Introducing Legacy Transfer: The secure inheritance-style solution. Learn More

It is not a good idea to use iCloud to back up your crypto wallet. Right? 

Well, not exactly. For most wallets – especially ones with private keys or a seed phrase – that is indeed correct.

But that is not the case with Zengo!

Following the recent wallet hacks on the internet (see here and here), we were asked to explain how we felt about it and thought it was a good idea to set the record straight, stop the rumors and explain in clear terms what we are doing and what we are not doing.

By the time you finish reading this, I guarantee you will think differently of wallets, clouds, and backups.

Bonus: We will give you a chance to win the easiest $100 you have ever earned to prove it!

updated: someone already stole the funds from the hardware wallet seed. Zengo remains untouched

Cloud backups are not fit for traditional wallets

Cloud security and crypto wallets are not best friends. Non-custodial wallets are particularly complicated creatures: Each wallet contains a single secret (called the private key or seed phrase) which has to be dearly protected. You’ve surely heard the same narrative, again and again:

“Do not use a software wallet with a cloud backup system.”

“You need to have a hardware wallet to be secure.”

This is the narrative the world has adopted and that is repeated by most wallet operators, followed and amplified by the media who usually stop at the surface.

But that is far from true: The weakness is not the wallet system itself, but rather the cryptography primitives and actual authentication mechanics embraced by the wallet provider.

This is where Zengo is different: Zengo was the first crypto wallet to use cloud backup to create a simple and secure way to restore your account. Since then, we have seen a number of wallets following our path. However, they all have one critical difference, which draws the line between what is safe and what is not: Unlike all other crypto wallets, Zengo does not generate or backup a private key! Instead, this backup is only 1 of 3 factors we use to authenticate you with certainty – we like to call it 3-Factor Authentication (3FA) 😎

Let’s zoom in.

The core problem: A single secret key is a massive vulnerability

Let’s start with one thing: Metamask is right when they say it is a bad idea to use wallets like Metamask with iCloud backup. You should never backup a private key-based wallet like Metamask on iCloud or any cloud and even on any software. This is also true for hardware wallets.

The reason is simple: Private key-based wallets depend on only one “secret” to access your wallet and your funds. The moment someone finds that secret it is pretty much game over (proof below). Even if your wallet is password protected, pin protected, or hardware protected.

If that secret key is backed up in the cloud (or any solution that has weak security) then you have a problem. Let me ask you a question: Do you feel particularly safe after having written your 24 word seed phrase back up on a piece of paper? I doubt it. Where you are going to store it is the critical security decision.

So if someone finds your private key in iCloud or any cloud, even if your wallet is a cold wallet, your funds will be gone. 

And it does not have to be someone else. If you, by mistake delete your own only backup then you put yourself in deep trouble. 

MPC wallets (like Zengo) and Multi-signature wallets do not have that structural problem: they do not rely on this critical single secret that is enough to access and spend your funds.

Zengo never generates a single private key but multiple independent secret shares that never meet each other (our open-source cryptography is available for review) and therefore does not have a single secret that can compromise your funds.

The real vulnerability: Single-factor authentication, not cloud storage

Metamask, unlike many other wallets, does not provide an option to backup your private key in the cloud (for example below Coinbase wallet does).

However, iCloud has a default option that will backup all apps and their content in the cloud to facilitate the recovery with a new phone. The only protection you have left is the password protection used to access the app. This has nothing to do with the private key and the way the wallet protects it.

So whether a private key wallet offers a native option to backup the seed phrase or not, your wallet is only one password away from being taken over in a new device.

In the case of Metamask, if your iPhone is backed up on iCloud, when you restore your phone to a new device (as it happened in this hack) you will not need the seed to access your account but only the authentication password set by the user.

These authentication mechanics are based on a single factor. If your password is weak (or can be socially engineered) then it will be trivial to access your wallet, even without knowing the private key. The same would be true if someone accessed your hardware wallet and could easily guess the protected PIN.

This is a security design flaw of most wallets, including with social login wallets based on your email or social media account. Single-factor authentication is never a good idea and this is why most exchanges and banks ask you to set up a second-factor authentication system.

Why don’t wallets implement two-factor authentication? The short answer is because they can’t or won’t. But this is for another post. It is more interesting to look at how we have solved this at Zengo.

The superiority of 3-factor authentication and MPC

At Zengo we have implemented a 3-factor authentication system: one of which is a recovery kit stored on iCloud (or the cloud service of choice of the user). There is one critical difference: The recovery kit in iCloud is only one of the 3 factors and is itself useless. If someone gets access to your iCloud account they cannot do a thing with it (more on that below).

To access a Zengo account, you’d need access and control of the email (magic link) of the user, the recovery kit, and a live private biometric scan. Thanks to our architecture where both the client (the app) and the server is required (in this case to assist with the recovery kit and the biometrics) the cloud is immaterial as an attack vector.

You can see in action how recovery works on a Zengo wallet in the video below.

This guarantees that your wallet can never be taken over if your cloud account gets hacked or has weak protection. And yes, we offer additional fallbacks to other cloud services (google drive, dropbox) in case iCloud becomes unavailable to you.

In simple terms: Cloud backup for a multi-factor wallet is totally fine but a big-no-no for single factor wallets.

The “default set up” problem

Here is the problem: Whatever the default, this is the option an overwhelming majority of users will use.

If a traditional wallet has by design the option to to be backedup on iCloud then most users will use that, even without knowing.

If a wallet does not have 2FA setup by default then most users will not have 2FA set up

So it does not matter if your favorite wallet asks you not to use iCloud or change a setup. The default is what wins. And their customer support hotline will know it better than anyone else.

This is why multi-factor by design is so important so that the risks you take because of the design choices or your own mistakes are radically neutralized.

5 Tips to make your cloud backup more secure

Regardless of which wallet you use, it is always a good idea to reinforce the security of your cloud services.

  1. Use two-factor authentication (2FA) with QR code and never SMS/phone.
  2. Use a password manager to choose strong passwords.
  3. Never answer incoming calls or text messages requesting to reset your account.
  4. Do not give access to rogue apps and remove old app access.
  5. Avoid accessing your cloud service on public internet or a hotspot.

Bonus: Catch me if you can! $100…easy?

Instead of long explanations, here are 2 files backed up in the cloud.

updated: someone already stole the funds from the hardware wallet seed. Zengo remains untouched

  1. This one is the backup of a private key wallet created with a hardware wallet: Here the on-chain proof
  2. This one is the recovery kit of Zengo (one of the 3 factors we use): Here is the on-chain proof

Both wallets have $100 of crypto in them.
See which one you can access and spend!

We already know the answer 😀

Good luck! Let us know if you pull it off!

Bottom line: Use iCloud and Stay Zen.

The claim that iCloud or any cloud is not good for your wallet backup is true only for private key-based wallets (software or hardware) but not for MPC or multi-sig wallets. The backup is immaterial “alone” to enable recovery because of the distributed nature of the security system and a different approach to key management without single critical secrets.