Elytro
All guides

With your agent

How Social Recovery works

Set recovery contacts, optionally export a recovery backup, then start a recovery when you lose access. Contact signature → countdown → complete.

Elytro team

Summary

Social Recovery lets you regain access if you lose your device or vault key. You add one or more recovery contacts on-chain, then export a recovery backup JSON and store it somewhere safe. If you ever lose access, you start a recovery from the CLI, your recovery contact signs in a separate web recovery app, and an anti-hijack countdown begins. After the countdown elapses, recovery can be completed and you should regain access.

How Social Recovery works

  1. Add recovery contacts: you choose trusted wallets (a friend, a second device, or a multisig) and a threshold (for example, 1-of-1 or 2-of-3). This is an on-chain config change.
  2. (Optional) Export a recovery backup: the CLI can export a JSON file with your configured recovery contacts and threshold. It’s not required to run recovery, but it’s useful if you want portability (e.g. setting up on another machine) or you want a clean record of the exact contact set you configured.
  3. Initiate recovery: your agent starts a recovery through Elytro (approval-required). Elytro returns a recovery URL that’s specific to this recovery attempt.
  4. Recovery contact signs in the web app: you share the recovery URL with your recovery contact. They open it and sign the confirmation in the recovery web app at recovery.elytro.com (a separate UI from the CLI).
  5. Wait out the anti-hijack countdown: once the threshold is met, the recovery enters a countdown window (default 48 hours). This delay exists so you have time to react if a recovery is initiated by an attacker.
  6. Complete recovery & verify: when the flow reaches executed/completed, verify you regained access by checking chain, balance, and security status.

Ask your agent

Ask your agent

Help me set up Social Recovery for my Elytro wallet. Requirements: - I want 1 recovery contact to start (threshold 1). - Explain what will be written on-chain before running any approval-required command. - After setup, export a recovery backup file and tell me exactly where to store it safely.

Ask your agent

Start a new recovery for this wallet address. Tell me what link I should send to my recovery contact, and what they will be asked to sign in the recovery web app.

Ask your agent

My friend already signed. Check recovery status, explain what phase we are in (collecting signatures vs countdown vs executable/executed), and what I should do next.

Ask your agent

After recovery is complete, confirm I regained access by checking balance and security status. Keep the output short but include chain + balance.

What to check (so it’s actually safe)

  • Recovery contacts are real wallets you trust (a friend, a second device, or a multisig). Don’t use a random address.
  • Threshold matches your intent (e.g. 1 of 1 is easy but has no redundancy; 2 of 3 is safer).
  • If you export a recovery backup, store it somewhere reliable (encrypted drive / password manager / offline backup). Don’t leave the only copy on the device you might lose.
  • Recovery start is approval-required because it changes on-chain recovery state.
  • Your recovery contact is signing on the official recovery surface (and not a lookalike domain). Double-check the URL before sharing.

How it feels in practice

The agent-driven flow usually looks like:

  • Set recovery contacts / threshold (approval-required).
  • Export a recovery backup JSON (save somewhere safe).
  • When you lose access: ask your agent to initiate recovery, then send the recovery URL to your recovery contact.
  • Recovery contact confirms in the recovery web app (wallet signature / transaction as prompted).
  • Recovery status moves into a countdown window (anti-hijack delay).
  • Once complete: verify access by checking balance and security settings.

If something goes wrong

  • “Keyring is locked” / can’t run recovery: run elytro init first on the machine running the agent’s CLI session, then retry.
  • Recovery contact signed but status didn’t change: refresh recovery status and confirm they signed the same recovery ID (not a different link).
  • Countdown surprises you: it’s intentional. The delay is there so you have time to notice and respond if someone tries to hijack recovery.

Further reading