Recover a user's identity
Recover a user who lost wallet access, review the console preview, confirm recovery, and re-issue claims on the replacement identity.
Identity recovery creates a replacement wallet and OnchainID path for a user who lost access to their linked wallet. The Console preview shows whether the workflow can proceed, which balances are affected, and what operator follow-up is needed after an Identity Manager confirms the recovery.
Use this workflow only for lost or compromised wallet access. Do not use it as a general transfer tool, a custody service, or a KYC review substitute.
DALP stops routing through the old identity path. Trusted issuers must issue any required claims against the recovered identity before the user resumes regulated activity.
Before you start
You need:
- An administrator account with the Identity manager role.
- Wallet verification for the administrator executing recovery, such as PIN, OTP, or a recovery code.
- The user record for the person whose wallet access is lost.
- Enough operational evidence to confirm that recovery is the right workflow for that user.
Recover the user
Open the user's security details
Go to the user's profile from the participants or user management area, then open the security section. The Recover identity button appears only for Identity Managers and only when the selected user has a wallet.
Start identity recovery
Click Recover identity. DALP loads a recovery preview prior to execution.
The preview shows the user, the lost wallet, the current identity status, whether the wallet is already marked as lost, token balances that may need recovery, and any blocking reasons. The Console does not ask you to specify a replacement wallet. DALP creates the replacement wallet and identity path during execution.
Resolve blockers before continuing
If the preview says the user cannot be recovered, resolve the listed blocker before continuing. Move balances manually only when your operating procedure explicitly requires a different workflow.
Review the impact summary
Review the summary before continuing. The workflow can:
- create replacement wallets, OnchainID, and smart wallet
- disable the lost wallet and activate the replacement
- revoke sessions and reset verification
- recover token balances from the preview
KYC and accreditation claims do not transfer to the replacement identity.
Confirm and execute
Enter the confirmation text RECOVER IDENTITY, complete the administrator wallet verification prompt, then submit the recovery. After execution starts, the wizard locks forward progress and shows recovery phases instead of letting the operator navigate back into the decision steps.
Wait for completion
Watch the progress list until the workflow completes, fails, or completes with token-level failures. Token recovery progress shows how many affected token balances have been recovered out of the total balances in scope.
| Phase shown in status | What it means for the operator |
|---|---|
| Creating wallet and identity | DALP is creating the replacement wallet and OnchainID path. |
| Creating smart wallet and adding management key | DALP is setting up the replacement wallet control path where the programme uses a smart wallet. |
| Disabling old wallets and registering new wallets | DALP is moving routing away from the lost wallet path and registering the replacement path. |
| Revoking sessions | DALP is revoking active sessions and resetting wallet verification methods. |
| Recovering tokens | DALP is attempting token recovery for affected balances from the preview. |
| Completed with token failures | Identity recovery finished, but one or more token balances still need operator follow-up. |
| Failed | Recovery stopped before completion. Check the failure message and operator logs before retrying. |
After recovery
Check the final summary before closing the dialog. The summary can show the replacement wallet, the recovered identity, and the count of recovered token balances.
If recovery completes with token-level failures, treat the identity recovery as partially successful. The user is linked to the replacement identity path, but the listed token balances still need your follow-up. Common failure reasons include a paused token, missing custodian permissions, no recoverable tokens, an RPC issue, or an unknown token recovery error. The API status response keeps a per-token failure manifest with the token address, holder address, reason, message, and raw error for follow-up.
Recheck the user's identity and claim state after the workflow completes. If the user needs KYC, accreditation, or other trusted-issuer claims, issue them against the recovered identity before resuming regulated activity. Do not rely on the old OnchainID claims for new claim-gated operations.
Treat claim re-issuance as a required operating step, not as an automatic part of wallet recovery.