation from Tiger Global, Placeholder, SV Angel, Digital Currency Group, CoinFund, and Cherubic — along with a roster of more than 80 stellar angel investors, including:

• Alexis Ohanian — Co-founder of Reddit, Initialized Capital
• Balaji Srinivasan — Ex-CTO at Coinbase, Co-founder of Earn.com
• Ben Pruess — President at Tommy Hilfiger, Ex-VP at Adidas
• Casey Neistat — YouTuber (12M subscribers)
• Guillermo Rauch — CEO of Vercel & Next.js
• Jacob Jaber — CEO of Philz Coffee
• Jason Warner — CTO of Github
• Kayvon Beykpour — Head of Consumer Product at Twitter, Periscope
• Naval Ravikant — Co-founder of AngelList
• Roham Gharegozlou — CEO of Dapper Labs
• Ryan Hoover — Founder of Product Hunt, Weekend Fund
• Sahil Lavingia — CEO of Gumroad
• Scott Belsky — CPO of Adobe, Author of “The Messy Middle”
• Soona Amhaz — General Partner at Volt Capital / TokenDaily
• Varsha Rao — CEO at Nurx, Ex-Head of Global Ops at Airbnb

This new capital will help us double down on empowering developers and future-proofing our technology, to ensure Magic is the most secure, seamless, and scalable way to onboard users sans passwords.

Since launching on Product Hunt in April 2020, Magic has been in hyper-growth mode. This year, we went from a few people in a San Francisco loft to a 30+ all-remote team spread around the world. We’ve over 10X’d the number of developers building with Magic and our community continues to grow at a fast clip each month. Now, we’re securing millions of user identities for companies of all sizes and verticals.

Trailblazing customers like UserVoice, Decrypt, Polymarket, Fairmint, and more integrate Magic as their core auth flow. We’ve helped our customer base expedite time-to-market, boost conversion rates, reach more audiences, level up security, and reduce cost. And we’re just getting started.

Our vision is to build the passport of the internet in order to safeguard the trust between users and internet services.

#The legacy model

User trust is one of the biggest challenges of the internet. Despite explosive growth in the number of people now connected to the internet — over 5.1 billion users, 67% of the planet — user trust is at an all-time low. Why?

The current user trust model of the internet is fundamentally broken.

A majority of the internet ecosystem has been trading user security, trust, and privacy in exchange for convenience and unsustainable profit growth. These dynamics at play resemble a teetering Jenga tower about to collapse.

We are ensnared in a cybertrust paradox: relying on both a handful of mega-corporations and relative geopolitical stability for access to vital online services — sometimes forcefully so.

These corporations may:

• Go out of business and stop providing services
• Get hacked and cause massive damage to businesses and users
• Restrict critical access due to geopolitical motivations
• Exploit user privacy and compete with businesses built on their own platform due to misaligned incentives
• Ignore compatibility with modern tech stacks like Jamstack, blockchain, and other forms of decentralized infrastructure

Big tech companies become centralized custodians, amassing troves of user identity data, creating single-points-of-failure with “too big to fail” level risks. With motivations to expand and maintain growth at all costs, they acquire more companies and absorb even more user identities. Close to 80% of all recorded acquisitions happened in the last 8 years alone.

This problem compounds itself. One password leak makes other compromises easier, and the rate of lost or stolen passwords is only accelerating, as more companies are moving online due to the pandemic. Facebook’s most recent data breach compromised phone numbers and personal data, making it easier for hackers to impersonate users and scam them into handing over login credentials. In this instance, over 500 million users’ data were leaked.

To hedge against these risks, companies are under more pressure to keep data safe and act swiftly and transparently in a cyberattack. So they turn to their developers to implement authentication in-house. This often ends up being extremely expensive, involving building large teams to continuously address a multitude of security, compliance, infrastructure, reliability, and scale challenges. Despite these resources, 66% of breaches took months or even years to discover in the first place.

Data breaches and lost/stolen passwords are a looming challenge of our times. Traditional forms of authentication haven’t changed much in decades and passwords are already obsolete.

Now more than ever, we need digital identity infrastructure that’s secure and sustainable — that scales with modern internet ecosystems.

#The future

At Magic, we believe the solution starts with developers.

Instead of deferring responsibilities to end-users to improve their own security hygiene with things like password managers, Magic makes it plug and play for developers to add secure, passwordless login, like magic links and WebAuthn, to their applications. Users are no longer exposed to password-related risks from the very start.

So, what makes Magic authentication unique? Instead of usernames and passwords, Magic uses public and private keys to authenticate users under the hood. A decentralized identifier is signed by the private key to generate a valid authentication token that can be used to verify user identity.

Traditionally, usernames are publicly recognizable identifiers that help pinpoint a user, whereas passwords are secrets that were created by the user and are supposed to be something only they know.

You can think of public and private keys as materially improved versions of usernames and passwords. The public key is the identifier and the private key is the secret. Instead of being created by users and prone to human error (e.g. weak/reused passwords), the key pair is generated via elliptic curve cryptography that has proven itself as the algorithm used to secure immense value sitting on mainstream blockchains like Bitcoin and Ethereum.

Using blockchain key pairs for authentication gives Magic native compatibility with blockchain, supporting over a dozen blockchains. This enables blockchain developers to use Magic SDK to provide user-friendly onboarding experiences to mainstream users and tap into the potential of the rapidly expanding blockchain industry that is growing 56.1% year over year and projected to reach $69.04 billion by 2027.

The key pairs are also privacy-preserving (no personally identifiable information) and exportable. This allows user identity to be portable and owned by users themselves (self-sovereignty). The world is already moving towards this direction with novel solutions from companies like Workday and Microsoft.

We’re first committed to enabling a passwordless future, by providing developers with the easiest way to integrate passwordless login methods into their applications, paving the way to eventually encourage worldwide adoption of decentralized identity.

#We’re hiring!

To accelerate our momentum, we are growing our team! We are hiring across the board — engineering, product, research, and marketing.

We are a diverse team with experience working at leading tech companies such as Stripe, Docker, Amazon, Auth0, Box, and Apple.

You can check out our openings on our careers page. If you’re excited about our mission and don’t see a role that matches your skills, please write to [email protected] and share how you can help.

To our customers, community, and investors: we’re incredibly grateful for your support. Absolutely thrilled to be on this journey together and can’t wait to share what’s in store for you all!

Onward! 🔥