Reddit Posts
Hack a Zengo Wallet, Win 10 Bitcoin. AMA!
Mentions
I'd just keep my mouth shut. I mean ya, don't lie or hide things from your wife but.... It's Bitcoin, not a house. If it comes up in conversation, sure tell her. If someday you decide to use it to pay for something... Worst Case Scenario "Hey honey do you want to go on a Trip to the moon?" "That sounds awesome, but how can we afford that" "Well, I bought some Bitcoin when I was younger, and kinda forgot about it, so we could use that" "How do you forget? Oh well, let me pack my moon shoes! TEE HEE HEE!" Best Case Scenario "Let's get divorced" "Bye!"
You did not understand the OP. Your mental model is too focused on a single private key. There are multiple ways to self-custody and sign a transaction. Zengo's 2/2 MPC approach is similar to a SSS (Shamir Secret Sharing) scheme in mental model. However with a SSS, you would originate one private key in one location, and then split it. We don't do that for a number of reasons. See here about key generation and vulnerabilities with doing it one time in one place: [https://zengo.com/how-keys-are-made/](https://zengo.com/how-keys-are-made/) Instead, using MPC we independently generate two secret shares: One on your mobile device, and one on the remote server. Only your share (the Personal Share) can initiate and sign transactions, which leverage your device hardware's secure enclave or TEE. Together, these 2 secret shares do what a traditional private key (in one location) would do. And, if these 2 shares were ever to "come together" they would create a singular private key. (Which we would only let happen if Zengo were to go out of business, to ensure you can always access your assets. See more about Guaranteed Access here: [https://www.reddit.com/r/CryptoCurrency/comments/190s3uc/comment/kgvlqew/?utm\_source=share&utm\_medium=web2x&context=3](https://www.reddit.com/r/CryptoCurrency/comments/190s3uc/comment/kgvlqew/?utm_source=share&utm_medium=web2x&context=3) Here's the details of our MPC white paper on our github if you want to see the details: https://github.com/ZenGo-X/gotham-city/blob/master/white-paper/white-paper.pdf
> If an attacker was able to somehow get access to the server (which is protected by a number of systems) they still wouldn't be able to spend funds I understand that. Security is about layers of protection and I'm just trying to have a solid understanding of the security that is offered. Based on what you're saying, it seems that access to your server will get you all of the server shares. That's only half the keys needed obviously, but it is the server half of all user's keys. > 2) The signing process, which initiates from the user's device, leverages the device hardware (secure element for iOS and/or TEE for Android). Move it somewhere else, and it won't work. Certik's recent Zengo Audit goes into some of this detail with diagrams you might find helpful. You can find it on zengo.com/security (under FAQ) or here: https://zengo.com/zengo-certik-audit-2023/ The devil is in the details here. WHY won't it work? My understanding is that the device key is just used to enroll and authenticate. Is it actually used to **encrypt** anything though? My main concern is the way you talk about the things that are **needed** to perform a transaction and that a transaction couldn't be performed at all without them. That would imply things like biometics are used to encrypt keys, and those keys can't be decrypted without the biometrics. Likewise for access to an e-mail address. Based on what I've read so far, I don't believe that's the case. Could an attacker with both the server share and someone's personal share combine the keys independently (outside of the app) to perform transactions? If not, why not?
Your point is understood and it actually highlights the robustness of this system. If an attacker was able to somehow get access to the server (which is protected by a number of systems) they still wouldn't be able to spend funds, because 1) Only the Personal Share (on the user's device) can initiate transactions, and, 2) The signing process, which initiates from the user's device, leverages the device hardware (secure element for iOS and/or TEE for Android). Move it somewhere else, and it won't work. Certik's recent Zengo Audit goes into some of this detail with diagrams you might find helpful. You can find it on [zengo.com/security](https://zengo.com/security) (under FAQ) or here: [https://zengo.com/zengo-certik-audit-2023/](https://zengo.com/zengo-certik-audit-2023/)
Great question. **The short version** is Zengo is secure by default. You don't need to do anything to enhance it's security (or much). Regular wallets are NOT secure by default. You have to do MANY things to make sure your hardware or software wallet does not get hacked/drained/stolen, etc. **Long version:** There are some circumstances where the tech/cryptography of a wallet itself is poor. For example: A wallet that does a poor job generating a random private key that is not in fact random: [https://zengo.com/how-keys-are-made/](https://zengo.com/how-keys-are-made/) But most of the time it is user error. Storage error or Web3 error. Let's discuss both and how Zengo is different. **Storage error:** Users make mistakes with their seed phrases on a daily basis. Even OGs, even advanced users. Seed phrases get lost, stolen, and phished. They get uploaded to the cloud. They get misplaced. Unfortunately a seed phrase is a single point of failure in this system, and it is not inherently tied to the user. How Zengo is different: **Storage:** Zengo has no seed phrase. Instead it uses a 2/2 MPC Secret Share system: One Personal Share is locked to your mobile device and leverages your device hardware's secure enclave / TEE. The second Remote Share is secured on the Zengo server and co-signs transactions originating from your device. (See the OP for more details). This means Zengo has no single point of failure. Even if a hacker got access to one of the secret shares, they cannot spend your funds because the other share is stored and secured in a very different way. That makes it not impossible but much more difficult to hack than a traditional seed phrase wallet. **Recovery:** Your Personal share is locked to you with your 3D FaceLock (private biometric verification scan). It is protected by a 600,000 bug bounty and is only 1 of 3 parts of your wallet recovery system. But what's beautiful is that this locks your assets to you. It locks your share to you. Web3: Users unfortunately make mistakes all of the time (every day) approving Web3 transactions they do not understand, and then getting their wallet drained. Zengo has a built-in Web3 Firewall actively monitoring for these attempted hacks and wallet drainers. Beyond that, any Web3 hack that attempts to steal your private key / seed phrase will fail - because Zengo has no centralized private key or seed phrase. But wait there's more. Because Zengo uses MPC and has 2 shares, it can employ advanced security logic - like Account Abstraction on steroids. We have already launched Zengo Pro with advanced security and self-custody features like Theft Protection and Legacy Transfer. And more are coming: [zengo.com/pro](https://zengo.com/pro) Hope this helps!
We have an entire system in place - Guaranteed Access - in case of this unlikely but worst-case scenario. Post is here: [https://www.reddit.com/r/CryptoCurrency/comments/190s3uc/comment/kgvlqew/?utm\_source=share&utm\_medium=web2x&context=3](https://www.reddit.com/r/CryptoCurrency/comments/190s3uc/comment/kgvlqew/?utm_source=share&utm_medium=web2x&context=3) No your key is not on your phone. Our system is multi-factor. One factor is on your mobile device (your Personal Share locked to your device that leverages your mobile device hardware / secure enclave / TEE) and the Remote Share on Zengo's Servers that co-sign your transaction. Even if a hacker was able to get access to your device, they cannot spend your funds because they do not have access to the second secret share.
It's a fair question. Every system is a matter of tradeoffs and you ultimately need to decide what is the tradeoff that best works for you. A traditional wallet with a seed phrase is least-decentralized. It has a single point of failure and if the seed phrase gets lost or stolen (which happens often unfortunately) it does not matter if it's a hardware or software wallet. Zengo sort of decentralizes the traditional seed phrase because we remove the single point of failure: Your Personal Share is on your device, tied into your device hardware (secure enclave or TEE) and the Remote share on the Zengo Server co-signs the transactions. We cannot spend your funds, move your funds, etc. Yes: You need to rely on Zengo's servers. That is the tradeoff. But depending on your current hardware or software wallet setup, you are also relying on that team: Even a hardware wallet is a firmware wallet ([https://zengo.com/firmware-wallets-sunlight-is-the-best-disinfectant/](https://zengo.com/firmware-wallets-sunlight-is-the-best-disinfectant/)) We also have a established Guaranteed Access system if Zengo were to close as a business. We wrote about it in-depth here: https://www.reddit.com/r/CryptoCurrency/comments/190s3uc/comment/kgvlqew/?utm\_source=share&utm\_medium=web2x&context=3
Our servers are hosted in a secure AWS setup used by best-in-class systems, fortune 500 companies, etc. They have been audited and include first-class safeguards we will not share here. We also have redundancy to ensure near-perfect uptime. (Alas nothing is perfect). Remember: Even if someone was able to get access to the server, they still cannot spend your wallet. Only your Personal Share, which is embedded in your mobile device and leverages your device hardware (secure enclave or TEE) can initiate a transaction. The Remote Share on the Zengo server is there to co-sign, but cannot initiate. Want to trust but verify? All of our cryptography is open-source: Check it out on our GitHub: www.zengo.com/research
We couldn't drain your wallet, even if we wanted to. As stated in the OP, only you can initiate transactions, using the Personal Share that is tied to your mobile device's most secure hardware (secure enclave in iOS, TEE or Trusted Execution Environment in Android). Don't believe us? See for yourself. All of our cryptography is open-source. We maintain the world's largest open-source MPC cryptography on our GitHub, here: https://github.com/ZenGo-X
Great question. This is something we've invested *significant resources* into. When we started building Zengo in 2018 this was one of the most important problems we wanted to solve before launching the wallet in a production environment. We created a system called Guaranteed Access using external parties to ensure that even if Zengo were to close, you would still be able to access your crypto. The 3rd party (EscrowTech) can help you recover your wallet, but **they cannot access your wallet or collude with others to access your wallet** (they maintain an decryption key for an encrypted share you already have in your possession). Here's the detailed process: Normal Operations: \- As you know, Zengo has no seed phrase or centralized private key. Instead your Zengo Wallet is comprised of a 2/2 MPC (multi-party computation) system. The Personal Share is generated on your device, leveraging your devices TRNG. Only your Personal share can initiate transactions, making use of your device's hardware (Secure Enclave or TEE). The Remote Share on the Zengo server then co-signs the transactions. \- Because there is no single point of failure, even if a hacker were able to get access to 1 of the 2 secret shares, they wouldn't be able to spend your funds: Each of the 2 shares are secured in different, orthogonal ways. This is why as we stated in the OP, no Zengo wallet has ever been drained, phished, or hacked. It's not that it's impossible (nothing is impossible) it's simply that it's an order of magnitude harder to do so. Guaranteed Access: Zengo's principle is to be secure by default. Therefore, Guaranteed Access will start running automatically after a certain threshold is crossed. Of course if Zengo were to close, we would commit to doing so transparently, over time, giving everyone ample time to move their assets. But we're prepared for the worst-case scenario as well. \- If Zengo were to close, and you were not able to have your Personal Share co-sign with your Remote Share on the Zengo server, what ultimately needs to happen is for these 2 shares to "come together" - essentially creating a normal standard private key on your device. And that's what Guaranteed Access does. Right now, your Zengo wallet has 2 shares: Your Personal Share (unencrypted and working, locked to your secure enclave / TEE) and an ***encrypted co******py*** ***of your Remote Share***. If Guaranteed Access were to activate, EscrowTech would release this Remote Share Decryption Key to GitHub, which would then push the decryption key of your encrypted remote share to your device, allowing your Zengo Wallet to decrypted the encrypted remote share on your device, and creating a single private key for the first time. You can then move your assets to another wallet. (The user experience would be seamless). The process is more detailed, as it includes a quarterly attestation we push to GitHub (which you can see here: [https://github.com/Zengo-Trustee](https://github.com/Zengo-Trustee)) which, confirms Zengo has enough funds to operate for at least another quarter. If we do not push this attestation with our Trustee, **Guaranteed Access will automatically activate**. (Again, focus is secure by default). We have a detailed Blogpost that explains Guaranteed Access step-by-step. Find it here: https://zengo.com/how-zengo-guarantees-access-to-customers-funds/
Hello ser, thank you for the kind words but you are incorrect. We are not a custodian of your funds. We couldn't access them, even if we wanted to. Could you share how you came under that impression? All of your funds are on-chain and under your full control. Instead of having a seed phrase, our 2/2 MPC secret shares mean that only you can initiate transactions (from your Personal Share that leverages your mobile device's Secure Enclave / TEE) which is then co-signed by your Remote Share on the Zengo server. Because there is no single point of failure, (no seed phrase) it is much more difficult to hack or steal your assets. We do not do KYC. If you buy crypto through one of our purchasing partners you will do KYC through them - but not with us.
Time to read up on the current state of ZK, TEE-boy. Thank me later
ZK isnt going to do 10% of the things you want it to. Doesn't matter how great your zk chain is, the zk projects that will make it are VC heavy. Want to make it in confidentiality tech? Buy TEE projects. Thank me later
Monero, Zcash, Aztec are all good projects which focuses on the transactional privacy in DeFi. They all uses ZK technology to provide anonymous wallets for DeFi. If you are looking for a fully on-chain privacy. I will suggest you check out SECRET. Secret provide privacy as a service by brings a more generalized approach to privacy, such as private on chain metadata for NFTs, private DAO voting, sealed bid auctions, as well as DeFi products like what Shade is providing. The major difference is that there are different trade offs in utility and trust assumptions between ZK and TEE technology stacks. I would say they compliment each other and do not compete. I will say multifaceted approach is the best approach for full on-chain privacy
It's a similar mental model to multi-sig but a different type of cryptography, one that requires no seed phrase (which is a single point of failure). All assets are on-chain. Instead of multiple seed phrases in different wallets, it's a branch of cryptography called MPC (multi-party computation) using TSS (Threshold Signature Schemes): [https://zengo.com/mpc-wallet/](https://zengo.com/mpc-wallet/) A Zengo wallet is a 2-of-2 secret share system. When you generate your Zengo wallet, two secret shares are generated independently in two locations: The Personal Share is the primary share, generated by your mobile device, leveraging your Secure Enclave / TEE. The Remote Share is generated on the Zengo Server and cryptographically tied to your Personal Share. This prevents any possibility of a MITM (man in the middle attack). It also means you are generating your key (or in our case, each part of your key) in two different ways, so if there's any chance one part is not randomly generating enough, the other part compensates (we've seen other wallets randomly generate poorly, resulting in hacks and wallets drained - recent article here: [https://zengo.com/how-keys-are-made/](https://zengo.com/how-keys-are-made/)) By the way, Zengo has the world's largest open-source MPC cryptographic library in our GitHub. See it here: [https://zengo.com/research](https://zengo.com/research) A fair question we get is: If Zengo closes, how will the remote share co-sign transactions? We created a Guaranteed Recovery System in that specific situation. Blogpost is below, but the tl;dr is if the system activates (in the very unlikely scenario): It would allow the two secret shares to come together on your device, giving you a normal private key which you could then use to transfer your assets to another wallet. It relies on third parties like GitHub (again removing Zengo from the equation in that extremely unlikely scenario), but we wanted to be as conservative as possible. [https://zengo.com/how-zengo-guarantees-access-to-customers-funds/](https://zengo.com/how-zengo-guarantees-access-to-customers-funds/) Only you can initiate, sign, or approve transactions; the Remote share is mainly there for security purposes, as there is no single point of failure, making the system much more difficult to hack (as of now since 2018, over 1 million users, 0 wallets hacked, drained, or phished). But even better, MPC is chain agnostic, so we can support Bitcoin, EVM chains like ethereum, polygon, etc, Dogecoin, Tezos and more all in the same wallet. We can also use MPC to create smart security logic to further protect your assets (like our built-in Web3 Firewall, Theft Protection, and Legacy Transfer...) Let us know if you have other questions.
No, The only possible way I can think of is if every node runs inside a TEE. But TEE afaik, have no storage and limited memory.
Good thread, will sadly go over the head of some people that think anything with privacy is about transacting with coins, and miss the forest for the trees. The reason why privacy matters is large in your first point which is to comply with regulation. Web2 and traditional institutions are vary of entering web3 cause of the public nature of blockchain, but ZKP is too binary (and gets too heavy in certain cases, cause it requires additional layers of proof) where as a TEE is far better for customisible privacy and can allow more complex smart contracts to be built, and thus cater to the need for web2. Sadly though we're still in the "muh monero" slash "but tornado cash went down!" phase here. It's not about sending tokens folks, try to get this and if you do, you'll start to see why solving the challenges of blockchain matters in creating more fair world for everyone. Anyway, that little rant aside (cause I always think reddit keeps missing the boat compared to /biz/ due their hubris and lack of understanding the tech and what drives a need for it) there are certain protocols that are getting quite a lot of hype on this. Personally I'm on the TEE boat, and as Chainlink have shown many times, it "just works™" and thus that employ TEEs as well, such as the Oasis Network can offer configurable privacy for web3 that solves these issues without the big bad government coming down with the hammer. If I also understand ephemeral keys right, it can allow certain data to be hidden after X amounts of blocks, which against meets privacy laws.
Isn't this sound like a bad business? I think I prefer privacy projects that utilize TEE such as Oasis and Secret to utilize the privacy tech in a great way.