ZenGo Case Study

Article by Forta Network May. 18, 2023

Forta is a real-time detection network for security monitoring of blockchain activity. The decentralized Forta Network scans all transactions and block-by-block state changes, leveraging machine learning to detect threats and anomalies on DeFi, NFTs, bridges, governance and other Web3 systems. When an issue is detected, alerts are sent to subscribers of potential risks, which enables them to take action.

About the ZenGo Wallet

Launched in 2019, ZenGo is the first self-custodial wallet with no seed phrase vulnerability, making waves in Web 3 for its advanced MPC wallet security architecture. With over 800,000 users, not a single ZenGo account has been hacked or taken over since the company began. Their mission is to enable anyone, anywhere, to securely participate in the borderless economy. ZenGo has made security and end-user protection a key differentiator, and continues to aggressively invest in new security tools and approaches. 


With over $8B lost by users in 2022 to scams and other attacks, wallets have the difficult job of balancing the need to provide a great user experience with the responsibility of keeping users safe. Users want greater control and access to a growing landscape of DApps and NFTs, while at the same time being protected from hacks and scams. Not an easy task. 

One important aspect of a Web3 wallet’s security program is pre-signing transaction analysis – assessing the risk of a user’s transaction before it is signed. Pre-signing transaction analysis is a process performed during the hundreds of milliseconds between when a user initiates a transaction on a webpage, and when the Web3 wallet window appears for review and signing. The wallet will either pass transaction details to an internal or external API for scanning and analysis, or in some cases the analysis could happen locally in the wallet application. If an aspect of the transaction is deemed high risk or suspicious, the user will be presented with a warning. 

To support the pre-signing transaction analysis process, ZenGo developed ClearSign, a “Web3 firewall” feature that analyzes pre-signed transactions for certain risks and provides human-readable descriptions of transactions. In conjunction with ClearSign, ZenGo wanted to incorporate additional threat intel into the process to achieve a more robust analysis. In assessing threat intel sources, ZenGo wanted:

Broad coverage over a variety of threat types for tokens and NFTs, and ability to keep up with emerging threats
High precision
Transparent logic/models


ZenGo integrated with Forta’s Scam Detector to supplement its already robust transaction analysis process.

At the point of transaction, ZenGo will query and pass certain transaction details to the Forta API. If the Scam Detector has previously observed any of the addresses or contracts involved in the transaction engaging in malicious activity (phishing, address poisoning, etc.), the Scam Detector will return a “scammer-eoa” or “scammer-contract’ label to ZenGo, along with context on why the entity was flagged, and a confidence score from 0 to 1.

This intelligence is then used to inform a user warning message displayed on the ZenGo UI.

Performance and Impact

ZenGo is using Forta to help protect its 800,000+ users and their Web 3 transactions, and this number will scale as ZenGo’s user base increases.

Forta’s Scam Detector is a valuable complement to ClearSign, and provides unique threat intelligence we can rely on during the transaction analysis process. The diversity of threat coverage and detection approaches from the Forta community is also a differentiator we value,” said Tal Be’ery, CTO at ZenGo.