When you connect a wallet to any application, you need to know exactly what that application can and cannot do. SolRecover is built with a security-first design — every architectural decision prioritizes the safety of your funds. This page explains precisely how we protect your wallet and why you can trust the recovery process.
How It Works Technically
SolRecover follows a three-stage process, and your private keys never leave your device at any point:
1. Read-Only Wallet Scan
When you click "Connect Wallet," SolRecover uses the Solana Wallet Adapter to establish a read-only connection. This allows us to query your wallet's public address and fetch your token account data from the Solana blockchain. No permissions beyond reading your public account data are requested at this stage.
2. Client-Side Transaction Building
Once SolRecover identifies your empty token accounts, the recovery transaction is constructed entirely in your browser. The transaction includes close-account instructions for each empty account, with the rent deposit directed back to your wallet (minus the 1.9% fee). This transaction is never sent to our servers — it is built locally using standard Solana web3.js libraries.
3. You Sign Everything
The completed transaction is presented to your wallet for approval. You can review the transaction details in your wallet's confirmation dialog before signing. Only after you explicitly approve does the transaction get submitted to the Solana network. If you decline, nothing happens — no accounts are closed, no SOL moves.
For a walkthrough of the full user-facing process, see our how it works guide.
What We Never Do
Security is as much about what you do not do as what you do. Here is our firm commitment:
- We never request your seed phrase or recovery words. Any site or tool that asks for your seed phrase is a scam. SolRecover will never ask for this information under any circumstances.
- We never store your private keys. Your keys exist only in your wallet extension (Phantom, Solflare, etc.) and never touch our servers or our code.
- We never have custody of your funds. SOL flows directly from your closed token accounts back to your wallet in a single atomic transaction. At no point does SolRecover hold, escrow, or intermediate your funds.
- We never send tokens from your wallet. The only transaction SolRecover creates is a close-account instruction. It cannot transfer tokens, approve spending, or interact with your assets in any way beyond closing empty accounts.
- We never request unnecessary permissions. SolRecover asks for the minimum wallet access needed: read your public address and sign a transaction you approve.
Verify On-Chain
Every SolRecover transaction is recorded permanently on the Solana blockchain. After you approve a recovery transaction, you receive a transaction signature that you can look up on any Solana block explorer.
We recommend Solscan for verifying your transactions. When you look up a SolRecover transaction, you will see:
- The close-account instructions for each empty token account
- The exact SOL amounts returned to your wallet
- The fee transfer to SolRecover's public fee wallet
- The Solana network fee (a base fee of approximately 0.000005 SOL, actual costs may vary slightly with network priority fees)
There are no hidden instructions. What you see on the block explorer is exactly what happened. This level of transparency is fundamental to how we operate.
Fee Wallet Transparency
SolRecover's fee wallet is a public Solana address: 8TXTvXyTjwto7g5pn4xbUL16fcX9MtzeXdrstb5PtAeR. Every fee collected from every recovery transaction is visible on-chain. You can look up the fee wallet on Solscan at any time and audit the complete history of incoming fees.
This means:
- You can verify that your fee was exactly 1.9% of your recovered SOL
- You can see total fees collected across all users
- There is no way for us to charge a hidden or higher fee — the blockchain records everything
We believe this is the standard every Solana tool should meet. If a service cannot show you where your fees go, that is a red flag.
Security Headers
Beyond the transaction-level security, SolRecover's website is protected by industry-standard HTTP security headers:
- Content Security Policy (CSP) — Restricts which scripts, styles, and external resources can run on the page. This prevents cross-site scripting (XSS) attacks and ensures no malicious code can be injected into the site.
- HTTP Strict Transport Security (HSTS) — Forces all connections to use HTTPS, preventing man-in-the-middle attacks that could intercept your data.
- X-Frame-Options — Prevents the SolRecover site from being embedded in iframes on other domains, blocking clickjacking attacks.
- X-Content-Type-Options — Stops browsers from misinterpreting file types, which prevents certain content-based attacks.
- Referrer-Policy — Limits the information shared with external sites when you click a link, protecting your browsing privacy.
These headers work together to create a hardened browsing environment. You can verify them yourself using your browser's developer tools or a tool like securityheaders.com.
Satisfied with our security practices? Recover your locked SOL in under a minute.
Ready to Recover Your SOL?Learn more about how the recovery process works or read about our mission and values.