Login Sign Up
Preview Mode
You're viewing a live demo. All values shown are zero β€” create an account to see your real data.
Login Sign Up
Back to Dev Notes
Dev Update 005 β€” Social Recovery: Building the Safest Key Recovery System in CryptoΒ πŸ“…

Dev Update 005 β€” Social Recovery: Building the Safest Key Recovery System in CryptoΒ πŸ“…

Jun 20, 2026 26 views

Hey Unchained Community,

Private key loss is the single largest cause of permanent, unrecoverable fund loss in crypto. It's not a fringe problem β€” it represents billions in locked assets across the ecosystem. The Social Recovery Protocol is built to solve this without reintroducing custodial risk.

The Core Design

Social recovery works through a guardian system. A wallet owner designates between 3 and 10 guardian addresses β€” these can be trusted individuals, institutional accounts, or secondary wallets the owner controls. A recovery threshold is set (for example, 3-of-5). A timelock delay is configured (the default is 7 days, though this is user-adjustable).

If the owner loses access to their wallet, they or any guardian can initiate a recovery. Each guardian signs a transaction approving a new wallet address. Once the threshold of approvals is met, the timelock begins. After the delay, the contract executes the transfer of assets to the new address.

What Guardians Can and Cannot Do

This is the most important design constraint in the protocol: guardians never have direct access to funds. They can only vote to approve a recovery to a specific new address. They cannot initiate transfers, they cannot redirect funds to themselves, and they cannot bypass the timelock. The only thing a guardian signature does is contribute toward a threshold count. Funds don't move until the threshold is met and the timelock expires.

The Cancellation Window

If a malicious recovery is initiated β€” for example, if a guardian is compromised or coerced β€” the original owner can cancel the pending recovery at any time before the timelock completes, provided they can sign a cancellation transaction. This is the path that current internal testing is focused on hardening. The cancellation instruction needs to be clean, fast, and unambiguous. It also needs to work correctly in cases where the recovery is partially through its timelock and a second recovery attempt is initiated simultaneously.

The Non-Technical Path

For users who can't manage on-chain guardian addresses, the protocol includes a social fallback option: email addresses that receive recovery links using threshold cryptography. The on-chain contract still handles the actual recovery β€” the email layer is just an access interface. The security model doesn't change. The barrier to entry does.

The Solana Unchained Dev Team