Hack a Zengo Wallet, Win 10 Bitcoin. AMA!

We’re moving 10 Bitcoin (± $420,000 USD) and a Pudgy Penguin (± $25,000 USD) into a regular Zengo wallet and inviting you to try and steal it. We’re so confident in the robustness of our security model, we’re even sharing some of the 3 wallet recovery factors connected to this wallet.

We built Zengo in 2018 to fix the biggest problem with self-custody: Seed phrases. Zengo is not a hot wallet. Zengo is not a cold wallet. Zengo is a multi-factor MPC wallet: No seed phrase, no single point of failure.

Since 2018, we have over 1,000,000 users and a spotless security record:

  • 0 wallets hacked
  • 0 wallets taken over
  • 0 wallets drained
  • 0 wallets phished

We recognize that seed phrase maxis will not be interested in Zengo – but believe that the 99% will.

So no seed phrase: How does Zengo work?

  1. Using a 2-of-2 Multi-Party Computation (MPC) framework, each of the two Zengo parties (Zengo app on the user device and Zengo server) independently generate their own “Secret Share” during the wallet creation process. The secret shares are cryptographically locked to prevent MITM attacks.
  2. The share randomly generated on the user’s device is called the Personal Share and leverages the device’s hardware-based random number generator (TRNG). Only the Personal share can initialize and sign transactions, all of which are verified by the device’s hardware (Secure Enclave or TEE/Trusted Execution Environment).
  3. The share randomly generated on Zengo’s remote server is called the Remote Share and is used to co-sign transactions emerging from the Personal Share.
  4. Using MPC, these two Secret Shares are able to compute their corresponding public key securely.

Even if a hacker gains access to one of the two secret shares, it is still useless to them as they cannot spend user funds.

Lose your phone? The 3-factor wallet recovery process is biometrically locked to the user. More info here.

The Challenge: Hack a Zengo Wallet, Win 10 Bitcoin (±$420,000)

This Tuesday (January 9, 2024) we are putting our money where our mouth is. Yes: We argue that Zengo is more secure than a traditional single-factor hardware wallet.


Here’s what we’re doing:

Over the course of 15 days we will be adding up to 10 Bitcoin inside a Zengo wallet, inviting anyone to try and hack it.

We will also start sharing some of the security factors that protect the wallet.

Follow along on this page with updated information regarding the challenge: https://zengo.com/zengo-wallet-bitcoin-challenge

We are also awarding up to $750 in Bitcoin for those who create high-quality content as they try and hack the wallet, or learn about our model (terms apply, see blog for all details).

We believe that MPC wallets like Zengo will help securely self-custody millions who are stressed about seed phrases – or those who don’t even self-custody today because it’s too hard to do it correctly.

MPC is like AA on steroids, and can protect more than just EVM chains, like Bitcoin. We’ve already launched advanced features like Theft Protection which lock on-chain approvals to your Biometrics – and you can bet we’re activating it for this challenge!

Happy to answer questions about our approach to MPC, the #ZengoWalletChallenge, advanced features MPC enables (like theft protection, our on-chain no-kyc asset inheritance-style feature, or anything else).

AMA with the Zengo team will go from 10AM EST -12PM EST on Monday, Jan 8th. Until then feel free to start posting questions 🫡


50 thoughts on “Hack a Zengo Wallet, Win 10 Bitcoin. AMA!”

  1. Ping for verified users associated with Zengo: /u/ZenGoOfficial

    I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

  2. Zengo has burned 1,300 Moons to host this AMA!

    Link to the daily general discussion

  3. Thank you for hosting this AMA!

    I can see how this would be beneficial to less tech savvy entrants and those who do not wish to purchase a hardware wallet. I do have a few questions:

    • Is a secret share the same as a traditional private key?

    • Is there a means to recreate the remote share on Zengo’s servers?

    • If Zengo was aware of stolen funds in a wallet would that impact your ability to sign using the remote share?

  4. I so wish I was smart enough to even know where to start 😂 ,but I’m sure with such a prize you guys have come up with a pretty tight wallet and such a task wouldn’t be easy even for those that have knowledge in this aspect .

    Best of luck to those who try .

  5. going to get ritch soon mate. im puting my thousands of mining rigs to crack it.

  6. Well this is an appetising offer lol and finally something different!

    No questions for now but you got some cool marketing for sure!

  7. Looks very cool! Do you plan on upgrading the zengo in the future if that’s needed? What if someone works on auditing this challenge but doesn’t find a vulnerable thing to disclose and used allot of there time? (Iam a web3 auditor btw)

  8. I’ll just let my PC run for the next 735492 trillion years until the seed is brute-forced

    Then I’ll be rich!

  9. Can anyone here confirm they actually use this wallet? Seems pretty cool im interested but its too scary trying new wallets that I’ve never heard of before

  10. Ive never heard of this wallet. There is a claim of having 1,000,000 users. Who here has used this wallet and what has your experience been like?

  11. Nice marketing, but I will not trust it to a centralized entity. No matter if I get to keep half of my keys.

  12. How did you guys relate to Alcoholics Anonymous on steroids to your wallet?

  13. “Zengo is secure by default, powered by the type of MPC cryptography that’s was only available to institutions until we launched in 2018.”

    Strong security. Not so strong copy editor.

  14. I am a shitty person with shitty Job with zero skills, hope someone hacks your wallet and gives me some charity.

  15. Where do you guys recommend I start for this? Like what things should I start learning about to even try and attempt this challenge?

  16. Cool, good way to do some advertising.

    I’m curious – does your wallet do anything better, or different, than other wallets in terms of the end user making mistakes? Usually, when people get “hacked”, they aren’t really getting hacked. They typically will have signed some random smart contract or linked their wallet to some shady site that ends up giving access to a bad actor third party who then drains their funds.

    I’m assuming the Zengo wallet doesn’t really offer any extra enhanced protection in cases like that?

  17. Where is the Zengo server located? How is it secured? Is there human beings guarding it? If so, is it a third party security company or are they Zengo employees?

  18. Very bullish on MPC and AA wallets! Do you guys have any plans to implement deeper social features that some of the major wallets are quickly adopting? ie showing friends and recommendations based off users onchain data? Or wallet to wallet messaging?

  19. Issues with Zengo:

    • They have half your key. What happens if they go out of business? What happens if their server is down? You’re out of luck because they have half your key!
      • 2-of-3 is better.
    • Your key is on your phone. How incredibly stupid. In Colombia they drug you and then use your fingerprint to open your phone. They will then use your finger to open your Zingo Wallet and drain all your Zergobux.
    • Proprietary junk. Does it work with other apps? If not, move along! Steer clear of proprietary crap!
    • Hot wallets are for fools looking to be parted from their crypto.
  20. Can we see the code? Open source would make many of us feel better about the wallet.

  21. Just send me the 10 BTC and I promise you that I’m not going to give you the evil eye /s

  22. “Spotless security record” is a bit of a claim. Just because the wallet hasn’t been cracked doesn’t mean you don’t have security weaknesses in parts of the process or other systems you control. I can guarantee if you’ve had penetration tests done on anything, you haven’t had a single empty report. Nothing is ever 100% safe so making this claim doesn’t ensile confidence, just naivety.

    Other than that, looks like a cool concept and I hope some interested security researchers take a look!

  23. Is that anything more than a 2/2 multisig for which you store one of the keys ? If so, it’s neither innovative nor something anyone should want.

  24. Anyone trusting a company / a wallet that is doing advertisement posts on Reddit is out of their damn mind. You deserve to get scammed.

  25. Mods can you take this post down? It’s literally a scam. Op isn’t answering any questions it’s just a bot giving auto responses, and only saying “I’ll talk more tomorrow”. No you will talk today and give us answers NOW. Why should we wait for tomorrow?

  26. Seed phrases are not private keys. They are a way of recovering a private key in the event of a disaster.

    Since the advertising says that they don’t use seed phrases the private key must be directly stored on the device WITH NO ABILITY TO RECOVER IT IN A DISASTER.

    I think this is the bigger problem.

  27. If they are around since 2018, why would no one hear about it till now? More so, how is it that their tech hasn’t gotten any traction over the years despite people getting drained on Metamask/trust wallet or similar other wallets?

  28. Discovered zengo with this post. Looks like you are a free wallet app. How do you guys make money?

  29. Overly confident brand saying they are unhackable

    I’ll be back on the first day to announce they have been hacked, and then send a screenshot of my wallet or whichever one of y’all manage to do it. GOOD LUCK FOLKS

Comments are closed.