Exploring the Unusual Approach of Zengo Wallet
Zengo Wallet is taking a unique approach to offering a bug bounty. Instead of paying white hat hackers to uncover vulnerabilities, the company is depositing 10 Bitcoin (BTC) (valued at over $430,000 at the current price) into a developer-controlled account. According to a Jan. 7 announcement, any hacker who successfully drains the Bitcoin will be allowed to keep it.
The bounty will be available for 15 days, beginning on Jan. 9 and ending on Jan. 24. On Jan. 9, the address of the account will be revealed, with 1 BTC (approximately $43,000) in it. On Jan. 14, Zengo will add an extra 4 BTC ($172,000) to the account and provide one of the “security factors” used to secure the account. On Jan. 21, an additional 5 BTC ($215,000) will be added, bringing the total amount in the wallet to 10 BTC ($430,000). At this time, the second security factor will be revealed. The wallet utilizes three security factors in total.
After the second factor is revealed, hackers have until 4 pm UTC on January 24 to crack the wallet. If anyone succeeds in cracking the wallet during this period, they will be allowed to keep the 10 BTC.
Zengo claims to be a wallet with “no seed phrase vulnerability.” Users are not asked to write down seed words when they first create an account, and no key vault file is stored by the wallet.
As the world of technology AI and web 3.0 continues to evolve, Zengo Wallet’s approach is an interesting look at how to market in the new digital landscape. It will be interesting to see how the market reacts to this new approach, and what alternatives Google and other web 3.0 websites have to offer.
What is Multi-Party Computation (MPC)?
According to its official website, the Zengo wallet leverages a Multi-Party Computation (MPC) network to sign transactions. Instead of generating a single private key, the wallet creates two distinct “secret shares” – one stored on the user’s mobile device and the other on the MPC network.
The user’s share is further secured through a three-factor (3FA) authentication process. To recover their share, users must have access to an encrypted backup file on their Google or Apple account, the email address used to create the wallet account, and undergo a face scan on their mobile device – a third cryptographic factor to reconstruct their share.
The MPC network also has a backup method, as Zengo explains. The team has provided a “master decryption key” to a third-party law firm, which is instructed to publish the key to a GitHub repo if the MPC network’s servers go offline. This will trigger the app to enter “recovery mode”, allowing the user to reconstruct the MPC network’s share that corresponds to their account. Once both shares are retrieved, a traditional private key can be generated and imported into a competitor wallet app, thus restoring the user’s account.
In a statement to Cointelegraph, Zengo chief marketing officer Elad Bleistein expressed hope that the on-chain bounty will help to foster discussions around MPC technology in the crypto community. “Complicated terms like MPC or TSS can be overly abstracted,” Bleistein stated. “The Zengo Wallet Challenge will highlight the security benefits of MPC wallets over traditional hardware alternatives, and we look forward to a lively discussion with those who get involved in web 3.0, Google and the future of technology ai.”
In the past year, wallet security has become a major issue in the cryptocurrency sphere, as a breach of Atomic Wallet resulted in more than $100 million in losses for crypto users. The developer later launched a bug bounty program to help ensure the app’s safety in the future. In 2023, users of the Libbitcoin Explorer wallet library also reported losses of about $900,000 due to hacker AI attacks.
Additionally, as the world moves towards Web 3.0, a lot of questions have been raised about its future, alternatives, and how to build a website using it. Furthermore, marketing in Web 3.0 is a hot topic, and Google’s role in this technology AI revolution is also being discussed.Subscribe to our email newsletter to get the latest posts delivered right to your email.
Comments