Thefts and losses are some of the major barriers to the mass adoption of cryptocurrencies. Every year millions of dollars are lost to scammers, hackers, and wallet security exploits. No wallet is 100% secure despite the marketing pitches of some hardware wallet manufacturers.
Ledger users have suffered badly in recent months following the massive data breach from company servers. Hardware wallets can and have been emptied and the company has done very little to recompense its customers or even investigate these thefts.
Better security solutions are desperately needed, and Buterin thinks social recovery wallets are a step in the right direction.
What is a Social Recovery Wallet?
A newer type of smart contract wallet called a social recovery wallet can potentially provide a high level of security and much better usability than previous options.
Buterin acknowledges that hardware wallets are not the solution as users must rely on the company that manufactures them. They continue to be a magnet for hackers and scammers and are still a single point of failure.
“The ratio of funds stolen to number of devices compromised is very high.”
Multi-signature wallets are one step towards better security but social recovery wallets could take things even further, added Buterin.
A social recovery system has a single ‘signing key’ that can be used to approve transactions and a set of at least three or more ‘guardians,’ of which a majority can cooperate to change the signing key of the account.
Buterin added that the wallet would operate like normal, with a single key signing transactions, but its security feature would come into play if there was a loss;
“The user can simply reach out to their guardians and ask them to sign a special transaction to change the signing pubkey registered in the wallet contract to a new one.”
The selection of ‘guardians’ could also add to the security as only trusted people would be given access. To reduce the risk of attacks on guardians and collusion, they do not have to be publicly known, and they do not even need to know each other’s identities.
Vaults for Extra Security
Security can be extended with the use of vaults alongside social recovery wallets by preventing losses of signing keys due to hacks or phishing attacks. Vaults with delays on transactions and limited financial capabilities could increase security further.
Buterin mentioned that the only two wallet providers currently offering some form of social recovery are Argent and Loopring, which recently launched Layer 2 liquidity mining. He concluded that security needs to be more of a focus, and a move to L2 solutions such as rollups could further bolster security going forward.
“An ecosystem-wide mass migration to rollups is as good an opportunity as any to reverse the Ethereum ecosystem’s earlier mistakes and give multisig and smart contract wallets a much more central role in helping to secure users’ funds.”