Social Recovery
How does Base’s social recovery method work? This lets you recover your wallet using guardians, people, or devices you trust, such as a family member or a hardware wallet.
We’ve therefore built several alternative recovery methods that are highly secure, simple to use, and fully non-custodial.
Wallet recovery methods
There are three types of wallet recovery methods:
On-chain paid social recovery
Free off-chain recovery
Free off-chain wallet recovery with on-chain guardian recovery fallback
On-chain paid social recovery
As it's on-chain, it requires gas. These gas fees have soared due to the chain’s rising popularity. The Base wallet is recovered via an on-chain vault. If 50% of guardians approve the recovery, then you will get back the wallet after you pay the gas fees for recovery.
Free off-chain recovery
The new process combines encryption and Cloud storage. As with recovery with guardians, we built it to protect you even if an attacker somehow seizes control of your device. The Base Wallet is the right wallet that offers this level of security.
Social recovery is to set up a guardian for your contract wallet using your real social relationships. When you lose your wallet, you can recover the contract with 50% of the guardian's approval (but you need to pay a certain amount of gas).
Free off-chain wallet recovery with on-chain guardian recovery fallback
The new process combines on-chain guardian fallback and off-chain Cloud storage. As with recovery with guardians, we built it to protect you even if an attacker somehow seizes control of your device.
To recover your wallet
Download Base on your new device
Tap 'I have a Base wallet'
Enter the email address you use for your Base wallet
Choose 'Recover with iCloud / Google Drive' (If the encrypted key is not found, the on-chain scheme will be executed)
Complete two-factor authentication using email and SMS
Wait for the 48-hour security window to complete (this gives you time to cancel the recovery if you want)
Done.
For a hacker to access your wallet, they will need your encrypted private keys stored on either iCloud or Google Drive, details for your two-factor authentication and they would have to wait 48 hours before the KEK that Base stores gets sent to the Base app to unlock your wallet.
If the recovery process for your wallet has been fraudulently triggered, you can cancel the request within 48 hours in our security centre. This is why we have the 48 hour recovery period. You can always fall back to recovery with guardians (with a gas fee) if needed. Behind the scenes, there are multiple layers of security to keep your assets safe and in your control.
How it works
The new recovery process uses encryption and cloud storage to ensure that your private keys are protected. It works as follows.
When you enable ‘Recovery with iCloud / Google Drive’, the Base app generates a random “key-encryption-key” (KEK) that is unique to you. (A KEK is a cryptographic key that is used for the encryption or decryption of other keys).
Your KEK will encrypt your private keys (plural because it applies to both Layer 1 and Layer 2 private keys, even if you only have one type of wallet).
The encrypted private keys are then stored in your iCloud / Google Drive under your control. Your KEK, meanwhile, is sent to Base (meaning the company’s infrastructure, not the app).
This split gives you added protection. If anyone gets access to your iCloud or Google Drive, they can’t decrypt your keys without the KEK that Base has. And if a malicious actor gets access to our infrastructure, they won’t be able to access your wallet as they won’t have your encrypted private keys.
When you need to recover your wallet, the first thing that will happen is that the Base app will try to detect your encrypted private keys stored on iCloud / Google Drive. If they’re detected, two-factor authentication is used to verify that you’re the legitimate wallet owner.
Once this is complete, a 48-hour recovery window starts. This is an additional security layer that gives you time to cancel it if you wish via your Base security center.
Introducing Guardians
A guardian is an account on the Ethereum blockchain that you give permission to help you with limited security actions. A guardian never has access to your assets.
A guardian can be:
A hardware wallet, for example, a Ledger.
A MetaMask account
A person you’ve selected because you trust them (e.g. a friend or family member).
Base's two-factor option, this automated solution uses 2-factor authentication via phone and email.
You can pick and choose any combination you like.
Changing guardians
You can change your guardians with just a couple of taps of the app. Changes take 36 hours to come into effect. The delay gives you time to prevent any unwanted changes by locking your wallet.
The only time there's no delay is when adding a first guardian. This is to ensure you can benefit from the security they bring as soon as possible.
Hardware Wallet Combined
How to use your hardware wallet with Base?
A unique benefit of Base is that you can combine it with your hardware wallet to give you unrivaled security while letting you enjoy one-tap access to DeFi. This is one reason why there are multiple Base users with over $1 million in their wallets.
So how can your hardware wallet help to protect your Base wallet? In short, you can use it to lock, recover and approve large transfers on Base. You can then use Base as your gateway to DeFi, with super simple access to Uniswap, Aave, Compound, and more.
Make your hardware wallet your 'Guardian'
The first step to using your hardware wallet to protect your Base wallet is to choose it as your 'Guardian'.
To add your hardware wallet as a Guardian, simply follow these steps:
Open the Base Wallet
Tap the "Security" tab
Tap "Guardians"
Tap "Add Guardians"
Tap "Hardware wallet" and then "Add as Guardian"
Follow the instructions on the screen
Base Wallet supports the following hardware wallets: Ledger, and KeyStone.
Last updated