Is Social Recovery the Answer to Losing Your Seed Phrase?
Would you trust five friends to help guard your crypto stash?
That’s the premise of so-called social recovery, one solution to accessing your wallet should you lose that 12- to 24-word seed phrase.
The most common execution lets users nominate five wallets they trust—sometimes called guardians—that are responsible for helping recover their wallets. When you need the service, three of the five wallets must sign a transaction that’ll grant you access to your account.
It’s important to note, though, these parameters are not set in stone. A user could change any of these variables to require 100 guardians, for example.
“The general term means: this is an account and someone can do something when the original person no longer has access to it,” Victor Zhou, Ethereum EIP Editor, told Decrypt on Zoom.
The service garnered renewed attention after Ledger attempted to roll out its subscription-based seed phrase recovery service. Instead of five or 100 friends helping you access your locked funds, the wallet provider shatters your seed phrase into three pieces, storing each piece with Ledger and two other companies.
The launch was bumpy, to say the least. Users flocked to Twitter to make their security concerns known, with one user even burning his wallet after smashing it with a hammer.
The outrage settled once the French wallet provider eventually hit pause on the rollout.
Despite the outrage, it remains a major issue facing the crypto industry. Different projects have introduced different flavors of seed phrase recovery, with some opting for close friends and family to assist while others turn to centralized entities or even DAOs they trust.
“Some people think that the trustee can be a big player, like [a company] that is providing such a service,” said Zhou. “Some people believe that social recovery should work when somebody passes away. Or when a company no longer exists, they can transfer [the wallet] into the hands of someone who is a successor.”
Account abstraction refers to turning your crypto wallet into a smart contract wallet, which grants new functionality like gasless transactions, batch transactions, and social recovery.
EIP-4337 is the Ethereum standard that has been approved that outlines one way to enable account abstraction on the network.
As a result, we’ve started to see individuals using EIP-4337 to create social recovery solutions for themselves as well as wallet providers—like Argent and Safe—offering social recovery capabilities to their customers.
What’s the downside?
Making crypto wallets easier–and safer to use for newcomers–is a key hurdle for the industry.
That doesn’t mean that social recovery is the end-all-be-all of solutions.
If done incorrectly, social recovery can spell disaster for users.
For starters, trusting any number of actors with the ability to recover your seed phrase is risky. It opens you up to the potential risk of coercion from your guardians, for example. Trusting five people with the ability to recover your keys is only as strong as your relationship with them.
This also leads to another downside: Lack of scalability.
It’s rare for individuals to know five people that they would trust to this level who are also savvy enough to navigate the nuances of crypto security.
Equally, the user experience of setting up social recovery is not often newbie friendly.
As a result, social recovery is mostly being utilized by developers and crypto-native companies.
Still, Chainstack’s product director Vasily Rudamanov says the technology will hit the mainstream within months. His firm is helping enable “top 10 non-custodian wallets” to offer account abstraction to their users.
“It’s not rocket science to implement the security required,” Rudomanov told Decrypt. “[It’s not only about] creating the most secure thing from a source code perspective but what is perceived as the most secure way from a human perspective.”
Social recovery should be ‘temporary’
While some big players may be moving towards a world where social recovery is the norm, is it really the answer to seed phrase recovery?
Richard Meissner co-founder of Safe—a wallet that enables users to set up social recovery—thinks not.
“For me, the key part is that social recovery is just a temporary thing,” Meissner told Decrypt on Zoom. “We were in Tokyo a month ago for the hackathon. And there, you could see a lot of prototypes using ID cards, using zero-knowledge proofs, and where you can suddenly go into workflows which feel a lot more normal to Web2 users.”
Zero-knowledge proofs (ZKPs) allow for statements to be validated without revealing the detail that makes the statement true. For example, someone attempting to verify that you are a citizen of the U.S. can confirm through a zero-knowledge proof without having to directly look at your passport or ID.
Currently, Meissner trusts the SafeDAO as his guardian, rather than five friends.
“If I ever want to recover [my wallet], I would have to convince the DAO to recover my Safe.” Meissner said, “We have seen projects which are looking to provide this service as a DAO, to provide recovery services. Then it’s not really an institution, and it’s not really social recovery.”
This is a potential future that Meissner sees: both DAOs and traditional organizations building trust within the industry to help provide recovery services—either as a sole guardian or one of many. The Safe co-founder calls this Hybrid Custody.
What’s ironic, is that this isn’t too far off from what Ledger attempted to offer with their recovery service. Users who opt-in to Ledger Recover have to trust Ledger alongside two other companies as their guardians who would help recover their keys using ID verification.
What went wrong was the lack of education, poor communication, and the lack of choice with guardians.
Ledger Recover was a PR disaster but the tech behind it wasn’t too far from solutions that exist today.