No. Zengo’s 3FA recovery process requires 3 security factors you control, including your email, the Recovery File stored in the cloud of your choice, and your 3D FaceLock.
Should an attacker get access to your email or your cloud recovery file, they would not be able to recover and access your Zengo account because your 3D FaceLock would still be required. Since Zengo was established in 2018, not one account has been hacked or stolen.
As long as your wallet is backed-up you should have no issues accessing your assets.
However, Zengo is a self-custodial wallet, which means you are ultimately responsible for your assets. We try to make this as easy and foolproof as possible, and there are extra steps you can take to ensure redundancy if you ever need to recover your wallet.
You can lose your funds on Zengo if both of these things were to happen: 1) You lose your device and need to recover it and 2) You lose access to one or more of the 3 factors necessary to authenticate your wallet recovery.
To mitigate that, you are encouraged toadd a secondary email address, a secondary recovery kit using Google drive or Dropbox, and a secondary 3D FaceLock connected to your account. Learn more here.
No. As long as you have your email, Recovery File and 3D FaceLock, you will always be able to recover your account; You can also recover your account by moving from iPhone to Android by using Google Drive with your Zengo Recovery Kit.
However if someone gets physical access to your phone with Zengo on it and that same person has access to your device passcode, your Zengo account is at risk as well as all other apps on your phone (just as if someone has access to a hardware wallet’s PIN code). Zengo Pro customers with Theft Protection enabled are secure even from this risk – not even a hardware wallet can do this! It is therefore important you choose a strong device security PIN that is very hard to find to protect the access to your device. For added security, Zengo won’t even let you receive assets until your phone’s device lock is activated.
Zengo gives you additional security by allowing you to add a second trusted 3D FaceLock to recover your account. Should your face change meaningfully, you would be able to recover your account with the assistance of that person.
Note that minor changes like natural aging, a scar, or a light beard do not have any impact.
No. We have a guaranteed access solution so this never happens. Learn more here.
No, never.
Zengo is self-custodial and account recovery relies on 3 security factors. Zengo does not have access to your personal share (stored on your personal cloud) or email address, both of which are necessary to access your account.
No. The technology used is resistant to the most sophisticated spoofing attacks. Learn more here.
No. Zengo has been in operation since 2018. Not one account has been hacked or taken over since the company was founded.
Yes. We regularly perform formal and external security audits on our apps made by reputable firms. Our MPC cryptography is open-source, audited and peer-reviewed.
- AppSec audit: June 2019
- Kudelski audit: March 2019
- Kudelski audit: October 2019
- Scorpiones audit: February 2021
- Scorpiones audit: October 2022
- Certik Audit: May 2023
- ZengoWalletChallenge $500,000 Bounty: January 2024
All transactions in your Zengo wallet can only be initialized by you, and Zengo can never spend your funds or access the assets in your wallet.
Zengo’s MPC security system requires that any transaction you make be validated by Zengo’s servers before being broadcasted to the blockchain. This adds an additional layer of security for all Zengo users, and helps guarantee the integrity of your transactions, including hacks, fraud detection, and other types of risks. For example: Your built-in Web3 firewall – ClearSign – does not block transactions with blockchain apps that are marked as risky but only informs you clearly about the risks associated. You can always bypass this safety notification: Ultimately you are responsible for your assets and how you want to use them.
While in theory this secure architecture could be used to prevent certain transactions from being broadcasted, Zengo has never done so – ever since the company was founded.
No. Zengo has no access to any private information about you besides your email, and this email can be non-nominative should you choose.
As an optional part of your Recovery Kit you can choose to activate 3D FaceLock, which is an encrypted, biometric scan used to authenticate you (required for Zengo Pro’s advanced security features). While FaceTech’s system includes technical support features like audit trail images, they cannot access them and Zengo does not use them for normal operations, learn more here.
Zengo does not provide investment or trading services. Instead, we partner with vetted partners that offer these services. Each partner is clearly disclosed and you are invited to agree to their terms and conditions before using them. Although we spend a considerable amount of time selecting these partners for you, it is important you take the time to read and understand how they operate and their respective security models.
Yes. Just as our Zengo X Security Research Group is constantly contributing to bug bounty programs and responsible security disclosures, we look forward to working with the security community to make sure Zengo remains the most secure crypto wallet.
Learn more here.