Recover Sui Funds

Since Fordefi generates keys using MPC, EdDSA keys are derived in a non-standard way, and can therefore not be uploaded to regular wallets such as Suiet wallet. Fordefi overcomes this limitation by providing a command with the included recovery-tool that enables you to move funds out of your wallets using the keys.

To begin, install the sui client CLI that will enable you to transfer the funds out of your vault.

There are two phases in the recovery process:

  1. Move the non-native coins: Transfer to another wallet everything that is not gas (SUI coin) so that you can pay for the transaction.
  2. Move the gas (SUI coins): Transfer the gas (SUI coin) to another wallet.

Transfer non-SUI coins first

You must transfer non-SUI coins first and then the native SUI currency. The reason is that native currency is required for paying gas. If you transfer native currency first, you will not be able to transfer the coins.

Move the non-native coins

First, run the following command to create a sui_vault_coins.json file (by way of example) containing all the coin objects in your Fordefi Sui Vault:

sui client objects "0x..." --json \
  | jq '.' > sui_vault_coins.json

This command will result in a JSON list of all the coins in your possession.
For each coin that you'd like to move, make sure:

  • It's not native SUI coin (gas): You can identify SUI coin by its type: type=0x2::c‏‏‎oin::Coin<0x2::sui::SUI>.
  • objectId is the coin's identifier and will be used in the next command as the input-coins value.
  • content.fields.balance is the coin's balance and will be used in the next command as the amounts value.

Then, for each of the coins you'd like to send, create a transfer transaction without signing or executing it, as follows (example):

sui client pay \
      --input-coins 0xd3cfb686f3c48794987e53147e1095813a3c2813f4726df9392de84aa019be40 \
      --recipients 0xac5bceec1b789ff840d7d4e6ce4ce61c90d190a7f8c4f4ddf0bff6ee2413c33c \
			--amounts 846151883934859 \
			--gas-budget 10000000 \
      --serialize-unsigned-transaction

This command will result in a base64 string, which is the BCS serialized representation of the transaction. You'll use it to sign the transaction before sending it.

Now, sign the transaction as shown in the following command (example):

./recovery-tool sui-sign \
      --private-hex 0973dfc5d554a08cc04bca048984ab32eb5a051ab8f7985c1dd8013525a83274 \
      --tx-bytes-base64 AAADAQDTz7aG88SHlJh+UxR+EJWBOjwoE/Rybfk5LehKoBm+QJgpwwQAAAAAIAcOkakCLNVgNx6sxCZOrwpr+co5dqTsfHvzyiqjwrCXAAiLzHcWkgEDAAAgrFvO7Bt4n/hA19TmzkzmHJDRkKf4xPTd8L/27iQTwzwCAgEAAAEBAQABAQMAAAAAAQIAEDUH7yyKtIxSU/plOp+tqA+tiEJQwdcmmfxN3W6wxbIBNnxhHuE2sGv8TqZSyvDq0rTN93IwKwDUOW1fmmnYhkGXKcMEAAAAACCBbhqmRkhoztBebO4KxKRAdwdRKdDQafBmEFjSULzmgBA1B+8sirSMUlP6ZTqfragPrYhCUMHXJpn8Td1usMWy7wIAAAAAAACAlpgAAAAAAAA=

Options

  • private-hex: The private key that was recovered, in hex format.
  • tx-bytes-base64: The base64 representation of the transaction.

This command will return the base64 representation of the transaction's signature, that will be used to execute the transaction.

To execute the transaction, run the command shown here (example):

sui client execute-signed-tx \
      --tx-bytes AAADAQDTz7aG88SHlJh+UxR+EJWBOjwoE/Rybfk5LehKoBm+QJgpwwQAAAAAIAcOkakCLNVgNx6sxCZOrwpr+co5dqTsfHvzyiqjwrCXAAiLzHcWkgEDAAAgrFvO7Bt4n/hA19TmzkzmHJDRkKf4xPTd8L/27iQTwzwCAgEAAAEBAQABAQMAAAAAAQIAEDUH7yyKtIxSU/plOp+tqA+tiEJQwdcmmfxN3W6wxbIBNnxhHuE2sGv8TqZSyvDq0rTN93IwKwDUOW1fmmnYhkGXKcMEAAAAACCBbhqmRkhoztBebO4KxKRAdwdRKdDQafBmEFjSULzmgBA1B+8sirSMUlP6ZTqfragPrYhCUMHXJpn8Td1usMWy7wIAAAAAAACAlpgAAAAAAAA= \
      --signatures ALskhRl3VOea2xtku3+rRqOhAkHj+vBUUkXgl8hl73kYzqVdvbnBTFM/1k8jE7d6uaq9BuWUP9CJmy72pBL+1AWT5a1NeBxNOvDF96KyiveJ7afzY9L9GdrGlIwUCJLiDA==

The client will return the result of the transaction with a transaction Digest (hash), which you can look up on a Sui explorer:

alt

Depending on the --rpc provider your sui client is using, the client might timeout and return a Digest wrapped into a Failed to confirm tx status error:

alt

It's important to note that a client timeout does not necessarily mean the transaction has failed. Always check the Digest on a Sui explorer to verify the status of your transaction on-chain:

alt

After you’ve transferred all your tokens, you can send out your SUI coins.

Move the gas (SUI coins)

First, list all the SUI native coins in your vault using the following command (example):

sui client gas 0x103507ef2c8ab48c5253fa653a9fada80fad884250c1d72699fc4ddd6eb0c5b2

Then, for each of the coins you'd like to send, create a transfer transaction without signing or executing it, as shown in the following command (example):

sui client pay-all-sui \
      --input-coins 0x367c611ee136b06bfc4ea652caf0ead2b4cdf772302b00d4396d5f9a69d88641 0x5a94204e907b05824ebb9c150b2d39dd8f52cd2ed412b9b3496a72b210c3cdd3 0x7d6a4340a636cf3f47589e9f8500dac957e2b90501e6af4556fd4b30c38be75b \
      --recipient 0xac5bceec1b789ff840d7d4e6ce4ce61c90d190a7f8c4f4ddf0bff6ee2413c33c \
			--gas-budget 10000000 \
      --serialize-unsigned-transaction

This command will result in a base64 string, which is the BCS serialized representation of the transaction. You'll use it to sign the transaction before sending it.

Now, sign the transaction using this command (example):

./recovery-tool sui-sign \
      --private-hex 0973dfc5d554a08cc04bca048984ab32eb5a051ab8f7985c1dd8013525a83274 \
      --tx-bytes-base64 AAABACCsW87sG3if+EDX1ObOTOYckNGQp/jE9N3wv/buJBPDPAEBAQABAAAQNQfvLIq0jFJT+mU6n62oD62IQlDB1yaZ/E3dbrDFsgM2fGEe4Tawa/xOplLK8OrStM33cjArANQ5bV+aadiGQZcpwwQAAAAAIIFuGqZGSGjO0F5s7grEpEB3B1Ep0NBp8GYQWNJQvOaAWpQgTpB7BYJOu5wVCy053Y9SzS7UErmzSWpyshDDzdO/p1IGAAAAACCWNHAghV45EgxOnn9o+hXDEUNtBBz9iCg+X+HP0/t2hn1qQ0CmNs8/R1ien4UA2slX4rkFAeavRVb9SzDDi+dba1dTBgAAAAAg3QVMkAaGkENgmen8dhXPjtuSu1f5VqlsvXN6J5j2JUYQNQfvLIq0jFJT+mU6n62oD62IQlDB1yaZ/E3dbrDFsu8CAAAAAAAAgJaYAAAAAAAA

Options

  • private-hex: The private key that was recovered, in hex format.
  • tx-bytes-base64: The base64 representation of the transaction.

This command will return the base64 representation of the transaction's signature, that will be used to execute the transaction.

To execute the transaction, run the following command (example):

sui client execute-signed-tx \
      --tx-bytes AAABACCsW87sG3if+EDX1ObOTOYckNGQp/jE9N3wv/buJBPDPAEBAQABAAAQNQfvLIq0jFJT+mU6n62oD62IQlDB1yaZ/E3dbrDFsgM2fGEe4Tawa/xOplLK8OrStM33cjArANQ5bV+aadiGQZcpwwQAAAAAIIFuGqZGSGjO0F5s7grEpEB3B1Ep0NBp8GYQWNJQvOaAWpQgTpB7BYJOu5wVCy053Y9SzS7UErmzSWpyshDDzdO/p1IGAAAAACCWNHAghV45EgxOnn9o+hXDEUNtBBz9iCg+X+HP0/t2hn1qQ0CmNs8/R1ien4UA2slX4rkFAeavRVb9SzDDi+dba1dTBgAAAAAg3QVMkAaGkENgmen8dhXPjtuSu1f5VqlsvXN6J5j2JUYQNQfvLIq0jFJT+mU6n62oD62IQlDB1yaZ/E3dbrDFsu8CAAAAAAAAgJaYAAAAAAAA \
      --signatures ALskhRl3VOea2xtku3+rRqOhAkHj+vBUUkXgl8hl73kYzqVdvbnBTFM/1k8jE7d6uaq9BuWUP9CJmy72pBL+1AWT5a1NeBxNOvDF96KyiveJ7afzY9L9GdrGlIwUCJLiDA==
Previous page
Next page