TL;DR: We’re thrilled to announce a new era for Zengo’s brand as we undertake a comprehensive redesign to reflect our core values of self-custody that’s secure by default. Discover the new Zengo wallet! Crypto can be a dangerous place. That’s why Zengo was created. Now, we’re taking our security to the next level with a new design that matches our commitment to security. Our new design is sleek, modern, and easy to use. Most importantly, it does a better job surfacing the next-gen security features powering your Zengo wallet. This is an exciting milestone. From here on out, we’re proud to ..read more

TL;DR: Bitcoin fees recently surged due to increased activity in Ordinals-enabled projects. In this blog we will explain how Ordinals-based Bitcoin NFTs work, how they can be traded via PSBT, share our contribution to the community in the form of an open source implementation of Ordinals’ PSBT trade, and make some predictions on Bitcoin NFT security. Fungible and non-fungible tokens (NFTs) Investopedia defines Fungibility as “the ability of a good or asset to be interchanged with other individual goods or assets of the same type. Fungible assets simplify the exchange and trade processes, as ..read more

Who can you really trust? …is the critical question to be asked. This question applies to most fields of life and especially to crypto whose ethos is “Trust no one”.  Last week, a thought leader (and former CTO of Coinbase) pointed out that Apple and Google might represent a systemic risk to crypto. Apple and Google are systemic risks to crypto. If weaponized by the federal government, they could backdoor iPhone and Android to exfiltrate private keys. — Balaji (@balajis) May 19, 2023 In that very same week, Ledger’s users discovered that they need to trust the integrity of Ledger’s fi ..read more

On Tuesday, May 16th, 2023, The Internet discovered that Ledger’s latest firmware update contained a “recovery” feature that allows a Ledger Hardware Wallet to send a version of the user’s private key to selected 3rd parties over the Internet. While the exact technical details of this solution are still not officially disclosed, there are already quite a few lessons to be learned on the true nature of Hardware Firmware wallets and the importance of a secure recovery solution to replace the inadequate seed phrase based solution. We will share these insights below. Ledger just released a new ..read more

Tl;dr: The Ethereum network is scheduled to hit the Shapella Upgrade on Wednesday, April 12th, 2023. Shapella is a hard fork, which is another way to say an essential upgrade for Ethereum. It has also been long-awaited as it will unlock ETH that has been staked for a long time. Here are the 5 things you should know! #1 – Take NO action: As with most Ethereum network upgrades, you do not need to take any action, so there’s no need to be concerned about your ETH. While various parts of the Ethereum infrastructure will be making changes, there is no action needed for regular users of the Eth ..read more

Decentralized apps (Dapps) are the cornerstone of Web3, enabling it to revolutionize the financial system and help users own their digital assets and content. However, the almost unlimited capabilities introduced by Dapps have created a new attack surface: Malicious Dapps that steal user assets based on opaque transaction approvals offered to and approved by the users.  To answer this visibility gap, transaction simulation technology has recently emerged and is quickly making its way into mainstream adoption in Web3 wallets and security extensions.  As part of ZenGo wallet’s ongoin ..read more

Two massive innovations, MPC (Multi-Party Computation) and AA (Account Abstraction), have been on everyone’s minds lately. As a leading MPC wallet, not a day passes without people asking how these two technologies can impact crypto wallets. In this semi-technical post, we will clarify. Recently, the long awaited Ethereum standard for Account Abstraction ERC-4337 was finally deployed on mainnet!  At ZenGo wallet, we are constantly monitoring emerging trends and have been closely following AA for a while. Having recognized its potential, we got actively involved in some discussions with t ..read more

Crypto wallets have never been so hot, even the cold ones. ETH Denver made it very clear: crypto wallets will be *everywhere*. Half the conference sessions were about wallets and the proverbial “next billion users in web3”. There even was an entire side conference, only dedicated Wallets.  Lately, it really feels like everyone wants to become a wallet. But there is confusion: wallets take different shapes and forms and too often they are put in the same basket, hiding critical differences and properties. Today we want to analyze two essential categories: personal and embedded wallet ..read more

This is part 4/4 in our series on one of the most exploited issues in Web3: Offline signatures. In Part 1 we investigated how attackers abuse these issues with OpenSea, the largest NFT marketplace. In Part 2 we exposed new attack vectors that allow attackers to exploit offline signatures in novel ways, including the stealing of ERC-20 tokens. In Part 3 we shared our suggested solution published as an official Ethereum (EIP) standard draft: EIP-6384. Today, we share the first real-time dashboard to enable the community to monitor the phenomena of NFT hacking via offline signatures on the ..read more

Tl;dr: We are thrilled to announce that ZenGo was selected to receive a prestigious research grant from the Ethereum Foundation to conduct research on the security of Ethereum Transaction simulation. This grant will allow ZenGo to extend our security research on this topic (we’ve already uncovered some security vulnerabilities in multiple wallets) and share it in an open source format to benefit the entire community. What is Transaction Simulation? The introduction of Web3 smart contracts has opened unlimited opportunities for decentralized apps (Dapps) and users. With smart contracts, an ..read more