search
Help Center

Recovery Mechanisms

Users are often lazy with security. We apply "Progressive Security": We don't force setup at onboarding. Instead, we trigger a "Health Check" prompt once the account balance exceeds $10, nudging users to set up a recovery method.

Mechanism 1: Self-Custody Backup Key (The Gold Standard)

  • Setup: User selects "Backup Code" -> System generates a standard 12-word Seed Phrase (or Private Key) - >User writes it down or saves it to a Password Manager.

  • Usage: On a new device, choose "Restore with Backup Code" -> Enter the 12 words -> System derives the key and allows setting up a new Passkey.

  • Tech: The client generates an EOA key pair locally, registers the Public Key as an Owner on the Smart Contract, and discards the Private Key from memory (user holds it).

Mechanism 2: Social Recovery (Guardians)

  • Setup: User invites trusted friends (Guardians). Friends accept by connecting their wallets. User confirms the list on-chain (e.g., Threshold 2/3).

  • Usage: User loses device -> Requests recovery on new device -> Sends "Help Link" to friends -> Friends click link and sign "Approve" -> Once threshold (2/3) is met, the Smart Contract updates the Owner to the new device.

Mechanism 3: Admin Recovery (Last Resort)

This is the ultimate safety net, ensuring decentralization and Self-Sovereignty. Instead of trusting a centralized Admin, users leverage their own Google Account via a trustless cryptographic protocol.

  • Decentralized Security: Uses Multi-Party Computation (MPC) to create a virtual vault linked to your Google ID. Key shares are split and never reconstructed, ensuring no single party (including Bullbit) can access your funds.

  • Setup: Users proactively enable this feature by linking their Google Account. The system registers a unique MPC address on the Smart Contract as the sole authorized recovery agent.

  • Trustless Execution: To recover a lost wallet, simply log in with Google on a new device. The MPC network verifies your identity and signs a transaction to transfer ownership, triggering a mandatory 3-Day Timelock.

  • Anti-Theft Veto Power: During the 3-day wait, a "Red Alert" warns you on all active devices. If the recovery attempt is unauthorized, you can instantly hit "CANCEL" using your old keys to revoke the request.

PreviousOnboarding: Two Ways to ConnectNextDeposit & Withdrawals

Last updated