What is a Social Recovery Wallet?

Think back for a second on what happens when you forget your password to an online service.

You click “Forgot password”, and the service emails you a link to help you recover your password. It only takes a few clicks for everything to go back to the way it was.

This is social recovery at play. It’s easy and reliable. But what happens when you don’t have access to your email?

Unless you’ve given your lawyer your email password (just in case), you’ll most likely lose access to all the online services that depend on you having access to your email.

This unfortunate case is akin to losing your crypto wallet’s recovery phrase. This is a major setback for many people wanting to get into crypto. In this article, we’ll discuss this in more depth.

Mnemonic phrases recover your wallet

In the context of crypto wallets, this is how the “conventional” self-custody system works. When you create a wallet, you are given a set of 12 or 24 English words, in a particular order.

These are what we call mnemonic phrases, and they are the last security layer against total loss of funds.

Your wallet will usually come with an additional layer of protection, such as a PIN or a password, which are more convenient for you to use. But if you need to change your PIN or password, or if you want to migrate your wallet to another device, you will need your mnemonic phrases.

Mnemonic phrases don’t prevent theft

Mnemonic phrases, when kept in a very secure environment, can help you keep your wallet safe. For example, some people put them in a deposit box, or their own household safe, or encrypt them further and have it split among a trusted few.

But no matter how many layers of protection you put on your wallet, if a hacker manages to get all that is required to unlock your wallet, it’s pretty much game over.

For certain, multi-factor authentication or even a multi-sig wallet can further decrease the chance of theft. However, most users won’t find it convenient to approve transactions using multiple wallet keys.

So, what’s the solution?

Solution: Social Recovery Wallets

Social Recovery makes crypto security more intuitive and convenient for ordinary users. Even Ethereum’s creator Vitalik Buterin loves it.

It basically works like this:

• You use the crypto wallet as you normally would. You log in with a password of your choice.
• If you need to spend your crypto, you can authorise the transaction from your wallet, all by yourself.
• On the off-chance that you lose access to your wallet, you don’t have to use the mnemonic phrases for recovery.

You simply let a few of your wallet guardians know that you lost your password. They’ll change your wallet key after they’ve made sure that it’s really you who have made the request.

Not only do we have a system where there is no single point of failure, we also have a social layer which makes crypto more human-friendly and easy to use for ordinary people. 

Who can be your wallet guardians?

The guardians for your social wallet can literally be anyone, even other devices controlled by you. Most crypto users will likely use a trusted third-party of their choice, from their close inner circles to institutions. 

After the March 2023 Ethereum update (EIP-4337) which introduces “account abstraction”, social wallets have become a simpler proposition.

Many predict that institutions, and even Web2 companies, would get involved in becoming one of the guardians for their branded wallets.

For example, a user could easily hit the Recover Wallet button, and they’ll walk through an automatic authentication system that will determine if the requester is really the owner of that wallet. 

Where can your wallet guardians be?

Guardians don’t have to know each other, and that is preferred.

This will prevent either:

1. A collusion of the guardians against their client, or
2. A targeted attack on each guardian.

Guardians can even be chosen from a pool of freelancing “smart contract lawyers’ ‘ from any geolocation, who don’t know each other, and who are distributed globally. 

Social wallets don’t go against the ethos of decentralisation. Vitalik Buterin also writes that “the goal of crypto is to give people access to cryptographic and economic building blocks that give people more choice in whom to trust, and furthermore allow people to build more constrained forms of trust” .

How does a Social Recovery Wallet work?

Social recovery wallets typically won’t use mnemonic phrases. This variant of social recovery wallets fall under “smart contract wallets” after the EIP-4337 update. However, the same mechanism can also be applied to regular wallets with mnemonic phrases.

A social recovery wallet has a single signing key, which is found in a regular wallet. This means, it doesn’t take multiple wallet owners to sign off a transaction — otherwise, that would have been a multi-sig wallet.

Third-party guardians have the ability to vote on changing the signing key, in case the owner asks for it. If the majority approves, the smart contract executes and the signing key changes (practically, it’s recovered). This means, the owner must choose at least 3 guardians.

The owner can also add or remove guardians after a time delay — most often 24 hours to 3 days.

This delay was set as a precaution in case a hacker manages to outsmart the guardians before they realise their mistake. It’s a critical but wide enough margin for error that should allow the guardians to take action. 

Crypto should be (and will be) human-centric

Crypto technology is still young, but it is maturing fast. It used to be a utopia for cypherpunk hobbyists, and now we’re at the stage where we should be thinking about how to make crypto more accessible and more human-centric.

A completely isolated self-custody is not for everyone. As you accumulate more crypto assets, the stakes become high, and you may need help.

Most people turn to centralised exchanges, thinking that they’ll keep their funds safe. Yes, they could hit the Recover Password button as many times as they please, and the exchanges deliver.

But centralised exchanges are not insured like banks. You just won’t know what they’re doing with the funds you deposit. At best, they’d leave it alone. At the absolute worst, they’d play the FTX game and run off with your money.

A more balanced approach — social recovery — combines strict and decentralised smart contract code with a human touch. Trust is not anti-crypto.

Autonomy and choice is very crypto — and if you choose who to trust, you are extending crypto’s ethos.

Further reading: Explore all things crypto in our learning hub.