Loopring Smart Wallet w/ Social Recovery — Your Ultimate Crypto Security Guide
Since early 2021, Vitalik Buterin (Ethereum founder) has been pushing for the wide adoption of social recovery wallets over less secure wallets like EOA (e.g., Metamask) and hardware wallets (e.g., Ledger). The reason for this is the single point of failure that is present in these types of wallets, something that Loopring Smart Wallet with Social Recovery solves for while additionally adding extra security features like: 2FA, whitelisted addresses, daily limits, the ability to lock your wallet + so much more.
In this blog post, we will be discussing the security advantages of the Loopring Smart Wallet and comparing it with traditional EOA wallets like MetaMask and hardware wallets like Ledger. We’ll also take a closer look at some of the account abstraction features it unlocks as well as some upcoming features. We’ll then go over proper social recovery and guardian management, and other security measures to help you protect your assets.
Your ultimate guide to securing your crypto assets is here👇
Why Loopring Smart Wallet?
The Loopring Smart Wallet stands out as one of the most secure choices for crypto users available today, thanks to its social recovery functionality, which secures your funds via chosen social guardians. This mechanism eliminates the need for seed phrases, effectively eliminating the single point of failure commonly found in other cryptocurrency wallets.
Additionally, it offers account abstraction features like the ability to pay fees with any token (e.g., USDT, LRC or ETH) and provides various additional security features like address whitelisting, wallet locking + unlocking (in the case of a lost phone), encrypted cloud recovery backup, and two-factor authentication (2FA) protection.
All of these features combined make the Loopring Smart Wallet much more similar to a Web 2 banking-app-like experience for the end user, which will be necessary if we want to onboard the next billion users to the crypto space. Transacting and storing crypto needs to be as simple and seamless as using a banking app if we expect the world to transition over, and this is the experience we are building at Loopring.
Loopring Smart Wallet vs. EOA wallets (e.g., MetaMask):
As highlighted in Vitalik’s blog titled, “Why we need wide adoption of social recovery wallets”, social recovery wallets like Loopring Smart Wallet have become the superior choice to traditional EOA wallets like MetaMask.
“[Seed phrases] are not good enough… hardware wallets alone are not good enough… multi-sig is good… social recovery is better!” — Vitalik Buterin (founder of Ethereum)
The main advantage lies in the use of social guardians for social recovery, which adds a much needed layer of security, removing the single point of failure and helping users to recover their wallets in the case of loss or theft.
Currently, EOA wallets are widely used due to their cost-free and easy deployment process. However, the concerns surrounding the costs of smart wallets will soon be alleviated as expenses are expected to significantly decrease through the implementation of EIP-4844 as well as the ability to deploy smart contracts for wallets on generalizable L2s instead of the base layer. These enhancements will not only improve data availability and storage capabilities but also lead to a more streamlined and cost-effective smart wallet experience (read more in “The Future of Smart Wallets” at the bottom👇).
Loopring Smart Wallet vs. hardware wallets (e.g., Ledger):
Similar to the comparison with EOA wallets, Loopring Smart Wallet’s social recovery features give it an edge over hardware wallets like Ledger or Trezor as well. The use of social guardians (that you choose) ensures that users have a way to recover their assets in the event your phone (and your wallet) is lost or compromised.
Eliminating the single point of failure of a single entity, whether that entity is yourself or a trusted third party, is necessary if we are going to onboard the masses to a new financial system. People need multiple layers of protections if we expect the world to custody their own assets, and this is what Loopring Smart Wallet provides.
A second possible attack vector with hardware wallets are what Vitalik refers to as “Supply chain attacks”- meaning, if you buy a hardware wallet, you are trusting a number of actors that were involved in producing it — the company that designed the wallet, the factory that produced it, and everyone involved in shipping it who could have replaced it with a fake.
All in all, hardware wallets are an improvement upon standard “hot” EOA wallets, where hot means they are always connected to the internet. However, they do still have this critical single point of failure in common. One possible solution to increase the security of your Smart Wallet, is to use a hardware wallet of your own as a guardian to protect your Smart Wallet. As long as you aren’t solely relying on this guardian, and have 2 or more other guardians to help guard against losing access to this one wallet, it could help improve your overall security.
Account abstraction + other cool features:
As touched on in the beginning of this guide, Loopring Smart Wallet brings the convenience of a traditional bank account or banking app without the risks associated with trusting a third party with your assets. With account abstraction, the wallet abstracts away complicated steps like paying L1 (ETH) gas fees and instead lets users pay (smaller) fees with any token in their wallet. We’ve even taken it a step further, giving users the ability to pay L1 fees with L2 wallet assets, making the overall experience much more accessible and user-friendly.
We’ve also piled on the additional security features to give users multiple layers of protections:
🔐 Daily Transfer Limits
🔐 2FA Protection
🔐 Wallet Lock/Unlock
🔐 Address Whitelisting
🔐 Cloud Recovery/Backup
All of this combined makes Loopring Smart Wallet the go-to personal vault for your crypto assets. Once your assets are secure, you then get access to a whole L2 ecosystem of earning, gaming and trading opportunities baked into the experience, including:
✅ NFTs
✅ AMMs
✅ Staking
✅ Payments
✅ Block Trade
✅ Red Packets
✅ Fiat On-ramps
✅ Dual Investment
✅ Order Book Trading
Upcoming features:
We aren’t just stopping there either! Loopring Smart Wallet has some exciting new features in the pipeline as well. One big one upcoming is making the wallet natively multi-network, so many more users across crypto can experience the ultimate security it has to offer.
On the security side of things, we are working on a new inheritance feature that will allow users to designate an inheritor for their wallet in the worst case that something happens to the owner of the wallet. We are also early in the development of a new concept called a “Super Guardian” — but more on this later.
Lastly, we have also begun work on a new web browser extension for increased accessibility and convenience across all devices including PCs and laptops.
We want Loopring Smart Wallet to be the one and only wallet you ever need — a complete one stop Super App for all things crypto! Stay tuned to our socials like Twitter, Discord + Reddit for upcoming blogs and announcements around these new features.
So what is social recovery with guardians?
Social recovery is a robust security feature that utilizes a network of trusted individuals known as guardians, whom you personally select. These guardians play a vital role in safeguarding your funds by enabling the recovery of your wallet in situations involving loss or theft. Additionally, they can provide assistance in other scenarios, such as unlocking your phone if it was lost, locked, and subsequently retrieved. The concept of social recovery adds an extra layer of protection and convenience to ensure the safety and accessibility of your digital assets and personal devices, giving you ultimate peace of mind.
In crypto, wallets secure your funds by creating a unique private and public key pair. This pair of keys (public + private) combine to be your keys that give you access to your funds. Your public key is your address; this is okay to be shown publicly (hence the name) and can be given to people to send funds to your wallet. The private key however, is matched to your public key and can *never* be given to anyone else. This key gives the power to whoever has it to transfer and transact from your wallet. A good analogy here is to think about your public key as your home address, while the private key is like the key to your house. This is why with Loopring Smart Wallet, we encrypt this private key and store it in your own device, never exposing it at any moment to keep it as secure as possible.
In most traditional wallets (EOA or hardware wallets), they expose your private key by assigning a “seed phrase” to it, which is the human readable version of your private key. You are required to write this phrase down and store it however you can to keep it safe. This creates a single point of failure and is too much responsibility for the average person to handle with something as important as money or other assets. This seed phrase represents the keys to all of your assets and can be stolen, lost or hacked if stored digitally.
We eliminate this critical vulnerability and keep your private keys encrypted and stored locally in your device. Loopring, nor any other party ever has access to your unencrypted private key. By storing it locally, you remain in full control of your funds at all times. By adding guardians as an additional security layer, you don’t need to fully rely on yourself, taking the pressure off from accidents or other bad scenarios happening.
You simply select guardians (we recommend 3 or more) that you trust to be accessible in a time of need and set them as protectors of your wallet. A majority of guardians is required for you to complete important actions, ensuring that no single individual is able to harm your funds.
For instance, let’s consider a scenario where you have five guardians assigned to your wallet. In this case, a minimum of three out of the five guardians would be required to initiate the recovery or unlocking process. By implementing this approach, an additional layer of security is established, significantly mitigating the risk of a single point of failure.
Proper guardian management:
For a full, in-depth look at guardian management from the point of view of Vitalik (the founder of Ethereum), check out his recent reddit post about it here. Below I will give you a summary along with some specific things to think about for your Loopring Smart Wallet👇
As mentioned in the last section, you simply have to select and set 3 or more guardians that you trust to be accessible in a time of need to protect your wallet. These guardians can be friends, family or even yourself, using other wallets you have access to in times of need. In the words of Vitalik, “It’s okay for some of the guardians to be your own devices, but not too many“.
Currently, a majority of guardians is necessary for you to complete actions, so no single guardian is able to do anything malicious. We recommend at all times to have a minimum of 3 guardians and to try to always keep an odd number of guardians (because a majority is needed) to secure your funds in the best way possible. For example, setting 2 guardians would require both (because majority is 51%) to be accessible in a time of need, meaning if one is unavailable (maybe it’s your own device and you lost it), you would not be able to recover your wallet with the other guardian alone.
By setting 3 guardians instead (2 would be required to recover your funds), it gives you a little bit of leeway in the case that one guardian becomes unreachable or lost. Setting 5 could be even better, because then you would only need 3 to verify and unlock or recover your wallet if something bad should happen.
It’s also a good best practice to choose guardians that don’t know each other. As Vitalik says, “Choose guardians who do not often talk to each other or ideally do not know each other”, because this ensures that there could never be any collusion by guardians to come together and steal your money.
One last best practice would be to educate your guardians beforehand to always ask a security verification question prior to approving any actions that you ask of them. As we live more and more in a digital world, almost all of our communications are via messages without actually knowing that the person we are talking to is the person we think it is.
A hacker, for example, could have ported your phone number and found out who your guardians are and is now using your phone number to message your guardians (who are saved in your phone), asking them to approve the recovery of your wallet to a new device because “you lost your other phone”. Best practice would be for your guardian to first ask a verifying question like, “In what city did we meet?” or something else a hacker or unknown person would not be able to research and find out easily.
Some other points to consider from Vitalik:
- If you’re doing “degen” stuff, make sure to have guardians who can respond quickly. Otherwise, this doesn’t matter
- Test each guardian at least once a year
If you’ve read this far, then you are now ahead of the curve, with most of the knowledge you need to properly secure your funds. You can sleep well at night knowing you have full control of your assets, but still have protections in place in case things go wrong.
For a step-by-step tutorial on how to set up your guardians in-app, check out this guide here⭐️
Not to worry if you feel a bit overwhelmed at first, this is a new paradigm shift in the way we store and transact with our funds, but it is necessary if we want humankind to have true freedom and resistance against centralized actors who aren’t usually looking out for our best interests.
To make you feel even more secure, Loopring Smart Wallet has many other security features to give you even more layers of protection. Read on👇
How to utilize other security features:
In addition to social recovery and guardian management, users can also take advantage of other security features like: cloud recovery, two-factor authentication (2FA), whitelisted addresses, and daily transfer limits.
Add on security layers to maximize your protection and turn your Loopring Smart Wallet into an impenetrable personal vault to store all of your digital assets.
Below I will run through a summary of some of these other features for you to decide which ones you want to take advantage of👇
Cloud Recovery:
Social recovery using guardians can be difficult to wrap your head around for some people. It can also be more costly for the average person. Currently our Smart Wallets deploy smart contracts on Ethereum L1 to control the functioning of your wallet. This smart contract on L1 requires gas fees, which can fluctuate and become quite expensive for some actions at some times.
In the future, this should become much cheaper as we move this deployment to L2 on general purpose Ethereum L2s, but until then we have enabled another option for users to still be able to recover their wallets in the worst case scenarios, but without any cost! This option is called Cloud recovery.
It uses your phone’s native cloud solution (iCloud or Google Cloud) to securely store your private key, still only in your control, but as a backup in case something goes wrong.
This works by using your Loopring Smart Wallet to encrypt your private key, which is done by you, using your passcode (that no one else should know). Your passcode encrypts your private key (meaning it hides it by using cryptography) and stores it in your native cloud solution in your phone. You and only you, using your passcode, can decrypt this private key. It sits in your device’s cloud as backup to use in the worst case where your phone is lost, stolen or destroyed and you need to restore your wallet and assets on a new device.
The benefit to this recovery solution is that it makes recovery free and much simpler than using social guardians. The downside is it opens up a new attack vector as in theory it would be possible for someone to gain access to your cloud and also find out your passcode. It’s up to you to weigh the pros and cons to see if this method is worthwhile to you or not.
In the near future we will be adding additional protections to this feature by sharding the encrypted backup and storing it across multiple sources instead of keeping the entire encrypted key in one source. This will help ensure any one malicious actor will have a much harder time hacking and putting together all 3 pieces.
For a step-by-step tutorial on how to set up this feature, check out our guide here⭐️
Two-Factor Authentication (2FA):
2FA has become one of the best extra layers of security in the crypto industry to help ensure your identity can never be stolen, which could lead to the loss of your funds. 2FA works by setting up an extra identity verification layer to prove you are you in the case of wallet recoveries or other important actions.
Apps like Authenticator are usually recommended when adding on this extra layer. SMS verification as a second method is less secure as phone numbers can be ported to different phones through social engineering by hackers. However, used in combination with other authentication methods, it can be helpful in adding extra protection.
The three extra verification methods used in Loopring Smart Wallet are SMS, email, and an Authenticator app. Adding an Authenticator app as a second verification is recommended to help further secure your identity and wallet.
For a step-by-step video tutorial on how to set up one or more of these extra verification methods, check out our guide here⭐️
Whitelisted Addresses:
This feature works in tandem with the Daily Quota feature also included in the Loopring Smart Wallet. You will need to first turn on Daily Quota to use Whitelisted Addresses.
Once activated, you will be able to send unlimited amounts (outside of your daily limits) to any addresses that you have decided to whitelist (trust). Adding new whitelisted addresses to send to requires extra approvals. With this feature enabled you can help ensure a hacker or would-be thief of your phone will never be able to drain your wallet to a new address not already set by you.
For a step-by-step tutorial on how to set up this feature, check out our guide here⭐️
Daily Transfer Limits (daily quota):
As mentioned above, daily transfer limits (called daily quotas in-app) are pre-set amounts that you are okay with being transferred out of your wallet without additional approvals.
By setting an amount of say $100 for example, it would mean that any daily amount that is attempted to transfer out of your wallet above $100 will require additional approvals. For example, you could transfer $99 out, but another transfer of $2 or more within the same 24 hour period would require additional approvals. This, along with whitelisted addresses can give you ultimate protection against hackers, thieves or someone who finds your lost phone with your wallet on it. Keep in mind, your whitelisted addresses (see above) will not fall into these daily limits, only addresses not already pre-trusted will have to abide by these limits.
One additional point to consider is that enabling the Daily Quota feature does increase the complexity of the logic that is required for your smart contract wallet to complete actions, which in turn requires more gas on L1. This means, every transfer for example will cost a little bit more in fees as the smart contract has to first verify all of your parameters in order to complete the transaction.
For a step-by-step tutorial on how to set up this feature, check out our guide here⭐️
The future of Smart Wallets:
Right now, Smart Wallets tend to be a little bit more expensive for the end user (although the increased security is worth it for many) due to the fact that these wallets use smart contracts to control the actions of the wallet. These smart contracts are typically deployed directly on Ethereum L1 and are subject to variable, and oftentimes very high, gas fees in order to complete many actions.
With Loopring Smart Wallet, we abstract most of this away from the end user to improve the user experience and make it as cheap as possible by baking in a Layer 2 experience on top. Still though, certain actions like adding guardians can be expensive. This, over time, will become much cheaper though as the main smart contract layer moves to Layer 2 with generalizable rollups like zkEVMs going live. We will soon deploy the smart contracts controlling these wallets on L2 to potentially bring the costs down by a factor of 10–100x.
Once costs are down and as the crypto space evolves, we believe that Smart Wallets with social recovery will become the norm for all users due to their increased security and smart features that closely resemble traditional banking and web 2 app experiences.
In the future, your Loopring Smart Wallet can truly become your all-in-one Super App that connects you directly to the new and growing digital world. Become your own bank with your personalized digital identity for the metaverse as well as your vault to store all of your digital assets — all the while still giving you the ability to transact freely without borders or limitations.
⚡️For any help or guides related to the Loopring Smart Wallet, make sure you check out our new docs portal here for everything LSW.⚡️
About Loopring
Loopring is an Ethereum Layer 2 zkRollup protocol for scalable, secure DeFi and NFT applications. Loopring builds non-custodial, high-performance products atop our L2, including the Loopring Wallet — a mobile Ethereum smart wallet, and the Loopring L2 web app — an L2 orderbook and AMM DEX. To learn more, follow us on Medium or see Loopring.org.
Twitter ⭑ Discord ⭑ Reddit ⭑ GitHub ⭑ Docs ⭑ YouTube ⭑ Instagram
