The developers of Zengo Wallet have launched a challenge inviting hackers to breach a cryptocurrency wallet containing 10 BTC (approximately $440,000 at the time of writing).
? Announcing the #ZengoWalletChallenge:
Hack Zengo, win 10 #Bitcoin ($420,000+ USD)
This is the largest on-chain bounty ever by a self-custodial #crypto wallet!
15 Days. Begins January 9th. Up to $750 in #BTC awards for trying.
Come & get it.
Details (1/5) ⬇️ pic.twitter.com/UK91bGn5YR
— Zengo Wallet (@ZenGo) January 7, 2024
The contest will run for 15 days starting January 9, when the target account address will be revealed. Initially, the wallet will contain 1 BTC.
On January 14, Zengo will add 4 BTC (approximately $176,000) and disclose one of the “security factors” used for protection.
On January 21, the team will increase the prize pool by an additional 5 BTC (approximately $220,000). On the same day, a second “security factor” will be revealed. The wallet employs three levels of security in total.
Hackers will have until January 24 at 18:00 Kyiv time (19:00 MSK) to breach the address. The successful hacker will be allowed to keep the funds.
Zengo claims that their wallet “does not have a seed phrase vulnerability” and does not store key storage files. Users are not required to copy seed words during address creation.
According to the website, Zengo Wallet uses multi-party computation (MPC) technology for transaction signing. Instead of generating a private key, the wallet creates two separate “secret folders.” The first is stored on the user’s mobile device, the second in the MPC.
As an additional layer of protection, the wallet uses three-factor authentication.
In March 2023, Verichains experts reported a new vulnerability in wallets using the MPC protocol. According to their findings, a critical flaw exists in the threshold signature scheme, potentially allowing attackers to obtain the private key.
In November 2023, it was revealed that “Ethereum wallet drainers” had stolen $60 million in digital assets over six months.