Skip to tl:dr section below, if you are not a reader.
EOS registration was convoluted, but it had one major benefit, everyone who registered has two private keys, an ethereum key and an EOS key. These keys are tied together on the blockchain. Therefore proving ownership of the ethereum key, proves ownership of the registered EOS account. This allows EOS account recovery where blockchain can be taken as law.
The Problem:
Hundreds of people who registered their ERC20-EOS tokens have "lost" their EOS private key. Now that EOS mainnet has gone live they can't access their EOS accounts.
Definition of 'Lost':
A large portion of the people who have lost their EOS key, correctly followed the registration process. They mostly fall into two categories: those who used MetaMask and those who registered their Ethereum account twice.
MetaMask seems to have been buggy and has registered the incorrect key/address pair for a lot of people. While the registering-twice-people, did so, out of being overly cautious or encountering what they thought was an error and re-doing the process. It seems by re-doing the process their saved key/address pair was overridden.
Therefore many of the 'lost' key people are slightly aggrieved that their situation is being termed 'lost', as that suggests they were at fault. However this 'lost' brigade, don't feel that they are at fault for their situation, as they followed the process correctly but were undone by MetaMask bugs or over-zealously repeating the registration process.
Of course, there are many others who lost their key through technical mishaps, typos, etc. for whom the term lost key is appropriate.
PROPOSAL:
The following is a proposal to recover EOS accounts registered from ethereum blockchain where the owners have lost their EOS private keys.
NOT BEING PROPOSED:
This is NOT a solution for those who have had their accounts hacked i.e. this is NOT a solution for those engaged in the ECAF arbitration process.
Lost-Key-User Requirements:
- Public address & private key of ethereum account used to register ERC20-EOS on EOS mainnet.
- EOS mainnet public address or EOS account name that corresponds to registered ethereum account from Step 1, above.
EOS Block Producers Requirements:
- Ethereum based application e.g. Ethereum Application For EOS Recovery (EAFER)
EAFER Requirements:-
- GUI interface which sets up an EOS account once instructed by EOS registered ethereum account;
- displays the EOS key/address pair of newly created EOS account, from above, and a confirmation code to the user;
- creates second EOS account - this will be used for confirmation using the above confirmation code;
- displays above second EOS account pubic address (NOT private key) to user;
- logs all the above details and sends it to EOS Block Producers;
RECOVERY PROCESS:
Step 1. User logs into Ethereum Application For EOS Recovery (EAFER) with ethereum account used to register EOS. (This confirms the original ethereum private key holder from the ethereum account used for EOS registration is in control of the account. As logging into EAFER requires the ethereum private key).
Step 2. User enters EOS address/EOS account name that is registered to above ethereum account.
Step 3. EAFER checks, if the above entered EOS address/EOS account name matches blockchain record of ethereum account used for EOS registration .
Step 4. If above check is successful, user is presented with:
(a) new key/address pair;
(b) confirmation code;
(c) confirmation EOS address (to send the confirmation code to);
User must confirm they have securely stored above data before proceeding/exiting.
Step 5. User logs into EOS wallet (e.g. GreyMass/Scatter) using new key/address pair.
Step 6. User sends confirmation code to confirmation EOS address. (This confirms user has full control of new EOS account.)
Step 7. EOS Block Producers monitor confirmation EOS address and when confirmation code is received, it adds EOS public address from Step 2 to recovery list, once it has checked the correct code has been received from the correct account.
Step 8. EOS Block Producers move all assets in EOS account with lost key (Step 2 account) to new EOS address (Step 4, item (a) account).
EAFER Programmatic Notes:
- Step 3 should also check if there has been any activity on the address, if there is, this address should be frozen and considered disputed or requiring arbitration.
- All Step 4 information (other than key of (a) new key/address pair) needs to be sent to EOS Block Producers so that they can continue process, this data should be encrypted when sent.
- Possibly one EOS confirmation address could be used for Step 4 (c) confirmation EOS address, however using different ones each time might prevent bad actors from monitoring this account and thinking of ways to exploit it.
- Possibly no EOS confirmation address needs to be set up, the user could send their confirmation code to their lost-key-EOS address (Step 2 address) which EOS Block Producers can monitor, this may be exploited though as a bad actor might then know this is a recovery account and begin an ECAF arbitration on this account and begin doxxing (perhaps thru Telegram) the owner to steal their ethereum key.
BENEFITS OF THIS PROCESS:
Massively reduced noise around arbitration process. Approximately 700 people (and rising) are in this lost key scenario, many who have erroneously gone through the ECAF arbitration process. Removing these people from the ECAF process will make processing arbitration much easier.
Massively reduced EOS FUD/bad publicity as people who have recovered their accounts will not be negatively vocal on social media.
Greatly increased EOS positive publicity, as people react positively to account recovery on social media.
Effective demonstration of account recovery that using blockchain as law, thereby encouraging EOS users to set up account recovery when this process is formalized in EOS Constitution.
DO WE NEED TO WAIT FOR EOS CONSTITUTION TO IMPLEMENT THIS RECOVERY PROCESS:
No! The EOS constitution will formalize a account recovery process. However registered EOS lost key accounts already have a recovery process. We already have two private keys that are linked together on the blockchain. If we lost one we can recover the other using the blockchain as law.
TL:DR Section:
Registered EOS lost key accounts have 2 private keys (ethereum key & EOS key) that are linked on the blockchain, therefore they already have secured/recoverable accounts and don’t need to wait for an EOS constitution to formalize a recovery process.
As there are two keys that are blockchain linked, EOS account recovery can be effected by blockchain is law.
This process is only for lost keys, not ECAF arbitration hacked/disputed accounts.
Recovery applicants must have ethereum address/key of account used for registration and the linked EOS address.
EOS Block Producers will provide an Ethereum Application For EOS Recovery (EAFER)
EOS recovery applicants will log into EAFER with ethereum account used for EOS registration, thereby confirming they own the private key of the registration account, and enter the linked EOS account.
EAFER will provide a new EOS key/address pair and a confirmation code and confirmation EOS address, if the entered details above match the blockchain.
EOS recovery applicants log into EOS wallet with new EOS key/address and send confirmation code to confirmation address, this confirms user has full control of new EOS address.
EOS Block Producers move assets to address.
CRITIQUE:
Please let me know if you think this is viable in the comments? Resteem and upvote if you want this to be implemented.
EDIT:
NOTE TO EOS BLOCK PRODUCERS:
I appreciate your efforts to resolve this satisfactorily for all concerned. I acknowledge you are trying your best in what is a very busy period. I wish you all the very best in resolving this and all other issues you have to overcome.
Any BP's who help to resolve this, can be assured I will vote for you once I get control of my EOS. All others who benefit from a resolution should mark the BP's who helped and vote for them as they have proved themselves worthy Block Producers and we should be grateful for their competence, resolve and patience.
PETITION FOR EOS LOST KEY SOLUTION:
Please sign this petition which is trying to highlight the EOS lost key situation. The petition is separate from this proposal, it is not advocating that this proposal be adopted, just that a solution be found.
SECOND EDIT:
I replaced code-is-law references with blockchain is law as the code-is-law reference is clouding the issue. The new EOS constitution is debating introducing a policy of intent-of-code-is-law. This proposed solution is not trying to influence this constitutional debate. It is outlining that registered accounts are recoverable as they are secured by a second private key and therefore we can trust the blockchain to settle ownership.
Excellent, I agree completely.
thanks Smithy :)
Thank you for writing this article. I featured it in my video on lost EOS private keys!
Thanks for laying this out clearly - to a non technical person this seems a win win proposal for all. I do hope it can be implemented as it is inevitable that the number of lost keys will increase steadily. I guess we need to get to a biometric identification eventually
Congratulations @hillofbeans! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
You made your First Comment
Award for the number of upvotes received
Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word
STOP
To support your work, I also upvoted your post!
Do not miss the last post from @steemitboard!
Participate in the SteemitBoard World Cup Contest!
Collect World Cup badges and win free SBD
Support the Gold Sponsors of the contest: @good-karma and @lukestokes
Unfortunately, I think this has a flaw. Since no one planned ahead of time for the ETH key to be accessible to get the EOS chain tokens, it wasn’t necessarily safeguarded as such. Which means that if you made this change now it could be a massive security hole for many people, which makes it a non-starter as a solution. For example, in order to access some of the ETH token airdrops on ETH chain (i.e. EOSDAC) people may have exposed their private key after they knew the EOS ERC20 token was locked up to access the airdrops and then move them. It’s hard to add new powers to something that wasn’t previously defined as such. Best of luck to you in recovery through the current process!
Could someone guide me in the right direction please? I have a friend that has some EOS. She held them in Exodus Wallet and registered her private key for the main net launch in the Exodus wallet. Obviously, some time has passed and she asked me what she needed to do. Her EOS are still in her Exodus Wallet and I watched a few videos about moving the private keys to metamask and I am not sure what to do. Please advise me how to proceed so she doesn't lose her EOS. Thank you for your time.
Hi, I presume she has lost her eos key, you don't actually say that is the problem, so I am presuming. Or do you just want to move the eos away from exodus?
If she needs to recover her eos key then I recommend joining the EOS Lost Private Key Group on telegram, link below, and waiting for the solution which as yet has not been decided. In the meantime she should sign the petition linked in the article which will promote the finding of a solution within the BP community.
https://t.me/joinchat/HB9mHkiAS4OgXE31UzsmeA
I really hope they do something to help with this issue. I am so sad to lose all my coins in something i believed in
✅ @hillofbeans, I gave you an upvote on your post! Please give me a follow and I will give you a follow in return and possible future votes!
Thank you in advance!