eToro acquired Zengo for roughly 70 million USD in early 2026 to bring multi-party computation (MPC) wallet technology into its consumer platform. Zengo's pitch has always been "keyless" custody: no seed phrase to write down, no single key to lose. The acquisition turns the MPC vs hardware wallet debate from a niche conversation into a mainstream one, with millions of eToro users about to encounter the technology. "Keyless" is good marketing language. It's also imprecise about what's underneath. This piece walks through what MPC wallets do under the hood, what "keyless" means once you look at the engineering, and where MPC and hardware wallets each fit.
Multi-party computation in the wallet context is a cryptographic technique that splits a private key into multiple shares before the key is ever fully assembled. Each share lives in a different place: the user's phone, the wallet vendor's server, a backup share, sometimes a hardware element. Signing a transaction requires a quorum of shares to participate in the cryptographic protocol; the underlying private key is never reconstructed in one place during normal operation. The end-user experience: no seed phrase, no single device to lose, recovery through the vendor's backup flow. The marketing word is "keyless" because the user never sees a key. The engineering reality is that the key exists; it's split. Zengo's specific implementation uses two shares (a 2-of-2 setup): one on the user's phone and one on Zengo's MPC server. Both must participate to sign. If the user loses their phone, Zengo's server holds the share needed to recover into a new phone after identity verification.
The marketing phrase covers a useful UX win: users don't manage a seed phrase, and the most common self-custody failure mode (lost seed phrase, no backup) goes away. For users who would otherwise leave their crypto on an exchange because seed phrase management felt overwhelming, MPC is structurally a step up. The phrase also covers up a structural reality. Even though the user never sees a key, the shares are key material. A compromised phone leaks the user's share, and a compromised vendor server leaks the vendor's share. If both go at the same time, the wallet drains the same way a single-key wallet would. The threat model shifts to a different surface, with the vendor's server side now in scope.
The comparison runs on several axes. Custody surface: MPC keeps one share on the vendor's server. A hardware wallet keeps the entire key on a chip the user holds. The MPC vendor is a counterparty for signing in normal operation; the hardware wallet vendor isn't. Recovery model: MPC recovery typically runs through the vendor's identity-verification flow. A hardware wallet recovery runs through the user's backup (seed phrase, TapSafe Recovery, and similar), with no vendor involvement. Single point of failure: MPC removes the seed phrase as a single point of failure, while introducing the vendor's server as a counterparty. A well-designed hardware wallet with split backup removes both points of failure. Transparency of the cryptography: Hardware wallets sign with standard signature algorithms (ECDSA, EdDSA) that the chain natively verifies. MPC uses threshold variants that produce standard-format signatures the chain accepts, with the cryptographic complexity hidden from the user. Both work; the second is more complex under the hood. Onboarding friction: MPC is dramatically easier for new users. No seed phrase, no setup procedure, no recovery practice. Hardware wallets require setup and physical management. Cost: MPC wallets are typically free (subsidized by vendor business model). Hardware wallets are a one-time hardware purchase. The right tool depends on the use case.
For users who would otherwise be on a custodial exchange, MPC is structurally an improvement: they hold a share, the vendor holds a share, and the user's funds aren't sitting in a hot wallet on the exchange's books. Holders with five-figure-plus positions they intend to keep often want the cleaner trust model. Hardware wallets keep the vendor out of the signing path entirely, with the key on a dedicated chip and the recovery model designed so no third party plays a role. Active DeFi users sit somewhere in between. MPC keeps signing fast and convenient but exposes the phone-and-server stack to drainers and approval scams. A hardware wallet adds friction to every signature, with the upside that the signature can't be forged from a compromised host. Institutional treasuries use both. Pure MPC is run by some institutional custodians, pure hardware-wallet multisig by others, and hybrid setups are common in 2026.
TapSafe Recovery on Ryder One addresses the same problem MPC was designed to solve (lost-seed-phrase failure mode) except Ryder gives you all the shares. The recovery is split across the wallet and Recovery Tags rather than just across the user's phone and a vendor server. The split is: 50% on the Recovery Tag (battery-free, NFC, IP69K rated), 50% encrypted in your phone's iCloud or Google Drive backup, and optional % per Recovery Contact for the people you trust. The functional result is similar to MPC at the recovery layer: no single point of failure, no need to write down a seed phrase on paper, recovery without vendor involvement when the user can't sign themselves. The custody layer is different: the signing key lives on a dedicated chip that never connects to the internet, with on-device verification of every transaction. For users who want MPC-style recovery convenience plus hardware-wallet cold-storage signing, the combination of TapSafe Recovery and on-device signing is the closest mainstream implementation in 2026.
The eToro acquisition of Zengo signals that MPC is graduating from a niche technology into mainstream consumer crypto. Millions of eToro users will encounter MPC wallets through this deal, and many of those users will be choosing self-custody for the first time. That's a structural good for the ecosystem. What the acquisition doesn't change is where each technology fits best. MPC remains better-suited to onboarding and to working balances; hardware wallets remain better-suited to cold storage and to amounts the holder doesn't want a vendor server involved with. The mainstreaming of MPC is going to surface more users who eventually want both: an MPC wallet for daily activity, a hardware wallet for storage, the same hot-cold split most large holders have used for years.
"Keyless" is a useful UX framing for users who don't want to manage seed phrases. Under the hood, the key still exists; it's split between the user and the vendor. That's a meaningfully different trust model from a hardware wallet, where the key lives on a chip the user holds and no vendor sits in the signing path. Both have legitimate uses. For the eToro users about to encounter MPC for the first time, the useful framing is to split the question by use case. MPC handles the daily-activity side well. The hardware wallet handles the storage side well. Both can sit in the same setup, with each doing what it's designed to do.
Keep cold storage on hardware you control. Ryder One keeps your long-term positions offline on an EAL6+ secure element, with TapSafe Recovery splitting the backup across hardware and people you choose, with no vendor server in the recovery path. See how it works.
The only crypto wallet you can install on a crowded subway.
Set it up in less than 60 seconds and just tap your phone to send, swap, and recover.
Share: