Disaster Recovery Process

There are three possible scenarios involving some level of disaster recovery or business continuity procedures;

  • If a user has lost a signing device, but utilizes the iCloud/Google Drive syncing feature and possesses the signer passphrase it is possible to simply restore the signer on a new device by downloading the app, logging in, selecting the “restore signer” option and inputting their signer passphrase to decrypt the data on the new device.
  • Alternatively, If a users’ signing device is lost or misplaced and the user does not know the signer passphrase, so long as there are enough available shares to reach the vault threshold using other devices, then a reshare request can be created to issue new shares to a newly registered signing device;
  • Finally, If there are not enough shares available or the io.vault service becomes persistently unavailable for any reason, utilizing the offline disaster recovery process will be necessary.

7.1 Responsibility

Each user is responsible for retaining, for each of their registered signer’s: the signer passphrase, as well as downloading and storing an up-to-date encrypted device back-up file after participation in any vault creation or reshare and for the safe-keeping of their 24-word secret phrase in an offline and physically secure location.

7.2 Process to recover access

Process Ref.

Process Step

1

Members of the signing party with devices containing enough secret shares to reach the vault threshold must obtain their corresponding up-to-date encrypted back-up files and device specific 24-word secret phrases.

2

The organization should then decrypt and combine these files using the publicly available, open-source tool (published here on github) on a secure offline computer to generate, for the first time, a valid private key for the desired vault.

3

Follow the step by step guide from GitHub and our online guide.

Brief Overview

To use the recovery tool file, you need to launch it via the terminal. Follow the steps below:

  • Download the recovery tool for your platform from here.
    • If you are using an Apple Silicon based Mac computer: recovery-tool-mac
    • If you are using a Linux based computer:
      recovery-tool-linux
    • If you are using a Windows based computer:
      recovery-tool.exe
    • For other platforms, we recommend building the tool yourself from source, which requires an installation of the latest Go language compiler from https://go.dev.

  • Open Terminal or “Command Prompt”: Navigate to the folder where your recovery tool file is located. For example, if it's in your Downloads folder: cd ~/Downloads

  • Optional step: Use the sha256sum command to verify that the hash of the file you downloaded matches the hash shown on our GitHub releases page for the tool.
    e.g. sha256sum recovery-tool*

  • Run the Recovery Tool: Run the recovery tool using one of the following commands in the terminal window. Be sure to replace <Backup Files> with a space-separated list of your backup file names taken from the io.finnet apps.
      • If you are using an Apple Silicon based Mac computer: ./recovery-tool-mac <Backup Files>
      • If you are using a Linux based computer:
        ./recovery-tool-linux <Backup Files>
      • If you are using a Windows based computer:
        recovery-tool.exe <Backup Files>
  • If you are running from source, use
    go run ./ <Backup Files>
    in the git cloned repository directory.

For more detailed instructions on using the Terminal, refer to the Apple Terminal Guide or Windows Command Prompt guide.


The tool will recover a key that is usable for all existing supported coins in the following wallets: MetaMask (for Ethereum and EVM-based coins and tokens), Electrum wallet (for Bitcoin), and TronLink (for Tron).


For detailed information on the process, please visit our online guide.

Please Note

Troubleshooting Common Issues:

  • Permission Denied Error: If you encounter a "permission denied" message when trying to run the recovery tool: 
    • Run the following command in the terminal to grant execution permissions:  chmod +x recovery-tool-mac
  • Security Popup Issue: If you see a security popup message preventing you from running the tool:
    • Go to your System’s Privacy & Security settings
    • Click on Allow Anyway for the recovery tool
    • Try running the recovery tool again

By following these steps, you should be able to successfully run and interact with the recovery tool file via the terminal

Please Note

This process must be used when funds cannot be withdrawn from a vault due to the inability to generate a signed transaction directly using the io.vault product. This can occur for example, by a critical software malfunction, a malicious DOS attack, a permanent service shutdown, or a critical loss of access to the io.finnet app by the user(s).

Please Note

The tool will recover a key that is usable for all existing supported coins in the following wallets: MetaMask (for Ethereum and EVM-based coins and tokens), Electrum wallet (for Bitcoin), and TronLink (for Tron).


For newer supported chains and coins not listed here, please contact us for further information on which app to use for recovery.