Ambire is a Web3 wallet, powered by account abstraction (ERC-4337) that makes Web3 self-custody easy and secure for everyone. The wallet was launched over a year ago, with a ground-breaking feature: self-custodial email/password registration and login.
In this proposal we’ll have a look at what the product achieved in this first year and how our email/password login helped users recover over $186,000 of funds.
But most importantly, we will propose a way of developing an email-based recovery mechanism that is very secure, doesn’t compromise on self-custody and unlike the current solution, doesn’t require a timelock. To achieve this, we are planning to implement DKIM signatures used by most modern email providers.
Why email/password over social login?
Ambire is a web-based account abstraction wallet launched in late 2021, the first to offer self-custodial accounts creation using email/password authentication, thanks to an underlying 2/2 multisig.
After one year of running on Mainnet and other EVM networks, we believe that email/password accounts demonstrate how account abstraction makes Ethereum more inclusive. We found out that email-based registration is perfect for onboarding people who aren't technical or patient enough to deal with seed phrases or browser extensions.
Ambire Smart Accounts provide options for multiple signers. We support two types of signers. The first one is email/password signers, and the second one is EOAs, like hardware wallets, browser extensions (Web3 wallets), etc.
When using email/password signers, Ambire creates a 2/2 multisig under the hood for you, where one of the keys is on your device and encrypted with the password, while the other is responsible for verifying email confirmation codes and “lives” on a back-end HSM. Both keys are necessary to control the account, but one is enough to trigger the timelocked recovery procedure.
We provide a recovery option for email/password accounts in case the password or email access is lost. If a transaction was signed with only one of the keys, the contract triggers a time-lock recovery for 72 hours. After 72 hours, the missing key from the transaction will be replaced with a new one provided by the user in the same transaction.
For more details, read our security model or more generally, our whitepaper.
| Launch date: | 16 Dec 2021 |
|---|---|
| Supported EVMs | 13 + (2 test nets) |
| Registered Ambire Smart Accounts: | 100k |
| Smart Accounts with Email multisig signers: | 62k |
| Smart Accounts with EOA signers: | 38k |
| Total Rescued Addresses with email signer | 117 |
| Total rescued in USD with self recovery with Email signer | $186k |
| Total value locked in Ambire Wallet accounts | $19.5m |
Number of Accounts per type
TVL by account types
Rescued assets by email accounts TVL in USD