The creator of Zengo Wallet is approaching the bug bounty program in an uncommon way.Rather than providing compensation to white hat hackers for finding vulnerabilities, the corporation is depositing 10 Bitcoin, which is currently valued at over $430,000, into an account that is under the authority of developers.An announcement from January 7th states that any hacker who is successful in depleting Bitcoin would be able to retain it.
Starting on January 9 and running until the morning of January 24, the bounty will be awarded over a 15-day period.1 BTC, or roughly $43,000, will be in the account when its address is made public on January 9.One of the “security factors” that keep the account secure will be added by Zengo on January 14th, along with an additional 4 BTC ($172,000).Ten BTC ($430,000) will be retained in the wallet when the team adds an additional 5 BTC ($215,000) on January 21.Right now, they will also disclose a second security feature.Total security factors used by the wallet are three.Cybercriminals will have until January 24 at 4 PM UTC to discover the second component.
According to Zengo, there is “no seed phrase vulnerability” in its wallet.The wallet does not keep a key vault file, nor does it prompt users to copy down seed words when they initially register an account.The wallet signs transactions using a multi-party computation (MPC) network, according to its official website.Rather of producing a private key, the wallet generates two distinct “secret shares.”First, the user’s mobile device stores the share, and then the MPC network stores the second share.
Through the use of three-factor (3FA) authentication, the user’s share is better protected.They need to have the email address they used to open the wallet account and access to an encrypted backup file on their Google or Apple account in order to get their portion.To reconstruct their share, they also need to perform a facial scan on their mobile device, which adds a third cryptographic component.
Zengo claims there is a backup plan in place for the MPC network’s share.The group says it gave a different law firm the “master decryption key.”This law firm has been directed to post the decryption key to a GitHub repository in the event that the MPC network’s servers fall offline.Should the key be made public, the application will immediately go into “recovery mode,” enabling the user to reconstruct the portion of the MPC network that is associated with their account.When a user obtains both shares, they can restore their account by creating a conventional private key and importing it into a rival wallet application.
The chief marketing officer of Zengo, Elad Bleistein, expressed optimism in a statement to Cointelegraph that the on-chain prize will encourage conversations within the cryptocurrency community about MPC technology.It is possible to overly abstract complex terminology like MPC or TSS, according to Bleistein.“The Zengo Wallet Challenge will highlight the security benefits of MPC wallets over traditional hardware alternatives, and we look forward to a lively discussion with those who get involved.”
Since an attack on Atomic Wallet resulted in losses for cryptocurrency users exceeding $100 million, wallet security has gained more attention in the industry.Later, to aid in securing the app’s security going forward, the developer established a bug bounty program.Additionally, users of the Libbitcoin Explorer wallet library claimed losses from hacks in 2023 totaling $900,000.