All Collections
Security
How Zengo Security Model Works
How Zengo Security Model Works
Ouriel Ohayon avatar
Written by Ouriel Ohayon
Updated over a week ago

Security is the fundamental building block of any crypto wallet. As pioneers of a new approach to security, we want to share how we designed our industry-leading system. 

Using secure MPC and threshold signatures, we’ve replaced the traditional private key with two independently created mathematical secret shares. One share is stored on your mobile device, and the other is on the Zengo server. Those shares are never exposed to each other at no time. With no single point of failure, even if something happens to one of the shares, your assets are always safe. 

Unlike with exchanges (like FTX or Blockfi), only you can initiate and make a transaction in crypto. Zengo cannot access your funds. To send funds, you initiate a process in which the server and device shares communicate to sign the transaction without ever revealing their secrets to each other. 

Backing up your wallet is just as simple. An encrypted copy of your device secret share is stored on the Zengo server (which we cannot use), and the decryption code is stored separately in your personal cloud account (eg, iCloud/ google drive / dropbox). Only with your biometric face scan can you access the encrypted share.  

It only takes a few seconds to recover your wallet if you delete the app, lose your phone, or want to use Zengo on a new device. Just scan your face, and the encrypted device share is then decrypted on your device. 

Our keyless security model removes the single point of failure of traditional cryptocurrency management solutions and frees you from ever having to worry about private keys again. And we also made sure it was easier to use than any other option.

You can read more about our security model here.

Can I lose my account if I lose my phone?

No.

As long as you have your email and cloud and pass the selfie biometrics (if signed up before May 23rd, 2024), you can always recover your account on the same or different phone. You can also recover your account by moving from iPhone to Android by using Google Drive with your Zengo recovery kit.

Can Zengo access and use my funds?

No, never.

Zengo is self-custodial and requires 3 security factors to access an account that Zengo does not have. Zengo cannot access the device secret share on your mobile phone, which would be necessary to access your account.

Can I lose access to my Zengo account if my face changes?

Zengo gives you additional security by allowing you to add a second trusted selfie to recover your account. Should your face change meaningfully, you would be able to recover your account with the assistance of that person.

You can always test your current selfie biometrics, and minor changes like natural aging, a scar, or a light beard do not have any impact.

Can Zengo selfie biometrics be cracked with a picture or even a 3D mask?

No. The technology used is resistant to the most sophisticated spoofing attacks. More on this here

Can an identical twin access my Zengo account?

The short answer is no.

In general, it is not recommended to use biometrics if you have an identical twin.

Both Apple and Google do not recommend using it and recommend using PIN codes instead.

Zengo 3D-Facelock has protection against twin detection that is superior to most systems (read here). Even in the case, an identical twin could pass 3D Facelock verification, alone it would not allow accessing your account. Indeed they would also need access to your email and your recovery kit file.

Note, however, that if your identical twin also had access to your email and recovery file, a moderate risk could exist.

Was Zengo ever hacked?

No. We have operated successfully and without hacks since 2018.

Was Zengo security audited?

Yes. We regularly perform formal and external security audits on our apps made by reputable firms. Our MPC cryptography is open-source, audited and peer-reviewed

Is MPC cryptography genuinely secure?

MPC (or multi-party computation) is a reputable field of cryptography that is used by the largest institutions like banks to protect and secure very large amounts of funds. It is considered secure because, unlike public/private key cryptography, it operates without a single systemic point of failure and has been battle-tested for years.

That said, like every security field, there are certain risks associated with MPC. This is why our cryptography is open-source, audited and peer-reviewed

Can I lose my crypto if Zengo stops operating?

No. Zengo offers a guaranteed access service performed by independent companies should that be needed.

If I lose access to my email or cloud service, can I recover my account on a new phone?

Zengo offers the option to add a secondary email and secondary cloud so that you never lose access to your account if your primary email or cloud is lost. If you still have access to an old device with Zengo on it, you can always easily add a secondary email or cloud backup.

Could Apple or Google theoretically cease my funds on my Zengo account?

Apple and Google cannot access your funds even if they somehow had full access to your recovery kit file stored on iCloud or Google Drive and proceed under legal request, for example. Unlike traditional seed phrases, the recovery file stored on iCloud, Google Drive, and Dropbox is useless in itself as it is only one of the elements required to recover your account and make transactions. To access your funds, you always need your recovery kit and all the security factors of your account, one of which is not stored on Apple or Google servers but on Zengo.

Are there any risks in using Zengo?

Zengo has one of the most robust security systems in the industry and has never been hacked since 2018,

However, any app or wallet security systems always have certain limits and risks, and it is important to understand them before using them.

We want to state some of those in plain English.

  1. Zengo allows you to always recover your account even if you lose or break your phone. However, you will not be able to recover your account if you miss one of the 3 original security parameters of your Zengo account: your email, your cloud recovery kit, and successful selfie biometrics. Zengo provides an option to add a secondary option for all 3 parameters (a secondary email, a secondary cloud recovery kit, and a secondary trusted selfie ).

  2. If you send crypto to the wrong address or a scammer, you will not be able to cancel or reverse that transaction.

  3. You can permanently delete your Zengo account should you choose to from within the app. If you delete your Zengo account, all your records will be permanently deleted, and your account will be inaccessible, including the wallet addresses and funds and any future transactions associated with it. If later, you decide to create another account with the same email, a brand new account, and address will be provided, and former records will not be accessible.

  4. Zengo has a built-in web3 firewall to inform you and protect your interactions with blockchain apps and avoid potential wallet drainers and scams. Scammers always come up with new ways to mislead users, and it is always recommended to verify the legitimacy of the apps you are using.

  5. Zengo, the company, could one day stop operating and be unable to co-sign transactions, but this risk is mitigated by our guaranteed access service operated by independent parties allowing you to access and spend your crypto even without Zengo. More here

  6. Zengo uses open-source MPC cryptography to provide a secure wallet that does not rely on a single point of failure like a private key. While the code is open-source, peer-reviewed, and regularly audited, specific vulnerabilities could remain.

  7. Zengo is a mobile app present in the Apple and Google app store. Those platforms could decide to ban certain apps as they did in the past in other categories. However, even without being distributed in an app store, the Zengo app installed on your phone should still work so that you can access your funds.

Did this answer your question?