Introducing free wallet recovery

No gas fee. No seed phrase.

Tagged

Edward Wilson

Oct 3, 2024

Quick summary

We’ve built an additional - and free - way for you to recover an Argent wallet. You don’t need to pay any Ethereum network fees (gas), unlike with our existing method.

You still never need a seed phrase.

As with our guardian-based method, the new recovery process is secure, simple and puts you in control. It will also be the method used for our Layer 2 wallet, which is in beta now.

The new recovery method is rolling out for iOS and Android and will be available to all by the end of the week. iOS wallet owners can update manually via the App Store before then if they wish. (The Play Store doesn't have a similar option).

In this post, we'll explain how our new recovery method works, starting with a recap of our existing approach.

How does Argent’s existing recovery method work?

When we launched in 2018 we pioneered social recovery. This lets you recover your wallet using guardians, meaning people or devices you trust, such as a family member or a hardware wallet. 

Guardians are on-chain and made possible by smart contracts. They’re much easier to use and more secure than crypto’s default alternative, seed phrases. (You don’t have to take our word for it; here’s Vitalik Buterin’s post on social recovery’s advantages).

The downside to social recovery though is that, as it's on-chain, it requires gas. These gas fees have soared due to Ethereum’s rising popularity. It regularly now costs over $100 to recover a wallet. 

We’ve therefore built an alternative recovery method. One that’s also highly secure, simple to use, and fully non-custodial. 

It's opt-in for existing users; future users get the option automatically. Both existing and future users can continue to use the older method if they prefer (they'll have to pay the gas fee though). 

The new, off-chain recovery method 

The new process combines encryption and Cloud storage. As with recovery with guardians, we built it to protect you even if an attacker somehow seizes control of your device. Argent is the only wallet that offers this level of security. Here's how to use it.

Opt-in to the new approach (before you lose your device)

Existing wallet owners need to enable the new method before they can make a recovery with it. You need to do this before you lose your device. To set it up, you'll either see a prompt when you open Argent or you can tap:

  1. The account switcher icon (top left of home screen)
  2. 'Settings'
  3. 'Wallet Recovery'
  4. Enable 'Recovery with iCloud / Google Drive' (depending on your device)

To recover your wallet

  1. Download Argent on your new device
  2. Tap 'I have an Argent wallet'
  3. Enter the email address you use for your Argent wallet
  4. Choose 'Recover with iCloud / Google Drive'
  5. Complete two-factor authentication using email and SMS
  6. Wait for the 48 hour security window to complete (this gives you time to cancel the recovery if you want)
  7. Done. 

You can always fall back to a recovery with guardians (with a gas fee) if needed.

   

               

Behind the scenes there are multiple layers of security to keep your assets safe and in your control.

How does the new recovery process work?

The new recovery process uses encryption and cloud storage to ensure that your private keys are protected. It works as follows.

When you enable ‘Recovery with iCloud / Google Drive’, the Argent app generates a random “key-encryption-key” (KEK) that is unique to you. (A KEK is a cryptographic key that is used for the encryption or decryption of other keys).

Your KEK will encrypt your private keys (plural because it applies to both Layer 1 and Layer 2 private keys, even if you only have one type of wallet). 

The encrypted private keys are then stored in your iCloud / Google Drive under your control. Your KEK, meanwhile, is sent to Argent (meaning the company’s infrastructure, not the app). 

This split gives you added protection. If anyone gets access to your iCloud or Google Drive, they can’t decrypt your keys without the KEK that Argent has. And if a malicious actor gets access to our infrastructure, they won’t be able to access your wallet as they won’t have your encrypted private keys.

When you need to recover your wallet, the first thing that will happen is that the Argent app will try to detect your encrypted private keys stored on iCloud / Google Drive. If they’re detected, two-factor authentication is used to verify that you’re the legitimate wallet owner. 

Once this is complete, a 48 hour recovery window starts. This is an additional security layer that gives you time to cancel it if you wish via your Argent security centre (security.argent.xyz). 

After 48 hours, your KEK is securely transferred to your device, which will decrypt and recover your private keys. This gives you back access to your wallet.

New Argent recovery flow

At no point will Argent have access to your funds or your private keys, and we will never ask for them.  

FAQs

The following section covers some likely questions we imagine people may have.

What happens if I lose access to my cloud storage or delete my encrypted keys?

You’ll always be able to recover your wallet using social recovery with guardians. 

If you haven’t activated your Argent Vault (our existing, Layer 1 wallet) as you only have a L2 zkSync wallet, you’ll need to activate your L1 wallet. This will require a gas fee but will let you recover successfully from there. 

Once you’ve recovered your wallet, you can set up off-chain recovery again. 

Can Apple or Google delete my encrypted private keys?

In the extremely unlikely event that Apple or Google deleted your encrypted private keys, you could always recover your account by using guardians. 

Can Apple or Google take my assets?

No. Accessing your assets requires the encrypted keys stored on the cloud and the KEK that Argent holds. We can always delete your KEK if you suspect someone getting into your cloud storage. 

How can I recover my wallet if iCloud or Google Drive goes down?

You can use social recovery (with gas) or wait until cloud storage goes back online.

Can I use separate email addresses for Argent and cloud storage?

Yes. The email you use for Argent and the cloud storage can be different. 

Can I disable the off-chain recovery method for my wallet?

For existing users, it's opt-in. For future users, it will be set up automatically, but you can just delete the encrypted keys from your cloud storage and disable it that way.

How is it different from Cloud-based recovery using standard Ethereum wallets?

With some standard Ethereum wallets, you have a password that encrypts your seed phrase. It is used to unlock your wallet. If you lose your password and seed phrase, you lose everything.

What happens if I’m a victim of a SIM swap scam - can they recover my wallet?

We’ve made sure to layer up security throughout the recovery process to eliminate a single point of failure like a SIM swap. 

For a hacker to access your wallet, they will need your encrypted private keys stored on either iCloud or Google Drive, details for your two-factor authentication and they would have to wait 48 hours before the KEK that Argent stores gets sent to the Argent app to unlock your wallet. 

If the recovery process for your wallet has been fraudulently triggered, you can cancel the request within 48 hours in our security centre. This is why we have the 48 hour recovery period.