A permissioned agent handles both. A security-token standard lets an authorized agent force a transfer or freeze on a legal event, and recover a lost wallet by reissuing the balance to a verified new address. The off-chain registrar stays authoritative.
This is the question that separates a security token from a payment token. A bearer crypto asset is final and irreversible by design — lose the key, lose the asset; steal it, keep it. A regulated security cannot work that way. A court can order a transfer, an estate has to inherit, a sanctioned holder has to be frozen, and an investor who loses a device still owns their shares. So a compliant security token is built around a permissioned agent role that can act on the holder’s balance under defined conditions.
Why an agent role exists at all
The legal owner of record is not the wallet. It is the entry in the issuer’s register — maintained by the issuer, a transfer agent, or a fund administrator. The token is the on-chain reflection of that register, not a replacement for it. Because the register is authoritative, the on-chain instrument has to be able to be corrected to match a lawful change in the register. That correction ability is the agent role.
Two mainstream standards make this explicit:
- ERC-3643 (the T-REX standard, authored by Tokeny) defines an agent with
forcedTransfer,freeze/freezePartialTokens,pause, and arecoveryAddressflow that moves a frozen balance from a lost wallet to a new verified one. - ERC-7943 (the uRWA standard, which Stobox backs) defines a minimal
forceTransferand a freeze interface as part of a universal RWA surface, so any compliant asset exposes the same enforcement hooks regardless of the chain.
The point is not that these powers are unusual — it is that a real security token has to expose them and fence them behind authorization and an audit trail.
Forced transfers — the mechanics
A forced (or “involuntary”) transfer moves tokens without the current holder signing. It exists for lawful events: a court order, an inheritance, a regulator’s freeze, an error correction, or a redemption. In a standard like ERC-3643 the flow is: the issuer (or its transfer agent) holds the agent role → a defined off-chain event is documented → the agent calls forcedTransfer → the on-chain balance now matches the register.
The three things that make this compliant rather than a backdoor:
- Authorization is narrow. Only the agent role can do it, the role is held by the issuer or its regulated transfer agent, and ideally it sits behind a multi-signature or governance control — not one person’s hot wallet.
- It is logged. Every forced action is an on-chain event, so the register, the auditor, and the regulator can reconcile what happened and why.
- The trigger is off-chain and documented. The smart contract is the instrument of a legal decision; it is not the decision. That distinction is what keeps it from being arbitrary seizure.
Lost keys — recovery without breaking custody
A lost or compromised key is the same problem in a friendlier costume. The investor still owns the security; they have simply lost access to the wallet that holds its on-chain representation. Recovery is a forced transfer with a specific trigger:
- The holder proves identity to the issuer or transfer agent — the same KYC that let them in originally.
- The agent freezes the old balance so a thief who has the key cannot move it during the process.
- The agent reissues (or force-transfers) the balance to a new, verified wallet.
Because eligibility is enforced at the transfer layer, the new wallet must itself be whitelisted before it can hold the token — so recovery can never route a security to an ineligible or unknown address. This is why non-custodial does not have to mean “one lost key and the investor is wiped out”: the investor holds their own keys day to day, but the issuer retains a compliant, logged path to make them whole. Some issuers add social-recovery or smart-account wallets on top; that is a UX layer above the same agent-role backstop, not a replacement for it.
Where Stobox and STV3 sit — honestly
Stobox’s approach follows the standards above rather than inventing a private mechanism. Its STV3 protocol is an ERC-20 built on the Diamond Standard (EIP-2535), whose modular facets are designed so compliance and validation logic can be added as a dedicated facet. In the public STV3 repository today, transfer-restriction and forced-transfer enforcement are a prepared architectural hook, not a shipped feature — the Diamond design exists precisely so an ERC-3643/ERC-7943-style compliance and recovery facet can be attached without redeploying the token. Where an issuer needs these controls live now, they are implemented at the compliance layer of the issuance, with the issuer or its transfer agent holding the agent role. We would rather state that plainly than overclaim what the base protocol ships.
What this means for your structure
Do not treat “forced transfer” and “key recovery” as edge cases to bolt on later — they are core requirements of any security you put on-chain, and they decide who you trust with the agent role. Before you issue: decide who holds the enforcement powers (issuer, transfer agent, or a governance multisig), demand that every privileged action is logged on-chain, confirm recovery re-whitelists the destination so it can never leak to an ineligible wallet, and get counsel to define the documented off-chain triggers that authorize the agent to act. A token that cannot do these things is not ready to represent a regulated security; a token where one hot wallet can do them silently is not ready either.
Gene Deyev’s take

People come to security tokens from crypto and assume “not your keys, not your coins” is a virtue here. It is a liability. A security has to survive a court order, a death, a stolen phone, and a sanctions list — and a token that cannot be frozen or reissued under proper authority is not a security token, it is a bearer instrument pretending to be one. The engineering question is never “can we override the holder” — of course the standard lets you. It is “who is allowed to, on what documented trigger, and can everyone see it happened afterward.” Get those three right and forced transfer stops being scary and becomes what it actually is: the investor protection that lets a regulated asset live on a public chain at all.
— Gene Deyev, CEO & Co-Founder, Stobox. Co-author of the Stobox Tokenization Framework and the STV3 protocol; ERC-7943 backer; SEC Crypto Task Force roundtable participant (2025).
Related questions
- What is the STV3 protocol?
- ERC-3643 vs STV3 transfer-restriction models
- The ERC-7943 (uRWA) standard
- On-chain KYC without doxxing investors
Last updated: 2026-07-12.