How Not to Lose Your Coins in 2020: Alternative Recovery Methods

Published at: Jan. 21, 2020

When Peter Schiff claimed that his wallet lost his Bitcoin (BTC), many in the crypto community were skeptical. While some believe that Schiff simply lost his password, others, like Ethereum co-founder Vitalik Buterin, highlighted that losing private keys remains an important issue for cryptocurrency users.

Being your own bank is hard

Keeping custody of your own cryptocurrency is quite complex, especially for non-tech savvy users. Most wallets require the user to write down the private key before accessing the wallet. Storing the key can be done by simply writing it down on a piece of paper, a method that is prone to failure through the loss, theft or degradation of the paper.

Using hardware wallets or encrypted digital backups is an alternative, but requires a degree of preparation and technical knowledge that many casual users may find too much to grasp.

In response to Peter Schiff’s loss, Binance CEO Changpeng Zhao argued that storing coins on centralized custodians is safer for most users.

Nevertheless, this inherently goes against the principles of decentralization in the crypto community. Some members pointed to alternative methods developed on Ethereum as a potential solution.

Social recovery

As an alternative to complex storing solutions, the concept behind social recovery is to grant friends, family or even companies the right to restore access to a certain account.

The person losing access to his wallet would be able to call upon “guardians,” pre-selected entities that are authorized to re-assign control of the specific account.

Argent wallet is currently a live implementation of this idea. A user can set other Argent users or even other wallets owned by him as guardians. By default, however, the guardian is Argent itself, using the person’s email and phone as an identity guarantee. Without other guardians this recovery method cannot be removed.

Screenshot from Argent app.

A slightly different method is offered by Ethereum Improvement Proposal (EIP) 2429, developed by Ricardo Guilherme Schmidt and others.

Elaborating on the social recovery concept, it introduces “user secrets” — personal data such as biometrics from fingerprint scanners, a password, or personal information provided in a questionnaire.

This information must then be provided during the recovery process, ensuring that guardians cannot simply collude to steal the user’s wallet. Additionally, the list of guardians is never revealed until the actual recovery procedure is activated.

However, this is still a proposal under development subject to change.

Criticism of social recovery

A commonly cited drawback of social recovery is the reintroduction of trust — this time in friends rather than centralized entities.

Cointelegraph approached Schmidt for clarifications on the EIP. While agreeing that the system isn’t perfect, he maintained that the proposed system is far more trustless than simpler implementations:

“Social recovery is fundamental for adoption, it brings a web2 experience to self sovereign accounts. 

The drawback is having to trust others, however EIP 2429 solves the problems of trusting guardians, so we are again in a trustless system, which is what we all love in Ethereum.”

Elaborating further, Schmidt criticized open multi-signature implementations such as Argent’s for their failure to mitigate collusion. He still believes that they have a place in a setting where extreme transparency is warranted, such as holding public funds. 

Itamar Lesuisse, CEO of Argent, clarified to Cointelegraph that calling its system social recovery is misleading, as it “implies people always have to be involved.” He explained:

“So the method is secure, and literally anyone with a smartphone can use it. Another advantage of this approach is that you can use these trusted entities to protect your wallet beyond just recovery. With Argent you can use them to lock your wallet and approve a large transfer.”

Lesuisse also welcomed the development of EIP 2429, noting that “it improves privacy in the scenario where users choose friends and family as trusted entities.”

Nevertheless, Schmidt conceded that the EIP is not immune to guardians extorting the user to gain access to the wallet, called a “griefing attack” in technical terms. He envisioned this being used in a positive setting, with a guardian company identifying customers and restoring access for a fee. 

Speaking with Cointelegraph, Blockstream CSO Samson Mow criticized Ethereum, noting that the EIP is “largely complexity for the sake of complexity.” He added that social recovery is entirely possible on Bitcoin with existing software, by simply creating a multisig wallet and distributing portions of it to friends.

Nevertheless, Mow is skeptical of the general concept of social password recovery:

“The drawbacks to any social recovery system is really that your social circles change over time, and we live in a universe that tends towards entropy. So, your friends today may no longer be your friends tomorrow, and even if your social circles don't change, your designated guardian may lose their part of your recovery scheme.“

Mow still considers the ability to recover private keys as important, though he referred to hard metal backups — storage devices aimed to be indestructible. According to him, the burden of securing Bitcoin remains with the users:

“The challenge is getting people to understand that they should secure their seed and plan for recovery from day one — social recovery doesn't help in negating the "Schiff Paradox" (people caring about securing their Bitcoin after it's too late) any more than metal backups do.”

Other solutions

Since the early days of Bitcoin, Keybase has offered a private key generation service based on a user’s password and email.

Torus allows users to create Ethereum wallets by logging in with their Google or Facebook accounts. The private key becomes uniquely-associated with that account through some fairly complex assignment mechanisms.

As Schmidt explained, however, solutions based purely on personal secrets are extremely difficult to secure:

“In Web2 is safe to have a 8 password, because the authenticating server will block bruteforce attempts [...] None of this is possible in blockchain, and using an 8 digit password as seed phrase, is probably an instant loss of funds, because is very likely that low entropy addresses are being constantly monitored.”

Tags
Adoption
Bitcoin
Ethereum
Business
Wallet
Security
Hardware Wallet
Related Posts
Brave launches browser-native crypto wallet to combat fake extensions
Privacy-oriented browser Brave continues to deepen its commitment to cryptocurrency adoption by replacing its extension-based cryptocurrency wallet with a browser-native one. The company announced to Cointelegraph on Tuesday that it is prepping the official launch of Brave Wallet; a self-custody cryptocurrency wallet built into the Brave desktop browser, enabling users to store and buy cryptocurrencies like Ether (ETH). Brian Bondy, chief technology officer and co-founder at Brave, told Cointelegraph that the new wallet replaces Brave's MetaMask extension fork named Crypto Wallets. According to the CTO, the new implementation that was "built from scratch, natively into the Brave Browser.” The new …
Adoption / Nov. 16, 2021
Ledger partners with The Sandbox to promote crypto education in metaverse
The cryptocurrency hardware wallet provider Ledger has partnered with The Sandbox blockchain game to promote crypto education in its virtual world. Ledger’s chief experience officer Ian Rogers announced the news at the Non-Fungible Conference (NFC) on Monday. He said that the new partnership aims to bring security into The Sandbox’s world and also provide Ledger with a place in The Sandbox (SAND) to educate people about crypto. Rogers thanked The Sandbox and the company’s co-founder and chief operations officer Sebastien Borget for this opportunity, noting that Ledger will provide SAND owners with custom Ledger Nanos as part of the partnership. …
Adoption / April 4, 2022
Hardware crypto wallet sales increase as centralized exchanges scramble
Blockchain analysis firm Glassnode recently characterized the 2022 bear market as the worst on record. This seems to be the case due to events such as the war in Ukraine and rising inflation, coupled with serious problems among centralized crypto exchanges. Yet, the bear market hasn’t negatively impacted all players in the crypto ecosystem. Hardware wallet providers seem to be benefiting from the massive amount of crypto withdrawals from centralized exchanges. Pascal Gauthier, CEO of hardware wallet crypto firm Ledger, told Cointelegraph that the company’s revenue dropped about 90% during the 2018 crypto winter, but this hasn’t been the case …
Decentralization / July 6, 2022
Organizations look toward multiparty computation to advance Web3
Protecting user data and private keys is crucial as Web3 advances. Yet, the number of hacks that have occurred within the Web3 space in 2022 alone has been monumental, proving that additional security measures, along with greater forms of decentralization, are still required. As this becomes obvious, a number of organizations have started leveraging multiparty computation, or MPC, to ensure privacy and confidentiality for Web3 platforms. MPC is a cryptographic protocol that utilizes an algorithm across multiple parties. Andrew Masanto, co-founder of Nillion – a Web3 startup specializing in decentralized computation – told Cointelegraph that MPC is unique because no …
Decentralization / Aug. 16, 2022
You can now search ETH addresses on Google — But what about Bitcoin?
Google’s latest crypto feature enables some Ethereum wallet addresses to have their ETH balances tracked straight off of the Google search engine — saving the need to make the trip to Etherscan. The feature was first made public by the Principal of Google Ventures Han Hua in an Oct. 11 Twitter post. Well done, blockchain address is now available in Google Search! pic.twitter.com/7IuKv1gddR — Han⚡️ (@hhua_) October 11, 2022 But Cointelegraph’s attempt to search for a Bitcoin address revealed a no-show on Google. Angel Investor Stephen Cole was not impressed, tweeting "Does Google not know about Bitcoin?" Cointelegraph also tried …
Adoption / Oct. 12, 2022