Social Recovery

Effective social recovery relies on a well-configured guardian set. Common configurations include:

• Personal Contacts: Trusted friends or family members.
• Institutional Guardians: Services like Coinbase Custody or other regulated entities.
• Hardware Devices: Other hardware wallets owned by the user.
• Time-Delay: A mandatory waiting period (e.g., 1-7 days) is often added after a recovery request to prevent coercion, allowing the legitimate owner to cancel if it's fraudulent. The security model shifts from securing a single private key to managing trusted social and institutional relationships.

The recovery flow is a multi-step, on-chain process designed for security:

1. Initiation: The user (or a designated recovery address) submits a recovery request to the wallet contract.
2. Guardian Approval: Guardians individually sign approval transactions. The contract tracks these signatures.
3. Threshold Met: Once the predefined recovery threshold (e.g., 3 out of 5 guardians) is reached, the contract enters a finalization state, often with a mandatory time-delay.
4. Execution: After the delay, anyone can execute the recovery transaction, which updates the wallet's official owner to the new address.

Social recovery systems are built on specific cryptographic and smart contract primitives:

• Multi-signature Schemes: The guardian approval process is a form of M-of-N multisig.
• Account Abstraction: Enabled by ERC-4337, allowing smart contract wallets to be first-class citizens on Ethereum, making social recovery more seamless.
• Recovery Modules: Upgradeable smart contract modules that handle the guardian logic, separate from the core wallet logic, allowing for flexibility and improvements.

While powerful, social recovery introduces new complexities:

• Guardian Availability: Guardians must be reachable and technically capable when needed.
• Social Engineering Risk: Attackers may target guardians instead of the primary key.
• On-Chain Costs: Recovery transactions require paying gas fees, which can be significant.
• Centralization Trade-offs: Using institutional guardians re-introduces points of centralization and potential censorship, counter to crypto-native ideals.

Social recovery is often implemented using Shamir's Secret Sharing (SSS), a cryptographic algorithm that splits a private key into multiple shares. The original key can only be reconstructed when a predefined threshold (e.g., 3-of-5) of these shares are combined. This eliminates the single point of failure inherent in traditional seed phrases, as no single guardian holds the complete secret. The security shifts from protecting one secret to ensuring the integrity and availability of the guardian set.

The primary trade-off is between delegated trust and absolute self-custody. Users must trust their guardians (friends, family, institutions) to act honestly and be available for recovery. This introduces social and operational risks absent in pure non-custodial wallets. The trade-off is considered favorable for most users, as the risk of losing a private key often outweighs the risk of a coordinated attack by one's trusted circle. It represents a pragmatic middle ground between self-custody and custodial services.

The security of the system is directly tied to the guardian set. Critical considerations include:

• Diversity: Guardians should be independent (not all from the same family, company, or jurisdiction) to mitigate correlated failures or attacks.
• Liveness: Guardians must be reachable and technically capable to sign recovery transactions when needed.
• Attack Surface: An attacker must compromise multiple guardians (meeting the threshold), which is harder than attacking one individual but creates a broader attack surface. Social engineering attacks against guardians become a new threat vector.

Poor implementation can undermine the cryptographic security. Key risks and mitigations are:

• Centralization Risk: Using a single provider's smart contract for all wallets creates a systemic risk. Opt for audited, non-upgradeable, and widely used contracts.
• On-chain vs. Off-chain Guardians: On-chain guardian addresses (smart contracts, DAOs) are always available but may have gas costs. Off-chain guardians (EOAs) are simpler but must be online.
• Recovery Delay: A mandatory time delay (e.g., 48 hours) before recovery executes allows the legitimate owner to cancel fraudulent recovery attempts, adding a critical security layer.

Social recovery and multi-signature (multisig) wallets both use threshold signatures but differ in purpose and use case:

• Purpose: Social recovery is for key loss prevention (a recovery mechanism for a single-user wallet). Multisig is for transaction authorization (managing assets owned by multiple entities, like a treasury).
• User Experience: Recovery is a rare, emergency action. Multisig requires multiple signatures for every transaction.
• Guardians vs. Signers: Recovery guardians are typically inactive until needed. Multisig signers are actively involved in daily operations.

A cryptographic technique that distributes the signing power of a private key across multiple parties. No single party holds the complete key, requiring a threshold of participants to collaborate for transaction authorization. This is a foundational technology for many custodial wallets and institutional security solutions, providing a balance between security and availability without relying on a social graph.

The standard, non-social alternative for wallet recovery. It is a mnemonic phrase (typically 12 or 24 words) generated from the BIP-39 standard that acts as the ultimate backup for a hierarchical deterministic (HD) wallet. Losing this phrase means irrevocable loss of funds, which is the key problem social recovery aims to solve by removing this single point of failure.

The trusted entities or devices in a social recovery system authorized to facilitate wallet recovery. Guardians can be:

• Other personal devices (phones, hardware wallets).
• Trusted friends or family members.
• Institutional services acting as a fiduciary. The security model assumes a majority of guardians (e.g., 3-of-5) remain honest and accessible. Careful selection and distribution of guardians is critical to prevent collusion or loss.

A cryptographic algorithm often used as a technical underpinning for social recovery schemes. It splits a secret (like a private key) into multiple shares. The original secret can only be reconstructed when a predefined threshold number of shares are combined. This allows for secure, distributed backup without any single guardian holding sufficient information to compromise the wallet independently.