Social Recovery Wallet

What Is a Social Recovery Wallet?

A social recovery wallet is a cryptocurrency wallet design where the owner holds a single signing key for authorizing transactions, while a separate group of trusted contacts (called guardians) can collectively help recover access to the wallet if that key is lost. Crucially, guardians cannot move or spend the wallet's funds: their sole capability is approving a key rotation that gives the owner a new signing key.

The concept was formalized by Vitalik Buterin in his January 2021 essay "Why we need wide adoption of social recovery wallets." Buterin argued that the human brain is poorly suited for memorizing passwords and protecting seed phrases, but excels at maintaining relationships. Social recovery leverages that natural strength: instead of protecting a single secret, you distribute recovery authority across people you trust.

This approach directly addresses the biggest cause of cryptocurrency loss. Billions of dollars in crypto have been lost not to theft but to forgotten passwords, misplaced seed phrases, and destroyed backup devices. Social recovery wallets treat key loss as a recoverable event rather than a catastrophe.

How It Works

A social recovery wallet separates two concerns that traditional wallets bundle together: spending authority and recovery authority.

Normal Operation

During everyday use, the wallet behaves exactly like a standard self-custodial wallet. The owner holds a single signing key (stored on their phone or hardware device) and uses it to approve transactions with one confirmation. Guardians are not involved in normal spending.

Guardian Setup

The owner designates a set of guardians, typically at least three, each identified by a cryptographic address. Guardians can be:

• Friends or family members who hold their own wallets
• A second device or hardware wallet owned by the user
• Institutional guardian services that verify identity before signing
• A paper mnemonic stored in a separate location

The wallet contract stores a hash of the guardian list and a threshold (for example, 3-of-5 or 4-of-7). Guardian addresses do not need to be published on-chain until recovery is initiated, preserving privacy.

Recovery Process

When the owner loses their signing key, recovery follows a defined sequence:

1. The owner (or someone acting on their behalf) contacts guardians and requests that they sign a recovery transaction specifying a new signing key
2. Each guardian independently signs the recovery request, typically through a simple web interface
3. Once the threshold number of guardian signatures is collected, the wallet contract initiates a key rotation
4. A time-lock delay begins (typically 24 to 72 hours), during which the existing signing key can cancel the recovery if it was fraudulently initiated
5. After the delay expires, the new signing key becomes active and the old key is revoked

Simplified Contract Logic

The core mechanism in a smart contract wallet can be expressed as a state machine with two paths:

// Pseudocode: social recovery wallet logic
contract SocialRecoveryWallet {
  address owner;              // Current signing key
  address[] guardians;        // Recovery guardians
  uint threshold;             // Minimum guardian approvals
  uint recoveryDelay;         // Time-lock in seconds

  // Normal operation: only owner can spend
  function execute(tx) {
    require(msg.sender == owner);
    tx.send();
  }

  // Recovery: guardians vote for new owner
  function initiateRecovery(newOwner, guardianSignatures[]) {
    require(guardianSignatures.length >= threshold);
    require(verifyAllSignatures(guardianSignatures));
    pendingRecovery = { newOwner, activatesAt: now + recoveryDelay };
  }

  // Owner can cancel unauthorized recovery
  function cancelRecovery() {
    require(msg.sender == owner);
    delete pendingRecovery;
  }

  // Finalize after time-lock expires
  function finalizeRecovery() {
    require(now >= pendingRecovery.activatesAt);
    owner = pendingRecovery.newOwner;
  }
}

Implementations

Argent (Ethereum and StarkNet)

Argent is one of the earliest and most widely adopted social recovery wallets, launched in 2018. It allows users to designate guardians from their contact list, other wallets, or Argent's own guardian service (backed by two-factor authentication). Recovery requires a majority of guardians to approve, followed by a 36-hour security window before the new key takes effect. The owner's existing key can cancel unauthorized recovery attempts during this window. Argent expanded to StarkNet through Argent X, bringing social recovery to a Layer 2 environment with lower transaction costs.

Loopring Smart Wallet

The Loopring Smart Wallet implements social recovery on Loopring's Layer 2 with a requirement that more than 50% of guardians approve recovery (for example, 2-of-3). Adding guardians beyond the initial two requires a 72-hour delay unless the majority of existing guardians also sign.

In June 2024, 58 Loopring wallets were compromised in a $5 million exploit. Attackers compromised Loopring's two-factor authentication service and used it to bypass the Official Guardian, which was the sole guardian for affected wallets. Wallets that had at least one additional independent guardian were unaffected. The incident demonstrated a critical lesson: relying on a single institutional guardian defeats the purpose of social recovery.

Bitcoin Approaches: Miniscript and Timelocks

Bitcoin lacks the smart contract layer that Ethereum social recovery relies on, but similar outcomes can be achieved using Miniscript and timelocks. The Liana wallet implements a "decaying multisig" pattern: a wallet starts as a standard 4-of-4 multisig, but after a configurable time period (for example, 9 months), the spending conditions relax to 3-of-4. After 18 months, a broader set of recovery keys (such as 2-of-6) can spend the funds.

This approach uses OP_CHECKSEQUENCEVERIFY to enforce the time delays natively in Bitcoin Script, requiring no trusted third party or additional protocol layer. The tradeoff is that recovery keys are defined at wallet creation time rather than being dynamically updatable like Ethereum guardian sets.

Social Recovery vs. Other Backup Methods

Understanding how social recovery compares to alternatives helps clarify when each approach is appropriate:

Social recovery captures the security benefit of multisig (no single point of failure) while preserving the usability of a single-key wallet. Guardians are only involved during recovery events, not during everyday transactions. For a deeper comparison of wallet architectures, see the self-custodial vs. custodial wallets research article.

Why It Matters

Social recovery addresses the fundamental tension in self-custody: users want full control of their funds, but full control means full responsibility for key management. A lost seed phrase is irreversible. A forgotten password with no recovery path means permanent loss. Social recovery offers a middle ground where self-custody is preserved (guardians cannot spend your funds) but key loss becomes a recoverable event.

The growing adoption of wallet SDKs and account abstraction standards (ERC-4337, EIP-7702) is making social recovery more accessible to developers building consumer-facing applications. Ethereum's Pectra upgrade in May 2025 introduced EIP-7702, which allows existing externally owned accounts to delegate to smart contract logic, meaning users can adopt social recovery without creating a new wallet address or migrating funds.

Risks and Considerations

Guardian Collusion

If enough guardians collude, they can authorize a fraudulent key rotation and steal funds. For a wallet with 7 guardians and a 4-of-7 threshold, an attacker would need 4 guardians to discover each other, agree to steal funds, and execute during the time-lock window without the owner noticing. Mitigation strategies include choosing guardians from different social circles, keeping guardian identities secret from each other, and using high thresholds.

Social Engineering

Attackers can target individual guardians with phishing or impersonation to trick them into signing recovery requests. The Loopring incident in 2024 demonstrated this risk: attackers impersonated wallet owners to exploit the centralized guardian service. Guardians should verify recovery requests through a separate communication channel (for example, a phone call) before signing.

Guardian Availability

Guardians may lose access to their own keys, change devices, or become unreachable over time. If enough guardians become unavailable, recovery becomes impossible. Buterin recommends testing guardians multiple times per year. The owner can also add or remove guardians, typically subject to a time-lock delay to prevent an attacker who has compromised the signing key from silently replacing guardians.

Smart Contract Risk

Social recovery on Ethereum depends on smart contract correctness. A bug in the wallet contract could allow bypassing the guardian threshold entirely. Using audited, battle-tested implementations reduces this risk but does not eliminate it. Bitcoin-based approaches using Miniscript avoid smart contract risk by encoding recovery conditions directly in Bitcoin Script, which is verified by the Bitcoin consensus layer itself.

Privacy Tradeoffs

While guardian addresses can be stored as hashes on-chain, the full list is revealed when recovery is initiated. This creates a linkability concern: an observer can see which addresses are guardians after a recovery event. Implementations can mitigate this by having each guardian generate a single-purpose address used only for recovery.

This glossary entry is for informational purposes only and does not constitute financial or investment advice. Always do your own research before using any protocol or technology.