Stay safe while using crypto

A crypto wallet should be, first and foremost, safe.​

But what does that really mean? At ZenGo we strive to build a very simple and secure solution to store and manage your digital assets, but it is important to truly understand the security mechanisms powering the solution you are going to use, including its limits. It is also critical to understand what you can do to protect yourself from human error and other risks. Indeed, even with ZenGo there are things you can do to improve your safety and increase security.

Below, we’ll cover the topics you need to understand to help you be better protected with ZenGo.

ZenGo security

Protect your device

Digital environment

Crypto best practices

Better than 2FA, ZenGo’s 3FA

The 3 security factors used by ZenGo

2FA is a security process that requires setting up a second authentication factor. ZenGo’s security model is, by design, 3FA (3 Factor Authentication). Here are the 3 factors that we use to keep you safe:

Your Email

Confirm when signing up with a magic link

Recovery File

Used to store a decryption code associated with your account in your personal cloud service

Your Face Scan

A securely encrypted mathematical representation of your face stored on our servers so that in case you delete the app or switch devices, you can still restore your account.*

By combining these 3 factors, as well as our cutting-edge, MPC-based cryptography, we’ve minimized the risk that comes with cryptocurrency storage. ZenGo’s Keyless security keeps you safe by eliminating a significant point of failure in crypto storage – the private key.

We also implemented a first of its kind guaranteed access solution – Chill Storage™,
which guarantees access to your funds even in extreme cases.

*The face scan is encrypted before reaching our servers.

Protecting the 3 factors of your ZenGo account

As long as you have access to all 3 factors mentioned above, you will have access to your account.

The level of safety can be reinforced depending on how you set up and protect each one of your 3 factors. Keeping the 3 factors safe is critical, since losing access to any of the factors means you will not be able to restore your account.

Here’s what you should do to make sure that your 3 factors are safe:

  1. Do not create your ZenGo account on a device that is not yours
    You should use ZenGo only on a device that is accessed and owned by you.
  2. Verify your recovery file
    Once set up, you can check the status of your recovery file anytime in your account. You can also verify that your face scan is valid, using the “Test My Face Scan” feature.
  3. Add an additional face scan
    Use a close family member or trusted friend’s face to restore your wallet by adding them to your recovery kit as a secondary backup face scan. Adding an additional face scan guarantees that your crypto is safe even if your face changes.
  4. Add a secondary email
    You can easily set up a secondary email that you can use to restore your wallet, in case you lose access to your primary one. Click on your current email in the account tab and simply press “Add Secondary Email”.
  5. Make a copy of your backup file with one tap
    Sync your ZenGo backup file into Dropbox, Google Drive, and iCloud Drive for extra security (tip: never manually move the file itself and only use ZenGo to do this)
  6. Enhance the security of your email and cloud accounts with 2FA
    To reinforce the security of the email and cloud accounts that you use with ZenGo, activate 2-factor authentication. Here’s how you can add 2FA in Gmail, Outlook, Yahoo. Here’s how you activate 2FA on Apple iCloud and Google Drive. We recommend not using SMS as your 2FA method (to prevent, for example, Sim-swap attacks). Instead, consider using verification code-based solutions (such as Authy).
  7. Create an offline copy of your Phone cloud data
    Have a password-protected copy of your Cloud stored locally to reduce the chance that your cloud account gets compromised. This will also help eliminate your reliance on Google and Apple. You can also choose to have an encrypted offline backup of your phone. This is how you create one with iPhone and on Android.
  8. Keep both ZenGo and your operating system up-to-date
    For the optimal user experience and increased safety, make sure you are using the most recent versions of both your mobile’s OS as well as ZenGo. Update your operating system and ZenGo by following this guide on iOS and this guide on Android.

If one of your security factors is compromised, here’s what you should do:

If you lost access to one of your security factors you will not be able to recover your account on any device. However if you still have the original device with your ZenGo account on it, you can add/update the missing security factor on it (email, recovery file, face scan) and then restore it easily. You may also send your funds from your old original phone to a new account.

Protect your device

If your device is stolen or lost, here’s what you should do:​

  1. Use Find My iPhone (iOS) or Find My Device (Android) and try to locate your device.
  2. If your device is lost, recover your ZenGo wallet from a new device using your same email and cloud service. We suggest moving your funds to a new ZenGo account as part of security best-practices.
  3. Once you have recovered ZenGo, remotely reset your former device. Here are guides for performing a remote reset on iOS and Android.

Protect your digital environment

Here’s how you can increase the safety of your device and more generally of your online setup. These tips are not exhaustive but should already give you an edge:

  1. Follow these iOS and Android safety guides
    These will help you protect your device according to the vendors’ instructions.
  2. Use a strong device passcode or biometrics
    Use biometrics (e.g., iOS Face ID) if your device supports it. If not, make sure your device passcode is hard to guess (avoid sequential numbers, birth dates, etc.). You can even set a custom alphanumeric code and custom numeric code. Here’s how you can set and change your passcode on iPhone and Android.
  3. Avoid public WIFI connections
    These connections can be used by attackers to monitor your device. Only connect to WIFI connections that you trust.
  4. Set up automatic phone backups
    Make sure your device is backed up so that even if something goes wrong, you can always restore to a recent version. Here’s how you can set up automatic backups on Apple and Android.

Crypto investing and DeFi risks

Cryptocurrencies and decentralized finance services (also known as “DeFi”) are innovative and cutting-edge products. But innovation always comes with risks, and it is important to act responsibly when dealing with volatile assets and new technologies. There is no such thing as perfect security or a guaranteed return on investment: always exercise caution and stay alert while managing and investing in crypto assets.

  1. Watch out for scams
    Be careful out there. Make sure you send funds only to services or persons with a verified reputation (verified by you). Be even more vigilant with unvetted people that you meet on social networks. Read our overview of recent scams for more information.

    Any site/app named after the “ZenGo” brand should be avoided, including: ZenGoTrades.com, ZenGoFX.com, and ZenGoInvest.com. Please be vigilant and avoid these services.

    Any email that does not come directly from the ZenGo domain @zengo.com should not be trusted. Do not engage. If you are unsure, reach out directly to our in-app live customer support.

    Only download ZenGo from the legitimate Google Play Store and iOS App Store.

  2. Crypto transactions are irreversible
    Once a transaction is confirmed by you, there is no turning back. ZenGo cannot reverse, modify or cancel a transaction that you have confirmed. Only you can confirm your transactions. 
  3. Verify your recipient wallet address
    Before confirming a transaction you can easily verify a wallet address on the confirmation page. Some malicious services may hijack your clipboard manager. It is always a good idea to verify an address before sending.
  4. Take extra care when executing large transactions
    If you’re sending any amount that you consider to be significant, we recommend sending a very small amount before sending the large transaction. Only send a larger amount after you have verified that the small amount has reached its destination.
  5. On Twitter
    Our handle is @ZenGo. If you ever get in touch with any other account that claims to be us, don’t reply and please let us know immediately.
  6. Our website is ZenGo.com
    Check the URL bar to verify. Only download ZenGo from the links in our website and watch out for potential malicious impersonators.
  7. ZenGo or any of its representatives will never contact you to send any funds.

These are some of the things that you should know or do to make your crypto journey safer. Improving your safety is an ongoing practice. Keep revisiting this page if you want to get the latest tips from us.

Updated: February 2022

Get ZenGo on your mobile device

Enter your phone number to receive a download link.

Or scan this QR code

Notify me when ZenGo is available for Android