Recovering and Backing up your Accounts’ Tokens

A user asks: How can I recover an address and the tokens that are in a wallet?

Thanks for asking this question and bringing up this issue here. This is a frequent problem that people have, so I’d love to answer this with as much attention as possible to help you and others.

Recovering and Backing up your Accounts’ Tokens

By CryptoHamilton

TL;DR:

  • If you have your seed phrase (aka secret recovery phrase) you can access all your accounts and their funds.

  • Your secret recovery phrase generates all your accounts

  • Your password is used to locally encrypt your secret recovery phrase

  • Assets are stored in accounts

  • Account balances are stored on the blockchain, not the crypto wallet, so they don’t get wiped when your device does.

  • You can use a block explorer like Etherscan to check your account’s assets

  • If you reinstall your wallet, MetaMask will auto-detect any accounts with balances, and many popular tokens, but you may have to manually re-add the less-common tokens to each account (for now).

  • Seed phrases cannot be reset

  • MetaMask does not have access to your secret recovery phrase.

  • Anyone who gains access to your secret recovery phrase can control all of your accounts, and our support agents will never ask for it.

The Start:

Wallets hold all your accounts. Your secret recovery phrase generates all your accounts on the blockchain. Accounts hold token information. Each account has its own token information since they can each hold different tokens.

The Good: Your accounts and funds are safe

The good news, if your accounts are safe (by not sharing your secret recovery phrase or being hacked), then your funds should be in your account. This is because your funds are stored in your account. That account lives on the blockchain. MetaMask is merely a way to access the internet of value. Similar to how the web browser is a way to access the internet of information.

Please don’t take my word for it. You can see for yourself! Here is how:

  1. Go to Etherscan
  2. Search for the account address
  3. Click where it says tokens and see all the tokens in that account.

You can use this method to investigate which tokens each address has. Some popular tokens will be autodetected by MetaMask. Other Custom Tokens, which are niche or not well-known projects have to be added manually. To add these, see this article explaining how: How to View Your Custom Tokens in MetaMask

The user flow should be the same for both extension and mobile users.

Some tokens you will have to add back manually

The bad (more like inconvenient) news: you may have to regenerate some of your accounts and add some of the tokens again. Think of it as having to add your bookmarks again after your web browser is re-installed. We intend to sync this data eventually, but unfortunately do not yet.

This means that you may have to add some of the tokens you had to some of the accounts you have.

How to Store Your Favorite Tokens for Now

Some good news is that we plan to improve the user experience of token detection a lot. These features should automatically appear on future MetaMask installs. For now, let’s look at some other ways of backing up a list of your favorite token for the future.

I’ll show you three ways you can save a list of your favorite tokens: using Zerion, creating a .CSV file, or creating a .JSON file.

Zerion is the easiest. Zerion allows you to track and manage your entire DeFi portfolio seamlessly. With Zerion, you can add all your noncustodial accounts onto it and then export transaction history via a.CSV file.

If you are more paranoid, you can also back up your accounts on a spreadsheet and save the sheet as a .CSV file. The first column can be the address. The following columns can contain the tokens for each account.

If you are more technically savvy and security-focused, you can create your own .JSON file. This will have a series of nested key-value pairs. The first key is the address. Its value is another key-value pair whose keys are the token name, and value is a key-value pair with its configuration info. Repeat this for each one. For some, this is more organized than a .CSV file.

For the paranoid or privacy-focused:

  1. DO NOT upload this file unencrypted to the cloud or use Google spreadsheets. If you do upload it, encrypt it.
  2. If you use Google spreadsheets, don’t use an account that can be tied to you and probably use a VPN. If you use Zerion, read the terms and conditions and VPN if you are concerned with your IP being linked to an account.
  3. Use a clean web browser with clear cookies to visit.
  4. Change the width and the height of the browser as this can be a method to detect machines.

The Seen and Unseen: Pseudonymity vs Anonymity

This isn’t sensitive information per se, but if your addresses & tokens are linked to a piece of information that identifies you, your pseudonymity is gone.

Pseudonymity is not anonymity. An anonymous person can act or speak in a way that makes them unidentifiable. A pseudonymous person can act or speak so they can be identified, but their id shields who they are. The difference is in the ability to be traced back.

Ethereum and Bitcoin accounts are pseudonymous because they are aliases for the user not tied to their IDs. All account history is public and traceable, meaning if the account is linked to the user, all their history is traceable. Other blockchains specialize in privacy, like ZCash and Monero. There are also projects on Ethereum which try to bring similar computation techniques to add privacy to certain areas like Aztec Protocol.

If you have your seed phrase for your wallet, then you can access all accounts related to that wallet.

The End:

As mentioned before, secret recovery phrases cannot be reset. They are not like passwords on a central server. This is based on how blockchains were designed.

Remember, Never share your secret recovery phrases.

You can access your accounts if you have access to your wallet’s seed phrase.
If you haven’t already make sure to back up your seed phrase (aka secret recovery phrase).

See this article on best practices for backing up your secret recovery phrase.