imKey Learn
imKey News
See all articlesimKey Now Supports Dogecoin Accounts
To meet user demands and expand support for more cryptocurrencies, we are excited to announce that the imKey hardware wallet now officially supports Dogecoin (DOGE) accounts in the imToken 2.16.3 version.
About Dogecoin
Dogecoin (DOGE) is a cryptocurrency launched in December 2013 by Billy Markus and Jackson Palmer. It was initially created as a lighthearted and humorous response to the rise of mainstream cryptocurrencies like Bitcoin. The iconic image of Dogecoin is based on the popular internet meme featuring a Shiba Inu dog, which quickly garnered a large, loyal community of supporters. Although Dogecoin didn't initially have a clear use case, over time it has evolved into a widely accepted digital asset and has received support from prominent figures like Elon Musk, CEO of Tesla.
How to Add a Dogecoin Account
- Please ensure that your imToken version is 2.16.3 or higher.
- Ensure your phone's Bluetooth is successfully connected to the imKey hardware wallet.
-
Open imToken, tap "Me" - " Manage wallets", select the paired imKey hardware wallet, and enter the "imKey Management" page.
-
Tap "App Management (can add/upgrade tokens)" - select "DOGE" - tap "Install".
-
To add multiple accounts in bulk, tap the three dots in the top right corner of the account and select "Advanced ".
Important Note
Before using the Dogecoin wallet feature, please ensure your imKey firmware is updated to version 1.9.05. For detailed instructions on firmware upgrades, please refer to the COS upgrade guide in the imKey Manager user manual.
Thank you for your continued support and trust in imKey. We will keep working hard to provide you with more features and better service.
If you have any questions, please feel free to contact imKey support at support@imkey.im.
imKey Team
imKey Now Supports Taproot, Native Segwit Addresses, and PSBT Signing
We’re thrilled to announce that imKey Pro has been upgraded with new features to enhance your user experience and provide greater flexibility in asset management:
1. Taproot and Native Segwit Address Support
imKey Pro now supports account management for Taproot and Native Segwit address formats:
- Taproot: A new transaction protocol that improves privacy and efficiency by simplifying transactions through the aggregation of smart contract conditions, resulting in smaller data sizes and lower fees.
- Native Segwit: Features more efficient transaction encoding, reducing fees and boosting network throughput for faster confirmations and lower transaction costs.
With this update, imKey Pro supports four types of Bitcoin accounts:
- Legacy addresses (P2PKH): Begin with 1
- Nested SegWit addresses (P2SH): Begin with 3
- Native SegWit addresses (P2WPKH): Begin with bc1q
- Taproot addresses (P2TR): Begin with bc1p
👉 Learn more on our support page:
- Taproot Support and Address Type Differences
- How to add and use Taproot and other Bitcoin address types in imKey hardware wallet?
2. PSBT and BIP-322 Signing Support
imKey Pro now supports Partially Signed Bitcoin Transactions (PSBT) and the BIP-322 signing protocol, enabling more advanced transaction handling:
- PSBT (Partially Signed Bitcoin Transaction): Allows multiple participants to sign the same transaction without sharing the complete transaction data. Ideal for managing collaborative or multi-signature wallets.
- BIP-322: Enhances Bitcoin transaction interoperability and security, enabling consistent handling of signatures across wallets, minimizing errors and compatibility risks.
At imKey, we are committed to continuously improving the functionality of imKey Pro to meet our users’ evolving needs. By default, imKey generates BTC accounts in the Taproot format. If you wish to create other account types, click the three dots in the upper-right corner of the BTC icon on the account creation screen to enter Advanced Mode and select your preferred format.
Thank you for your continued support and trust!
imKey Team
Statement
Recently, the security research institution NinjaLab published a report on the EUCLEAK side-channel attack (click for details). The report indicated that certain devices using specific security microcontroller solutions (Infineon SLE78 series security element) and equipped with certain built-in cryptographic libraries may be more vulnerable to such attacks.
The imKey team takes this matter seriously and has conducted a comprehensive evaluation and analysis immediately. Hereby, we solemnly declare that: The imKey Pro hardware wallet is not affected by the EUCLEAK vulnerability mentioned in the NinjaLab report, and the assets of imKey users remain secure.
Clarification of Facts:
-
imKey Pro does not use the Infineon cryptographic library and poses no potential risk
According to the NinjaLab report, the EUCLEAK attack targets only devices that use Infineon security chips with integrated Infineon cryptographic libraries. imKey Pro employs a cryptographic library independently developed by Feitian Technologies, which differs significantly from Infineon’s library. It has been confirmed that the vulnerability mentioned in the report does not exist (refer to sections 7.2.2 and 7.6 of the NinjaLab report). -
Feitian’s cryptographic library meets international security standards
The cryptographic library developed by Feitian Technologies has been certified by NIST under FIPS 140-2, meaning it adheres to stringent global security standards, ensuring the safety of users' assets. (For more information, please refer to Feitian’s official statement).
Our Commitment:
Security is the core value of imKey. We are committed to providing the most secure and reliable hardware wallets for cryptocurrency assets. In the future, we will continue to monitor the latest security research and technical reports to ensure that imKey remains at the forefront of the hardware wallet industry.
We sincerely thank our users for their continued trust and support. We will keep improving our products and services to safeguard your assets.
Should any organization or individual spread false information or attempt to damage our company’s image or the reputation of our products, we reserve the right to pursue legal action.
IMKEY PTE. LTD.
September 20, 2024
imKey Now Suppots Connection with Rabby Wallet
Summary
imKey now supports connection with Rabby Wallet, ensuring users can securely perform transfers and interact with DApps on their PCs.
imKey now supports seamless connection with Rabby Wallet. As a hardware wallet, imKey, in collaboration with Rabby, allows users to conveniently carry out transactions, trades, and interact with DApps on PCs, while ensuring the security and offline storage of private keys within imKey.
Rabby, an open-source browser wallet, delivers a seamless multi-chain experience by supporting 140 EVM-compatible chains and testnets. Moreover, it offers a you-sign-what-you-see feature that minimizes the risk of blind signing during DApp interactions.
imKey, a widely trusted hardware wallet, is equipped with a CC EAL 6+ security chip and features safety designs such as binding codes and PIN codes. It supports a variety of tokens and provides a secure environment for managing tokens by generating and storing private keys offline.
When users connect imKey hardware wallet to Rabby on the PC, they can initiate transactions on Rabby and sign them offline with imKey. The entire process is conducted via a USB data cable, which is used only for transmitting signature information. Sensitive information like private keys does not go online, ensuring offline safety. The combination of imKey and Rabby, as a cold and hot wallet, provides a convenient and secure solution for users in various Web3 scenarios like DeFi and NFTs.
About imKey
imKey is a high-security hardware wallet that provides users with blockchain security products and solutions, maximizing the safety of tokens. Established in 2018, imKey uses a CC EAL 6+ security chip to ensure the safety of private keys and supports a variety of tokens. imKey offers a range of security products, including hardware wallets and heirboxes and is deeply integrated with the imToken wallet, providing reliable token management services to users worldwide.
Website: https://imkey.im
About Rabby Wallet
Rabby Wallet is a wallet designed specifically for Ethereum and all EVM chains.
1. Designed for DeFi users with a smooth multi-chain experience.
2. Protect your tokens with pre-transaction risk scanning and security alerts.
3. Show you the upcoming balance change before you sign a transaction.
Website:https://rabby.io
imKey Official Statement
Recently, unscrupulous individuals have been impersonating authorized dealers on several e-commerce platforms, including but not limited to Lazada, Shopee, JD.com and Taobao. These unauthorized stores employ various tactics to lure users to their fraudulent shops, selling pre-activated hardware wallets with tampered user instructions to deceive users into depositing funds, which are subsequently stolen. These actions severely damage our company's reputation and legal rights, and also pose a significant threat to the asset security of the victims.
Our Official Statement on This Matter
The business entity of the imKey hardware wallet is IMKEY PTE. LTD., and we have authorized "Hangzhou Rongshi Technology Co., Ltd." to sell imKey products in mainland China.
imKey official channels:
- imKey Official Website: https://imkey.im
- Youzan Store (mainland China): https://j.youzan.com/S0w1J1
- Amazon US: https://www.amazon.com/stores/imKey/page/BB5DB6D0-71A4-49BB-ADF0-C8F2FE0B6BF0
- Amazon JP: https://www.amazon.co.jp/stores/imKey/page/F686FE53-D163-4D27-AE60-D085735F898F
- WeChat mini program "ConsenShop"
If you have any questions about purchasing or using imKey, please submit a request.
To ensure user rights, please make sure to purchase imKey hardware wallets through official channels. Sales activities through unofficial channels are not recognized or protected by our company.
Any individual or entity that engages in commercial activities using our company’s name without authorization should immediately cease such actions. Our company reserves the right to pursue legal responsibility.
We are committed to providing a secure and reliable key management system to protect users' digital assets. We will continue to take measures to maintain our company's reputation and image and will closely cooperate with our partners and judicial authorities to pursue relevant legal responsibilities.
IMKEY PTE. LTD.
Discover imKey
See all articlesHow to Prevent Supply Chain Attacks on Hardware Wallets
The imKey Pro hardware wallet uses a security chip manufactured by Infineon (model: SLE78CLUFX5000PH). This chip meets the military-grade CC EAL 6+ standard, which is recognized as the highest security level for hardware wallets equipped with secure chips. As one of the most secure solutions for safeguarding digital assets, hardware wallets can protect sensitive information, such as private keys, from unauthorized access or tampering by hackers, ensuring better asset security. However, no system is entirely immune to risks. For hardware wallets, supply chain vulnerabilities remain a critical challenge.
This article introduces the measures imKey Pro has implemented to address supply chain attacks, focusing on two key aspects: purchase channels and product unboxing.
How to Purchase imKey Pro
To ensure product quality and after-sales service, we strongly recommend purchasing through official channels. Currently, imKey offers three purchasing options:
-
Youzan Store
If your delivery address is within China, you can purchase via the official Youzan store. Products are shipped domestically via SF Express, which is fast, secure, and reliable.
-
Amazon Store
For customers outside China, the official imKey Amazon store is a convenient option. Amazon, a globally trusted e-commerce platform, ensures a smooth purchase and delivery process.
-
Official Website
Alternatively, overseas customers can buy directly from the official imKey website.
Important: Only products purchased through official channels are guaranteed to ensure the safety of your assets and qualify for official after-sales service. If you purchase from other channels, we cannot guarantee product quality or support.
How to Prevent Supply Chain Attacks on Hardware Wallets
Before unboxing your imKey Pro for the first time, follow these steps to verify it is an authentic product:
-
Check the Shipping Origin
Ensure the shipping origin matches the official address. For China, the designated shipping location is Hangzhou, Zhejiang Province (specific details are available on the official website).
-
Inspect the Shipping Box
Verify that the shipping box is the official customized packaging (with the imKey logo).
(Example of the medium-sized imKey logo packaging)
-
Inspect the Product’s Outer Packaging
- Confirm that the plastic wrap on the product’s outer packaging is intact.
- Ensure that the tamper-proof seals on both sides of the packaging are undamaged. When peeled off, the seals should reveal a pattern of complete letters.
-
Examine the Device Interface
After powering on an unactivated device, the screen should display the following sequence: language selection → device Bluetooth name.
(This interface confirms the device has not been activated.)
-
Verify Device Activation
During the initial setup with the imToken app, the hardware device will display a prompt indicating “Activation Successful.”
Note: If your imKey Pro fails any of the above checks, it is likely a used product. Using such a device may lead to asset loss. In such cases, contact us via Discord or email support@imkey.im for confirmation.
Important Reminders
When you receive a brand-new device, make sure to personally complete the following steps:
- Activate the device: Activation is irreversible and can only be done once per device.
- Set and back up your PIN code and binding code.
- Create and back up your mnemonic phrase.
Final Thoughts
To quote the Blockchain Dark Forest Handbook, there are two key principles to follow:
- Zero Trust: Always maintain skepticism, no matter the situation.
- Continuous Verification: To trust, you must have the ability to verify your doubts and make this habit a part of your routine.
If you have any concerns, please reach out to us via Discord or email support@imkey.im . Let’s work together to safeguard your assets.
A Safer Solution for Offline Asset Management
When it comes to digital assets, mnemonic phrases are the most critical security information. It is essential to keep the following in mind when safeguarding your mnemonic phrases:
- If a mnemonic phrase is lost, no one can recover the lost digital assets.
- If a mnemonic phrase is leaked, others will have full control over your digital assets.
According to relevant data, 66.3% of digital asset attacks are caused by mnemonic leaks through remote attacks in online environments, leading to stolen assets. So how can we prevent such attacks and ensure the security of our assets?
The Optimal Asset Management Solution
Store small amounts in software wallets and large amounts in hardware wallets.
This is the industry-recognized best practice. Hardware wallets generate and store private keys in a completely offline environment while presenting them as a set of randomly generated mnemonic phrases for easy backup and recovery. This approach significantly reduces the risk of asset theft and ensures the safety of your funds.
imToken recommends the dual-layer offline asset management solution provided by imKey to offer comprehensive protection for your digital assets:
First Layer: Generate and Store Private Keys in a Fully Offline Environment
The imKey Pro hardware wallet (cold wallet) is designed to operate completely offline, offering an excellent solution for offline asset management:
- Offline Private Key Generation: Private keys are generated in a completely offline environment, eliminating the risk of key leaks.
- Offline Private Key Storage: Sensitive data, such as private keys, is securely stored in the secure chip of the hardware wallet, fully isolated from the internet to ensure data safety.
- Physical Transaction Confirmation: When making a transaction, users must confirm it by physically pressing buttons on the hardware wallet. This mechanism, similar to the security features of a bank's USB security token, ensures each operation is secure and reliable.
Second Layer: Physically Backup Mnemonic Phrases Offline
Even if private keys are generated and stored in a hardware wallet, it’s still crucial to back up your mnemonic phrases offline. The imKey Mnemonic Storage HeirBox is an ideal physical backup tool with the following features:
- High Durability: Made of stainless steel, it is waterproof, fireproof, and corrosion-resistant, effectively withstanding extreme environments.
- Multiple Protections: Ensures offline storage of mnemonic phrases while safeguarding against accidental loss or damage due to disasters
The Best Practice for Offline Asset Management
Offline asset management is currently the gold standard in digital asset security. By using the imKey Pro hardware wallet along with the Mnemonic Storage HeirBox, you can effectively prevent your private keys and mnemonic phrases from being leaked, providing comprehensive protection for your digital assets.
Can imKey Guarantee the Security of Your Assets?
Can imKey Fully Protect Your Assets?
The imKey hardware wallet offers a high level of security by storing private keys offline and incorporating multiple layers of protection. However, this doesn’t mean that using imKey completely eliminates the risk of asset theft. Here are some common security vulnerabilities and tips to prevent them:
Potential Risks of Asset Theft
Mnemonic Phrases Leakage
Cause:
The mnemonic phrases is a plaintext representation of the private key and is used to recover the wallet. If someone gains access to your mnemonic phrases, they can easily transfer your assets, even if you’re using a hardware wallet.
Prevention Tips:
- Store your mnemonic phrases securely on a physical medium that is waterproof and fireproof, such as a specialized storage tool.
- Avoid saving the mnemonic phrases on connected devices.
Unauthorized Token Transfers
Cause:
Users may mistakenly authorize malicious smart contracts disguised as legitimate DApps, such as "transfer," "mining," or "investment" platforms. This can lead to unauthorized token transfers (e.g., USDT). This issue stems from token mechanisms rather than the wallet itself, whether it’s hot or cold.
Prevention Tips:
- Always verify the source of a DApp before using it.
- Avoid granting permissions without thorough review.
Important Reminders
Avoid Importing Mnemonic Phrases into Hot Wallets
Unless in an emergency, never import the mnemonic phrase from your imKey hardware wallet into any connected hot wallet to prevent theft.
Enhance Your Security Awareness
Exercise caution when using wallets. Safeguard your mnemonic phrase and avoid granting unnecessary authorizations.
When your mnemonic phrases remain secure, and unnecessary authorizations are avoided, you can confidently use the imKey hardware wallet to protect your assets.
The imKey hardware wallet utilizes advanced security technologies to provide the highest possible protection for your assets. However, the cornerstone of security lies in the user’s own awareness. By following best practices for safeguarding your mnemonic phrase and being vigilant against authorization risks, you can truly achieve secure digital asset management.
How Do Hardware Wallets Safeguard Your Digital Assets?
Introduction
With the widespread adoption of digital assets, users face increasing threats from cyberattacks. Ensuring the security of digital assets has become one of the most pressing concerns for many. Among various solutions, hardware wallets are considered the most reliable way to protect digital assets. In this article, we will explore the basic principles of hardware wallets, the importance of secure chips, risks associated with hardware wallets, and preventative measures to help you better understand their functionality and security features.
How Hardware Wallets Work
A hardware wallet is a physical device designed to generate and manage private keys. Unlike software wallets that store private keys locally on computers or mobile devices, hardware wallets keep private keys in an isolated environment. Every interaction requires physical confirmation via the device, effectively reducing the risks of hacks and malware attacks.
The Role of Private Keys
In asymmetric cryptography, private and public keys work together. When signing a transaction with a wallet, the private key encrypts the transaction summary to create a digital signature. This signature, along with the transaction, is broadcast to the blockchain. Validators use the public key to verify the signature's authenticity, ensuring only valid transactions are executed.
Control over a wallet address is entirely dependent on access to its private key, making private key backups absolutely essential.
Here’s an example of how a private key looks:
56f759ece75f0ab1b783893cbe390288978d4d4ff24dd233245b4285fcc31cf6
Since private keys are difficult to memorize or manage manually, the BIP-39 proposal introduced seed phrases. A seed phrase is a human-readable representation of a private key, making backups easier. Having the seed phrase allows you to restore the private key and regain access to your wallet.
How Are Private Keys Generated?
Private key generation depends on two factors: a random number (X) and a cryptographic algorithm (f). Private keys are created using the formula:
Private Key = f(X)
This process is offline and does not require an internet connection. The quality of randomness in X determines the security of the private key.
Random Number Quality
High-quality random numbers must meet these criteria:
- Randomness: Numbers should have uniform distribution without statistical bias.
- Unpredictability: Knowing part of the sequence and the algorithm should not allow predictions of the rest.
- Irreproducibility: Without storing the original sequence, identical results cannot be reproduced.
Hardware wallets generate true random numbers using physical processes like electronic noise or quantum effects, unlike software wallets that rely on pseudo-random numbers from variables like mouse movements or timestamps.
Where Are Private Keys Stored?
Wallets are categorized into two types based on private key storage:
- Hot Wallets: Private keys are generated and stored on internet-connected devices. While convenient, hot wallets are vulnerable to hacking, malware, and phishing attacks. Examples include software wallets like MetaMask and imToken.
- Cold Wallets: Private keys are generated and stored offline, typically in secure chips within hardware wallets. This isolation prevents exposure to network threats. Hardware wallets like Ledger and imKey fall under this category.
Broadcasting Transactions While Staying Offline
Hardware wallets use secure chips to generate and store private keys offline. Acting as "offline signers," these devices require an internet-connected device to broadcast transactions to the blockchain.
Here’s how it works:
- Transaction data is sent from the online device to the hardware wallet via USB, Bluetooth, or QR code.
- The hardware wallet signs the transaction with the private key and sends the signed data back.
- The online device broadcasts the signed transaction to the blockchain.
Throughout this process, the private key remains in the secure chip, never exposed to the online environment.
The Importance of Secure Chips
What Is a Secure Chip?
A secure chip is a microcomputer designed for data protection and encryption. At its core is a Secure Element (SE), which provides:
- Data Protection: A secure storage area for sensitive information like private keys.
- Secure Operations: High-quality random number generation and cryptographic computations in a physically isolated environment.
How Do Secure Chips Protect Data?
Secure chips employ multiple layers of defense against attacks:
- Electronic Attacks: Access control and encryption ensure only authorized software can interact with the chip.
- Physical Attacks: Chips are designed to resist physical tampering, including extreme environmental conditions, power analysis, and electromagnetic interference.
Secure chips are evaluated using the Common Criteria (CC) standard. Most hardware wallets use CC EAL 5+ chips, while advanced devices like the imKey Pro employ CC EAL 6+ chips, offering military-grade security.
Risks Facing Hardware Wallets
While hardware wallets provide robust security, they are not immune to risks such as:
1. Supply Chain Attacks
Attackers may tamper with hardware wallets during production or distribution. To minimize this risk:
- Purchase wallets only from official or certified distributors.
- Inspect original packaging, tamper-proof seals, and perform activation checks.
2. Phishing and Hacking
Even with a hardware wallet, phishing attacks and social engineering can compromise security. Protect your seed phrase and private key by:
- Backing up seed phrases offline.
- Never sharing sensitive information with others.
- Avoiding clipboard use or transmitting seed phrases over the internet.
3. Firmware Vulnerabilities
Keep your hardware wallet firmware up to date to patch security flaws. Follow official announcements for updates and security advisories.
Open-Source vs. Closed-Source Debate
Open-source software promotes transparency, enabling community-driven audits and improvements. However, it can also expose vulnerabilities if malicious actors exploit publicly available code. Closed-source wallets rely on independent security audits, with brand reputation and trust playing a critical role in user confidence.
Conclusion
Hardware wallets are one of the most reliable tools for managing digital assets securely. By isolating private keys from internet exposure and leveraging secure chips for offline storage and transaction signing, they significantly reduce risks associated with hacking and malware. However, users must remain vigilant about supply chain security, phishing attempts, and firmware updates to fully benefit from the security features of a hardware wallet.
When choosing a hardware wallet, consider trusted brands with a strong reputation and recognized security certifications to protect your digital assets effectively.
Which is more secure: single-chip or multi-chip?
Summary
Both single-chip and multi-chip solutions have their pros and cons. For users who store cryptocurrency, single-chip hardware wallets are the better choice.
With the rapid development of blockchain technology, hardware wallets have gained significant attention as essential tools for securely storing cryptocurrencies. There are two main design schemes available in the market: single-chip and multi-chip solutions. Which of these offers better security? This article will explore the advantages and disadvantages of both schemes, focusing on their security aspects.
Advantages of Single-Chip Solutions
- High Integration
Single-chip solutions integrate all functions into one chip, reducing the number of components and simplifying hardware design. This high level of integration not only makes the hardware design more streamlined but also reduces potential attack surfaces, as all functions operate within a closed environment, making it difficult for traditional hardware attacks to interfere.
- Communication Security
In single-chip solutions, internal communications do not need to pass through external buses, meaning that the entire data transmission process occurs within the chip. This reduces the risk of eavesdropping or man-in-the-middle attacks. In contrast, multi-chip solutions require inter-chip communication, which introduces potential vulnerabilities.
- Low Power Consumption
Single-chip designs typically consume less power than multi-chip designs. This is particularly important for portable hardware wallets, as lower power consumption helps extend battery life.
- Cost Advantage
Due to high integration, single-chip designs have relatively lower production costs, which can reduce product prices, making secure and affordable hardware wallets accessible to more users.
Potential Issues with Single-Chip Solutions
- Single Point of Failure Risk
Some believe that single-chip designs pose a single point of failure risk, meaning that if the chip fails, the entire device could become inoperable. However, for hardware wallets, this issue does not lead to actual asset loss. Even if the hardware fails, users can still recover their wallets through mnemonic phrases, ensuring asset security.
- Limited Scalability
Single-chip solutions have certain limitations in terms of functionality expansion and upgrades. However, for hardware wallets, the core requirement is secure cryptocurrency storage, and users do not require extensive functional expansion. Therefore, limited scalability does not significantly impact the user experience, especially for users primarily focused on storing cryptocurrencies.
Security Considerations of Multi-Chip Solutions
- Function Separation
Multi-chip solutions can separate different functions, such as cryptographic processing and the user interface. This design can enhance system security to some extent. Even if one chip is compromised, other chips can remain secure.
- Modular Design
Multi-chip designs are more conducive to functional expansion and upgrades, offering greater flexibility. However, this flexibility does not provide a clear advantage when it comes to the core security requirement of hardware wallets.
- Communication Security Risk
Multi-chip designs require inter-chip communication, which may increase the risk of eavesdropping or man-in-the-middle attacks. Additional security measures are needed to protect data transmission, which may further increase design complexity and cost.
Conclusion
In summary, single-chip solutions offer significant advantages in terms of high integration, communication security, low power consumption, and cost efficiency. While there are potential issues such as single point of failure and limited scalability, these do not materially impact the core requirement of hardware wallets—secure cryptocurrency storage. The mnemonic phrase recovery function effectively mitigates the single point of failure risk, and users do not have high demands for the scalability of hardware wallets.
Therefore, from a security perspective, the single-chip solution is clearly the superior choice. It not only provides higher security assurance but also meets users' secure cryptocurrency storage needs with lower costs and longer battery life. The imKey Pro is a single-chip hardware wallet, and if your primary requirement is secure cryptocurrency storage, the imKey Pro is one of the best choices available.
Peace of Mind with a Secure Chip: A Comprehensive Guide to Security Chips
Summary
This article covers the definition, uses, and future prospects of security chips, as well as their security features and ability to withstand attacks. It also highlights the robust security features of the imKey hardware wallet.
As technology advances, information security becomes increasingly important. Security chips, as the core technology for protecting data security, are widely used in various fields such as finance and the Internet of Things (IoT). This article will provide a detailed introduction to what security chips are, their uses and prospects, why they are considered secure, what types of attacks they can resist, and showcase the powerful security features of the imKey hardware wallet as an example.
What is a Security Chip?
A security chip, primarily referring to a Secure Element (SE), is a microcomputer that achieves secure data storage and encryption/decryption operations through unique security components and a chip operating system (COS). SEs are characterized by their small size, low power consumption, high reliability, and strong confidentiality, making them suitable for embedding in various products such as IC cards, SD cards, SIM cards, eSEs, online banking USB keys, and wearable devices.
Uses of Security Chips
Security chips have many applications in our daily lives, such as bank cards (with metal contact surfaces), mobile phone SIM cards, ID cards, and online banking USB keys. Their application in emerging technologies such as artificial intelligence, the Internet of Things (IoT), and vehicle networks is also increasing, providing robust security guarantees for these fields.
Prospects of Security Chips
With the global promotion of new technologies such as 5G, quantum communication, artificial intelligence, vehicle networks, the Internet of Things (IoT), and the industrial Internet, the demand for security chips continues to grow. China has also released action plans to promote the development of artificial intelligence and vehicle networks, creating a favorable policy environment for new technologies. The development of smart terminals, IoT, and smart homes all rely on the support of chips. The security chip industry has been listed as part of the national information security strategy, indicating tremendous potential for future development.
Why Are Security Chips Secure?
The security of chips can be analyzed from the perspectives of the chip's inherent security design and testing standards.
First, the chip itself must possess high security, both in terms of internal software design and physical structure. Due to the complex and numerous design principles of security chips, a few key aspects are highlighted:
- Whether a secure CPU is used, primarily for the computation of keys and data, and security detection during operation
- Whether the CPU registers have masking protection functionality
- Whether the memory (NVM, RAM) is encrypted and has dedicated integrity verification protection
- Whether there are sensors for temperature, voltage, frequency, light, and specialized protection nets
- Whether it includes a coprocessor for secure encryption and decryption calculations
Secondly, security is not absolute or eternal. It is relatively secure under certain conditions for a certain period. Therefore, it can be understood that there are standards that can be referenced within certain limits, and only through compliance with these standards can something be considered relatively secure.
In this context, it is essential to mention the ISO/IEC 15408 standard (Information Technology - Security Techniques - IT Security Evaluation Criteria) released by the ISO International Organization for Standardization in 1999, often referred to as the CC (Common Criteria) standard. ISO 15408 is a security evaluation criterion for information security-related products or systems and has become an international standard certification and the most rigorous global security system evaluation criterion.
The significance of the CC standard lies in its ability to…
- Enhance users' security confidence in IT products through evaluation,
- Promote the security of IT products and systems,
- Eliminate redundant evaluations.
For security chips, the CC standard specifies that their security assurance levels range from EAL1 to EAL7, with higher levels indicating that more stringent security assurance requirements must be met, and thus the security features are more reliable. Each level of security certification requires evaluation from multiple perspectives. It is worth noting that in the financial sector, products generally use EAL4+ or EAL5+ levels, while EAL6+ is considered military-grade.
What Types of Attacks Can Security Chips Resist?
According to international CC standards, security chips must meet specific anti-attack requirements, as outlined below:
- Ensure the security chip can resist physical attempts to measure the logical contents of memory units.
- Ensure the security chip can resist attacks that involve exposing the logic of memory units or internal wiring to recover useful codes or information.
- Ensure the security chip can protect against side-channel analysis that could lead to the exposure of sensitive information in memory, such as analyzing power consumption patterns, electromagnetic emissions, or timing of primary processing functions.
- Ensure that mechanical probing attacks on the security chip are difficult to use to expose memory codes and information.
- Ensure that attacks using voltage contrast and electron beam probing are unlikely to reveal memory information.
- Ensure that the security chip application is not affected by environmental changes. If internal changes or out-of-spec values for clock rate, voltage, reset pulse width, and temperature are detected, they should be rendered ineffective.
- Ensure that the execution of security chip applications is not affected by probing attacks.
- Ensure the security chip can resist modifications by individuals with extensive knowledge of security chip design using advanced tools like FIB systems or laser cutters.
- Ensure the security chip can withstand optical fault attacks, electromagnetic interference, and radiation without affecting the normal operation of applications or entering a safe state.
- Ensure the security chip's design complexity makes it challenging for attackers to extract logical building blocks through reverse engineering, requiring significant effort and the use of advanced specialized tools.
In summary, even for technically skilled personnel, attacking a security chip is quite difficult.
How Secure is imKey?
imKey has implemented rigorous security designs for its products from both software and hardware perspectives. This section focuses on the hardware aspect. imKey uses a CC EAL6+ security chip, which has reached military-grade levels and possesses the following security features:
- Built-in true random number generator (TRNG)
- Dual-core CPU, with one core for execution and the other for security detection
- Mask protection for all CPU registers
- Encryption of all NVM and RAM, with dedicated integrity verification protection
- Temperature, voltage, frequency, and light sensors, along with a specialized protective net
- DES, AES, and coprocessors for PKI calculations
Note: The core of a blockchain wallet is the private key, which is essentially a string of random numbers. The security of these random numbers directly affects the strength of the private key's security. The chip used by imKey generates random numbers through a true random number generator (TRNG). TRNGs typically generate random numbers using thermal noise, which provides strong randomness and high security, making them difficult to predict. This ensures the confidentiality of the private key at its source, thereby ensuring the security of the wallet. Consequently, the assets you store through imKey are secure because the private key's security is guaranteed.
Should Security Chips Be Open Source?
Whether security chips should be open source is a contentious issue. Open-sourcing means exposing the security design, which could introduce immeasurable security risks. It's akin to your military force constructing a defense fortress with great effort; to prove its security to the world, you would have to make your security designs public, inadvertently exposing them to enemies and providing opportunities for exploitation.
Security chips follow industry guidelines and international standards, and they have been widely used in military, financial, governmental, and civil sectors. Therefore, open-sourcing should not be the criterion for judging the security of a security chip.
The knowledge about security chips can be quite esoteric. In summary, when purchasing a hardware wallet, it is recommended to choose products that use security chips and have security certification qualifications to ensure the safety of your assets.
Web3 Beginners
See all articlesETH Wallet
Get Started
Introduction to Ethereum
Ethereum is a global, open-source platform for decentralized applications.
Launched in 2015, Ethereum is the world’s leading programmable blockchain.
Like other blockchains, Ethereum has a native cryptocurrency called Ether (ETH). ETH is digital money. If you’ve heard of Bitcoin, ETH has many of the same features. It is purely digital, and can be sent to anyone anywhere in the world instantly. The supply of ETH isn’t controlled by any government or company - it is decentralized, and it is scarce. People all over the world use ETH to make payments, as a store of value, or as collateral. Learn More
Ethereum Wallet
An Ethereum wallet can help manage your ETH tokens, including balance inquiry, transfer, etc. At the same time, you can interact with the decentralized applications built on Ethereum through the wallet.
🔸Wallet
- imToken on mobile - Provides secure and trusted non-custodial wallet services to millions of users in more than 200 countries and regions around the world
- imKey Hardware wallet - Safe and easy to use, protect your tokens and say no to token theft from now on!
🔸Please learn how to make a backup before creating a wallet
Purchasing Ether
There is a wide variety of ways to obtain Ether. Buying Ether through an exchange is the easiest and the most common way. Before doing so, make sure the exchange operates legally in the region you live in and accepts the methods of payment you wish to adopt.
Before any purchase make sure to learn about the different options and understand risks involved in buying Ether.
🔸Exchanges that support the purchase of Ether
- Coinbase
- Binance
- Huobi
- ...
Use
Ether Trading
There are plenty of centralized and decentralized exchanges that allow you to trade Ether and Ethereum-based tokens directly with other users.
🔸Decentralized Exchange Tokenlon
Tokenlon is a decentralized exchange powered by 0x protocol. It aims to offer a seamless trading experience with fast speed, competitive prices and many tokens. The trading tokens are completely controlled by users, and you can use Tokenlon to quickly complete currency exchange without topping up or withdrawing.
🔸Centralized Exchange
The centralized exchange acts as a custodian to offer trading with deposited tokens. Exchanges are easy to understand and usually provide good prices.
- Binance
- Huobi
- …
Ethereum Transaction
The way of processing transactions of banks and blockchains can be worlds apart. You may encounter problems such as transaction fail or incorrect wallet address while transferring Ether. Below is a list of articles elaborating how Ethereum works:
- Life Cycle of an Ethereum Transaction
- Accounts, Transactions, Gas, and Block Gas Limits in Ethereum
- What is the Ethereum miner fee?
- Understanding ERC-20 token contracts
- What are Ethereum Collectibles(ERC-721 Token)?
FAQ
- Cause and Effect of Failed Transaction
- What should I do if I transfer to a wrong address?
- How to set up the transaction fees?
- Transaction failed but the fee was still deducted.
Ethereum Mining
In Ethereum, PoS is employed to confirm transactions. This mechanism facilitates the synchronisation on Ethereum network so as to protect it from the 51% attack.
Study
Ethereum Founder
Vitalik Buterin, co-founder and chief scientist of Ethereum, born in 1994 and first described Ethereum in a white paper late 2013. Ethereum, launched in 2015, is a decentralized computing platform built on blockchain. In 2016, Fortune first placed him on its 40 under 40 list. Learn More
Ethereum Price
- CoinMarketCap: Cryptocurrency Market Capitalizations
- CoinGecko: 360° Market Overview of Coins & Cryptocurrencies
Ethereum Block Explorer
Ethereum Block Explorer is an open source web tool that stays synchronous with all Ethereum nodes and allows you to view information about blocks, addresses, and transactions on the Ethereum blockchain.
Ethereum News
The Role and Mechanism of Miner Fees in Blockchain Transfers
In blockchain networks, miner fees (also known as transaction fees) are the fees paid by users when initiating transfers or executing smart contracts. The primary role of miner fees is to incentivize miners to process transactions while ensuring the security and normal operation of the blockchain network.
Why Do Miner Fees Suddenly Increase?
Market fluctuations may cause a surge in transaction volumes on the Ethereum network, leading to severe congestion. Since Ethereum's network can only process a limited number of transactions per second, users often raise their miner fees to ensure their transactions are processed quickly, which leads to an overall increase in miner fees.
As a decentralized hardware wallet, imKey directly pays all miner fees to miners, and imKey does not charge any fees. Therefore, the increase in miner fees is not caused by imKey, so we’re not responsible for that!
After the miner fees increase, many users encounter issues with transfers. This article summarizes the 9 most common transfer issues, and you can "prescribe the right solution."
1. Why Do I Have to Pay Miner Fees?
When we make a transfer on the blockchain, a group of people known as "miners" handle and record our transaction information. They are constantly maintaining the security and stability of the blockchain network, so they charge a fee, which is the miner fee.
2. Why Are Miner Fees So Expensive?
Miner fees on the blockchain are adjusted in real-time. If many people are making transfers, transactions will queue up in the block network. Since Ethereum can only process a limited number of transactions within a specific timeframe, users who want their transactions processed quickly will raise their miner fees to ensure they get packaged sooner. This leads to an increase in the average miner fee across the network.
Currently, there are 160,000 transactions waiting to be packaged on the Ethereum network, which is why the miner fees are high.
Source: Etherscan Transaction Spending
3. What Should I Do If I Set the Miner Fee Too Low, and My Transaction Hasn't Been Confirmed?
If you've already initiated a transaction and want it to be confirmed quickly, find the pending transaction in your transfer records and click "Speed Up Transaction." This will allow you to increase the miner fee and expedite the transaction.
4. What Should I Do If the Miner Fee is Insufficient?
All tokens in your Ethereum wallet require ETH to pay for miner fees during transfers. If your wallet does not have enough ETH, the transfer cannot be completed, and you'll need to deposit ETH.
5. Why Haven’t My Multiple Transactions Been Successful?
If one of your transactions is pending and hasn't been confirmed, subsequent transactions will be queued and await processing. For transactions from the same address, miners need to process them in the order they were initiated. Only after the first transaction is successfully confirmed will the subsequent transactions be processed.
6. Can I Cancel a Transaction That’s Stuck in the "Packing" Status?
Blockchain transfers are fundamentally different from regular transfers. Once a transaction is initiated on the blockchain, it cannot be modified or canceled.
If your transaction has been stuck in the "packing" status for a long time, you have two options:
- If you're not in a hurry, you can wait patiently. Once the congestion on the Ethereum network eases, the transaction will succeed.
- If you need your assets to arrive urgently, you can choose to speed up the transaction by adding miner fees to ensure it gets processed sooner.
7. If the Transaction Fails, Will the Tokens Be Returned to My Address?
Only after the transaction is successfully completed will the tokens be deducted from your address. If the miner fee was set too low, causing the transaction to be discarded by miners (i.e., transaction failure), the tokens will remain in your address. (Note: the miner fee will still be deducted.)
8. How to Adjust Miner Fees When Using DeFi Applications?
When authorizing a transaction in imToken, click on the miner fee to enter the miner fee customization mode.
Note: When using DeFi applications to initiate transactions, please exercise caution when customizing the miner fee. Improper settings may cause the transaction to fail, resulting in the loss of the miner fee.
9. How to Properly Set Miner Fees?
imToken automatically adjusts to the best miner fee setting based on the current blockchain network. By using the default setting, you can ensure a fast transaction.
If you feel the default transaction fee is too high, you can select the "Economic" option from the three-speed options to lower the miner fee. However, this may slow down the transaction confirmation time.
Basic Characteristics of Blockchain
Blockchain has characteristics such as decentralization, immutability, irreversibility, and anonymity.
Decentralization:
The network operates without a central authority. The system relies on the fair constraints of multiple participants in the network, so the rights and duties of any set of nodes are equal. Each node stores all the data on the blockchain. Even if a node is damaged or attacked, it will not pose any threat to the ledger.
Immutability:
It ensures that information or contracts cannot be falsified. If the ledger were controlled by one person or a small group of people, the possibility of fraud would be very high. However, since everyone holds a copy of the ledger, unless over 51% of the network participants alter a specific record, any tampering will be ineffective. This is the advantage of collective maintenance and oversight.
Irreversibility:
The information on the blockchain must be irreversible and cannot be casually destroyed. The system is open-source and entirely transparent, so once a transaction is broadcast to the network and receives over 6 confirmations, it is permanently recorded and irreversible. Note: imToken requires 12 block confirmations.
Anonymity:
The identity information of the nodes in the blockchain does not need to be disclosed or verified, and the transmission of information can be done anonymously. For example, when you initiate a transaction to a wallet address on the blockchain, you cannot know exactly who is behind that address. Even if your private key is stolen by a hacker, the hacker's identity cannot be deduced from the wallet address.
In summary, these characteristics of blockchain ensure the system’s security, transparency, and decentralization advantages, while also driving the widespread adoption of blockchain technology across various sectors.
Error “invalid”or “incorrect length” when importing mnemonic
Please choose the corresponding solution according to the error you got.
Error “invalid mnemonic”
This happens because some of the words in your mnemonic aren’t in the BIP39 wordlist. You should find out the right words according to the wordlist.
Error “Incorrect length of Mnemonic Phrase”
This happens because the length of the mnemonic you imported is not 12/18/24 words. You need to check if you missed a word or entered an extra word
Error “incorrect mnemonic checksum”
To solve this error, we should understand what checksum is first. A checksum is the 12th word in your mnemonic, which is generated according to the first 11 words. It can also be used to verify the first 11 words. You may encounter this error under the following scenarios:
- You changed the word order.
- One of these words isn’t in the BIP39 wordlist.
Both of these cases are caused by a wrong backup of your mnemonic, so we suggest you to find the correct one.
The Five Most Common Misconceptions About Decentralized Wallets
This article uses imToken decentralized wallet as an example. Other digital asset wallets may have slight differences, so please refer to the official customer support of the respective wallet for more details.
Misunderstandings arise between people due to lack of understanding, and this is often the case when we come across new concepts, such as decentralized wallets. Moreover, blockchain technology is vastly different from the traditional centralized services we are used to, which makes these misunderstandings deeply rooted in our minds.
Below are the five most common misconceptions that new users have when using decentralized wallets. Have you encountered any of these?
Misconception 1: My assets are "stored" in the imToken wallet.
The primary function of a wallet is asset management, allowing users to make transfers or receive payments. This is similar to the accounts set up on centralized exchanges, but with a key difference: your digital assets are not stored in the hands of a decentralized wallet provider, and there is no custodial relationship between you and them.
A decentralized wallet does not control your wallet’s mnemonic phrase, which is a major difference from centralized platforms. On centralized platforms, your assets are controlled and managed by the platform, and users cannot access the mnemonic phrases or other information related to the platform's addresses.
When using a decentralized wallet, you manage your assets through the wallet application. The mnemonic phrase and private keys are under your control, and you can use the private keys to authorize and initiate transactions.
Key Point to Remember: Whoever controls the mnemonic phrase controls the assets.
Misconception 2: I made a mistake with the address while transferring. Can customer service help me get it back?
Blockchain wallet addresses are generally long strings of characters that are more complex and harder to remember than bank account numbers.
In most cases, people obtain the recipient's address by scanning a QR code or copying it. While mistakes are rare, some careless individuals may accidentally copy a token contract address, leading to assets being sent to an incorrect address. Once a transaction is confirmed on the blockchain, it cannot be frozen or reversed. The only way to recover the assets is by contacting the recipient. However, due to blockchain’s inherent anonymity, it’s often impossible to confirm the identity of the wallet owner. If assets are sent to the wrong address, they are effectively lost.
Thus, it is important to double-check the address before making a transfer. You can use wallet features, such as imToken's address book, to store frequently used addresses and enter them with a single click.
You can also use the ENS domain service to make your wallet address easier to remember.
Misconception 3: My asset balance is wrong. Can imToken adjust it for me?
To answer this question, let’s first understand where the asset information in your wallet comes from.
All your digital assets are essentially just cold data on the blockchain, and they don’t appear in a very user-friendly form. For example:
Unless you're a programmer, most people won’t understand this raw code. To make this information more understandable, developers have transformed this data, adding visual designs to present it in a more intuitive and user-friendly way.
We know that the asset information for each address is directly pulled from the blockchain, and it matches the data shown on blockchain explorers. The wallet simply presents this information in a more accessible way for users. If you feel your asset balance is wrong, you can cross-check it by using a blockchain explorer.
Misconception 4: All DApps accessible via the DApp browser are related to imToken.
To clear up this misunderstanding, we first need to understand what a "DApp browser" is.
If we disregard the first four letters, a browser is a tool for accessing websites, like Chrome, Safari, Firefox, or IE. We use browsers to visit websites such as Zhihu or Taobao. Similarly, a "DApp browser" is simply a tool for accessing DApps, which are native products of blockchain technology. Most wallets embed a DApp browser as a native feature.
While you can use the DApp browser to access third-party DApps integrated with your wallet, this doesn't mean that the DApp is associated with the wallet provider. It's like using Chrome to visit Taobao—while you can access Taobao, it doesn’t mean that Chrome is affiliated with Taobao.
A reminder: many fraudulent DApp projects take advantage of this misconception to trick users, creating the false impression that the project is affiliated with the wallet.
Misconception 5: imToken can only manage ETH assets.
Many users still associate imToken with its version 1.0, thinking that it can only manage ETH and ERC20 tokens. Users often ask, "When will imToken support BTC or TRX?"
I want to tell you: imToken now supports assets from 14 mainnets, including ETH, BTC, EOS, COSMOS, BCH, LTC, CKB, TRX, KSM, DOT, FIL, XTZ, GOGE, and Osmosis. With a single mnemonic phrase, you can manage assets from these 14 mainnets.(Note: imKey currently does not support XTZ, DOGE, or Osmosis.)
This article is referenced from the imToken Help Center, and the content is applicable to the imKey hardware wallet as well.
EOS Wallet
Get Started
Introduction to EOS
EOS, the Entrepreneurial Operating System, is a public blockchain system developed by Block.One. The core developer of EOS is BM (Daniel Larimer).
EOS has gained notable attention from the blockchain industry since it was born. As a public blockchain project, EOS is very different from Bitcoin and Ethereum in terms of design model and technical implementation. And it aims to achieve performance expansion of distributed applications. Learn More
EOS Wallet
An EOS wallet is an application that can easily save and send EOS, and at the same time can interact with the applications built on EOS through the wallet.
🔸 Wallet
🔸 Before creating a wallet, please learn how to backup your wallet
Purchasing EOS
The easiest way to get EOS is to buy. There are many digital currency exchanges on the market where EOS can be purchased, but users need to choose the preferred exchange according to the location and payment method.
🔸 Exchanges that support the purchase of EOS
- Coinbase
- Binance
- ...
Use
EOS Trading
You may want to obtain EOS through token exchange. Most exchanges on the market support EOS trading. You can choose a decentralized exchange or a centralized exchange according to your needs.
🔸 Decentralized Exchange Tokenlon
Tokenlon is a decentralized exchange powered by 0x protocol. It aims to offer a seamless trading experience with fast speed, competitive price and more token options. The trading tokens are completely controlled by users, and you can use Tokenlon to quickly complete currency exchange without topping up or withdrawing.
🔸 Centralized Exchange
The exchange acts as a custodian to provide a valuable service with liquidity, featuring low learning costs and high matching efficiency.
- Binance
- okx
- …
EOS Transaction
EOS transfer is very different from traditional bank transfer in a centralized world. Now you need to understand the EOS transfer mechanism and the situations you may encounter.
You may wonder, does EOS transfer require no miner fees? Why do I get a “Insufficient resources" reminder when transferring money? This part will be introduced in detail in the next module “EOS Resource Management”.
🔸 How to transfer money without mapping on EOS mainnet
EOS Resource Management
EOS users need to stake or rent resources to obtain the right to use the EOS network. The EOS resources include: RAM, CPU, and NET.
RAM may be consumed while transferring, purchasing resources, staking, reclaiming, voting, etc. And RAM must be obtained through purchase. You can now buy and sell RAM resources through imToken, and obtain CPU and NET resources by staking.
- What is EOS Resources?
- EOS Account Resource Details
- How to Purchase EOS Resources?
- Announcement | imToken Supports More EOS Wallet Functionalities
EOS Voting
EOS uses the DPoS consensus mechanism, which elects 21 super nodes through community voting to maintain the EOS network, and provides computational power, bandwidth, and storage support for the EOS network.
Learn
EOS Explorer
The EOS block explorer is a website where you can check EOS blocks, transactions, EOS tokens, wallet addresses and other information. It updates all EOS node information in real time.
EOS Price
EOS News
Security and Alerts
See all articlesSecurity Alert|TRX multisig scams
Summary
Recently, TRX multisig scams have been rampant. Scammers get users’ mnemonics by luring them to download a fake imToken App. Instead of directly stealing tokens away, they change users’ TRX wallet account permissions, causing users to lose control over their tokens. In this article, how those scams are carried out will be explained to help you guard against them.
What are TRX multisig scams?
After a TRX wallet is created, the default wallet owner permission belongs to the account itself with the threshold being one. In other words, transferring through the wallet requires authorization signed by one address holding the permission.
Note: owner permission stands for the supreme control of a TRX account. With that permission, an address can operate the account in all manners.
With the ill-gotten mnemonic, scammers will change the user’s TRX account permission to get the owner permission, turning the threshold into two. In this case, sending tokens through the wallet needs authorization signed both by the user’s address and the scammer’s address.
That is why such scams are called TRX multisig scams since the user needs signatures from both his address and the scammer’s to transfer through the TRX wallet. This means that authorization from the scammer’s address is needed for any transactions from the user. The user will encounter an error pop-up “server:SIGERROR” if his transaction does not have the scammer’s signature.
Suppose there is a firm with two partners, and they make it a rule that all major decisions can be executed only if both partners agree to sign the authorization, i.e., multi-signature. If one partner disagrees, the decision is not approved.
A multisig TRX account is similar to that company. Therefore, even with the mnemonic, the account user cannot make a transfer by himself.
Users can only transfer tokens into his account, but not out of it. Scammers take advantage of this to play the long game. The user may keep transferring tokens into the account if he only uses it to receive payments from others and never check out his account permission.
Apart from luring users to download a fake imToken App, scammers will also carry out TRX multisig scams in these two ways:
- Promoting top-up websites on social media platforms such as Telegram to lure users to deposit with their digital tokens. In fact, scammers can get the owner permission of a user’s account during depositing.
- Releasing their mnemonics or private keys on social media platforms such as Telegram and WhatsApp to lure users to send TRX as transaction fees into wallets. But in fact, the owner permissions of those wallets have already been transferred by scammers. In the end, all TRX in the wallets will be stolen.
PSA
imToken security team reminds you that
- Please go to https://token.im/ to download imToken.
- There is no such thing as a free lunch.
- Check out your TRX wallet account permission regularly.
How to check out your TRX wallet account permission?
1. Open your TRX wallet and switch to the “Browser” page. Enter TRONSCAN in the search box and launch the DApp.
Scam Alert | Domain tokens in TRX wallet
Summary
Recently, some users reported receiving domain name tokens in their TRX wallets, which lure users to visit phishing sites to gain transfer permissions. imToken and Tronscan have blocked 370 such tokens, improving wallet interface cleanliness and preventing fraud. Users are advised not to visit links associated with these tokens and to report them through the "Help & Feedback" section in the app.
It was reported by some users that they received domain tokens such as 365haxi.com in their TRX wallet in early September. Scammers airdropped these domain tokens to users to lure them to visit phishing websites and gained access to the user's token allowance through malicious authorization, thus stealing the user's tokens.
imToken has teamed with the risk control department of Tronscan to block these scam tokens and 370 tokens have been blocked. On the one hand, it cleans the TRX wallet page, and on the other hand, it prevents users from visiting the phishing websites.
PSA: If you receive scam domain tokens in your wallet, do not visit the corresponding websites! And immediately report them to us via "Support and Feedback" in the App.
Scam Alert | Addresses with the same last characters
Scammers deceive users by generating addresses with matching end digits and making small transfers, leading users to mistakenly believe they are transferring to a familiar address. imToken advises users to carefully verify addresses before making any transfers and recommends using the address book feature to save frequently used addresses to prevent errors.
Some users have a habit of copying the recipient address in their transaction history when transferring funds.
Scammers take advantage of this and generate fraud addresses with the same last characters. For example, in the picture below: the address that the user often transfer money to is "TWKWPn...krvgWS", and the fraud address is "TANWTY...grvgWS". They have the same last characters "rvgWS".
By transferring a small amount of money to the user, the fraud address will appear in his transaction history. When the user wants to start a transaction and copies the address from the history, he can easily make a mistake and transfer money to the fraud address if he only checks the last characters, resulting in loss of tokens.
PSA: Information stored on blockchain is non-temperable. So once your transfer is successful, it cannot be cancelled or changed. Please be sure to check the address carefully before transferring!
In addition, imToken recommends you to use the address book to keep the frequently used addresses. In this way, you can avoid transferring to a wrong address.
How to use the address book?
Set up your address book
Open imToken and click “My Profile” - “Address Book”. Then, click the “+” icon at the top right corner to add addresses.
Note: please check whether the added addresses are correct or not before clicking “save”.
Make transactions with the address book
Here is an example to transfer USDT with the TRX wallet. First, choose USDT and click “Send” to enter the transfer page. Then, click the icon on the right side to enter the address book where you can find the address. After entering the amount and checking the transfer details, you can click “Next” and enter your password to complete the transfer.
My USDT was sent out from my wallet without my consent. How did that happen?
Summary
An authorization scam involves tricking users into performing transfers, staking, or similar operations to steal their token transfer permissions. Scammers typically use tactics such as purchasing virtual goods, QR code payments, or pretending to offer "staking mining" opportunities, leading to the theft of tokens from the user's wallet. Users should remain vigilant and properly manage their transfer permissions.
User A: I purchased a TikTok account online, but the payment failed, resulting in a deduction of my TRX. Additionally, my USDT disappeared unexpectedly.
User B: A guy asked me to scan a QR code and transfer 1 USDT to him. I did what he said then all my USDTs were sent out from my wallet without my consent. How did that happen?
User C: Someone told me I could earn rewards by depositing tokens into an address. I did as instructed because it was a good opportunity to grow money. After transferring money to that address, however, my wallet was drained.
How can a scammer drain your wallet without your consent? The answer is token approval.
What is Token Approval?
Google Play offers a family payment method through which your family members’ purchases, such as books and movies, are charged directly through your account. Even if your family doesn't know your Google Play password, they can still use your money.
Token approval is similar. When you unconsciously give a scammer the token approval authority, they can move your funds to their wallets without knowing your mnemonic or password.
And scammers often use virtual items, QR code payment and liquidity mining tricks to scam crypto investors. Let’s take a closer look at each of these tricks.
Inducement to Purchase Virtual Items
When you pay for virtual items such as TikTok accounts or SMS codes online, the scammer will direct you to make the payment through a crypto wallet.
If you are entering a page that "authorizes token transfer authority" during a payment, it indicates that you are authorizing a transaction, not making a regular transfer. If you enter your password and sign in on a fraudulent payment link created by scammers, you will grant them transfer authority for your tokens. With this authority, scammers can transfer tokens from your wallet without your permission.
Additionally, after the payment, the scam website often displays prompts like "payment failed," "insufficient TRX," "network connection error," or "insufficient funds," causing you to mistakenly believe the payment was unsuccessful. This may prompt you to switch to another address or transfer more tokens to continue the authorization. In reality, these pop-ups are set by the scammer on their fraudulent website, not genuine notifications from your wallet app. The scammer's aim is to gain transfer authority over more of your tokens.
QR Code Payment Trick
Here, scammers lure you to scan a QR code or click a link, which opens a scam website mimicking the transfer page of your wallet app. The site takes you through an imitation of the familiar transfer interface. Instead of the transaction confirmation, a window for approving unlimited token balance shows.
Note: You can distinguish between real and fake transfer pages by checking the icon in the upper right corner of a page. The icons in the top right corner of a fake page are "..." and "X," while that of a real page is a QR code scan icon.
Liquidity Mining
Scammers impersonate imToken officials on channels such as Telegram, WhatsApp, Youtube etc. and offer you a salivating investment opportunity, such as depositing USDTs into their website and participating in liquidity mining or staking to get guaranteed daily earnings; the more tokens you deposit, the higher the rate of return.
Some scammers even tell you that no principal is required; pay some miner fees to join the network, then receive a stable income. Sounds too good to be true? Well, it probably is!
When you confirm a transaction on the scam website to start the so-called liquidity mining or staking, you give the scammer unlimited token allowance.
So when you make a transaction or invest in a project, please pay attention to whether the "Approve Allowance" page pops up in the app, and stay alert.
imToken Optimizes Signature Experience
In response to these three types of scams, imToken has optimized the signature experience. When you sign such transactions, imToken will clearly inform you that you are "approving a contract to transfer" and display the amount of tokens being approved. We advise you to stay vigilant during transactions. Additionally, if the approved recipient is a personal address, imToken will warn you that “there is a high likelihood of fraudulent activity.”
Security Reminder
- Be vigilant of SMS code reception, account purchases, fake exchanges, high-yield or guaranteed profit websites.
- Avoid making payments or transfers on unknown websites. Learn to differentiate between authorized and regular transactions, identify pages requesting unlimited authorization, and never enter your password for authorization on suspicious sites.
- Exercise caution with authorizations. On the authorization page, verify the contract address and check the contract label and transaction history using a block explorer to confirm the contract’s legitimacy.
How to Check Whether You Have Approved a Third Party to Transfer Your Tokens
Approve scams are common on Ethereum and TRON blockchains. This blog explains how to check and cancel the approval of your ETH and TRX addresses respectively.
TRX Wallet
Prerequisite:
Ensure you have at least 30 TRXs in your wallet for transaction charges. If not, please purchase some through exchanges and transfer them to your imToken TRX wallet.
1. Open the TRX wallet, swipe the function bar to the left, and tap "Revoke" to enter the "TRONSCAN" page, which automatically connects to the wallet for querying approvals.
Note: TRONSCAN is a tool for querying and managing TRX wallet approvals.
2. Scroll the page down and click "Approval," then all third-party addresses you have approved will be displayed on the page. If you find the "Approved amount" of an unknown project is unlimited or 999999…, it is likely to be a fraudulent address. Please revoke the approval immediately!
3. Click "Cancel" to revoke the approval. After the approval is successfully removed, the status will change from "Cancel" to "Canceled."
4. Check all your approval records to ensure all your unlimited token apptovals are canceled.
ETH Wallet
Prerequisite:
Ensure you have at least 0.02 ETH in your wallet for transaction fees. If not, please purchase some through exchanges and withdraw them to your imToken ETH wallet.
Note: When withdrawing tokens, please select "Ethereum Network" as your withdrawal network.
1. Open your imToken ETH wallet, swipe the function bar to the left, and tap "Revoke" to enter the "Revoke" page, which automatically connects to the wallet for querying approvals.
Revoke.cash: A tool that supports managing approvals across Ethereum, Arbitrum, Optimism, BSC, Polygon, Avalanche, and other networks. On this page, click the Ethereum icon to switch networks and view the approved details for the corresponding network.
2. Scroll down to the bottom of the page to view the approved status of the account. Check your approved amounts, the approved Spender, and the last updated list.
If you want to revoke an approval, find the token or NFT in the approved list that you want to revoke, swipe left, and click 'Revoke.' Confirm again on the pop-up page to cancel the approval.
3. After the cancellation is done, return to the wallet home page and click "Activity" to check the status of the transaction. When the status changes from "Pending" to "Successful", it indicates that you have successfully canceled the approval.
4. If you want to change the token approved amount, click the "✏️" icon to the right of the amount to edit it. After entering the new value, click "Update" and confirm again on the pop-up page.
The middle picture above shows "Approved Spender" including Uniswap, Aave, etc. This is because when we trade in DEXs, we need to approve first to allow DEXs to complete token swaps.
However, if you find an unfamiliar address in the Spender column and you do not recognize or understand who controls that address, it is likely a scammer's address. Please cancel the approval immediately!
Conclusion
As we wrap up our exploration of unauthorized USDT transactions, the significance of staying informed and proactive cannot be overstated.
The insights gained into approve scams and scam victim experiences are crucial elements in the ongoing battle against crypto fraud. By raising awareness, understanding the tactics at play, and bolstering protective measures, we collectively contribute to a stronger defense against unauthorized access and potential loss. Let these lessons guide us as we traverse the dynamic world of Web3.
Contact us in the App or email us via support@token.im when in doubt.
Beware of TRX wallet account permission change scam
Summary
In a recent TRX wallet account permission scam, scammers trick users into using a provided mnemonic phrase, which in reality updates the account permissions, transferring the highest authority to the scammer. As a result, users are unable to make transfers. Users should remain vigilant, avoid accepting mnemonic phrases from others, and ensure their security by downloading imToken through official channels.
What is TRX wallet account permission change scam
The thriving blockchain industry has been plagued by scams leading to assets lost. Scammers set novice crypto users up by taking advantage of the knowledge gap, such as cheating users’ transfer authorization by offering them good investment opportunities, or stealing mnemonics through fake official websites and Apps.
Recently, fraudsters have upgraded their scams to cheat others by exposing mnemonics. This article is a breakdown of the scam.
Since mid-May, many imToken users reported that they encountered an error pop-up when transferring through their TRX wallets. (Shown in the picture below)
According to on-chain data, we found that those wallet addresses all have updated their account permissions.
The overview shows that the “Owner Address”, i.e. the user’s TRX wallet account, transferred its “Owner Permission”, the supreme control over an account, to address B. This means any transaction initiated by “Owner Address” should be approved by address B.
A TRX account usually has two permissions, namely, “Owner Permission” and “Active Permission”.
Owner permission represents the supreme control over an account. An address granted with that permission can operate the account in all manners.
In contrast, an address with active permission is only allowed to a combo of actions, such as transferring TRX and freezing assets.
Simply put, if users give up the owner permission and transfer it to a third party, they’ll get error pop-ups when starting a transaction.
So why would they give up the permission?
According to users’ feedback, their wallet mnemonics are given by others, not generated by themselves.
For instance, Tom lends $1000 to an internet friend who offers his mnemonic containing the commensurate amount of cryptocurrency in exchange.
Tom sees the tokens in the wallet after importing the mnemonic. However, an error pop-up shows up when he tries to transfer.
Because the internet friend, the scammer, updated the account permissions before giving Tom the mnemonic. The tokens in the wallet cannot be moved even though Tom has the mnemonic since the owner permission is only accessible to the scammer now.
Apart from tricking users to lend them money by offering mnemonics, scammers will also steal users’ mnemonics through enticing them to download fake imToken and change the owner permission, causing users to lose control of their accounts. In this circumstance, users can only transfer tokens into their wallets, but not out of them.
PSA:
- Please stay alert if someone wants to borrow money from you by giving his mnemonic. In this case, he is very likely to be a scammer.
Please go to https://token.im to download imToken and carefully keep your mnemonic without exposing it to others. If you download imToken from App Store or Google Play, make sure the developer is IMTOKEN PTE.LTD
Security Tips: How to Safely Store Your Digital Wallet
Summary
This article addresses common security issues encountered when using decentralized wallets, including improper backup of mnemonic phrases, accidentally granting transaction permissions to malicious contracts, falling victim to scams, and hacker attacks. For each issue, the article provides detailed countermeasures to help users better protect their digital assets.
As cryptocurrency becomes more widespread, decentralized wallets are increasingly popular due to their high level of autonomy and security. However, using decentralized wallets also comes with certain security risks. This article will detail these common issues and provide corresponding strategies to help users better manage and protect their digital tokens.
1. Failure to Properly Back Up Mnemonic Phrases
Decentralized wallets do not store users' mnemonic phrases, and once lost, they cannot be recovered. Statistics show that one of the most common reasons for token loss is users failing to properly back up their wallet's mnemonic phrases. If a mnemonic phrase is lost or improperly stored, the tokens in the wallet may be permanently lost. Additionally, if the mnemonic phrase is not securely stored, the tokens can easily be accessed by others.
Countermeasures:
- Before using the wallet, ensure the correctness of the mnemonic phrase and back it up properly.
- Use physical media to back up the mnemonic phrase, such as writing it down on paper or using a mnemonic phrase storage box, to ensure its security.
- Ensure secure storage throughout the entire process, and consider necessary disaster recovery to avoid the risks of single-point backup failure.
2. Accidental Authorization of Transfer Permissions to Malicious Contracts
Authorization operations typically occur during interactions with DApps. Be cautious when granting permissions, as if the authorization is given to a malicious contract, the tokens in your wallet may be transferred without your confirmation. The DApp ecosystem is mixed, and careless authorization could lead to asset loss. The only way to avoid such risks is by increasing your security awareness.
Countermeasures:
- Review Contract Source Code: Seek professional auditors to review the contract code to ensure its security.
- Use Trusted Contracts: Prefer reputable and trusted contracts.
- Regularly Check Wallet Authorizations: If you notice your wallet has authorized unknown contracts, revoke the authorization as soon as possible. Recommended site for checking and revoking authorizations: https://revoke.cash/zh.
- Be Cautious with Transfer Permissions: Do not easily authorize transfer permissions, and remain vigilant after authorization, ready to revoke permissions if necessary.
3. Falling Victim to Scams
Scammers employ a variety of tactics, and users who are not highly alert may inadvertently give away their mnemonic phrases or transfer permissions, leading to token theft.
Countermeasures:
- Protect Your Mnemonic Phrases/Private Keys: Any request for your mnemonic phrases/private keys via SMS/phone scams is untrustworthy.
- Avoid Clicking Unknown Links or Downloading Unknown Software: These could be phishing sites disguised by hackers.
- Ensure Website Security: Use reputable websites and ensure that the site's security certificate is valid.
- Regularly Monitor Accounts: Regularly check your wallet accounts to ensure their security.
- Consult Professionals: If you encounter a scam, consult professional institutions or the police.
4. Being Hacked
On the blockchain, mnemonic phrases represent ownership of assets. Once someone else gains access to your mnemonic phrases, they can import them into another device and steal your tokens. Therefore, it's crucial to securely generate and back up mnemonic phrases.
Countermeasures:
- Use Offline Hardware Wallets: Generate and store private keys with offline hardware wallets to enhance security. Avoid storing them on internet-connected mobile devices to prevent hacking and theft.
- Download Wallet Software and Apps Only from Official Channels: Avoid downloading unverified software to minimize security risks and prevent malware from stealing your digital assets or other sensitive information.
- Avoid Copying and Pasting Mnemonic Phrases or Private Keys: Manually enter them to enhance security. Additionally, avoid jailbreaking or rooting your device to prevent hackers from exploiting vulnerabilities to steal your digital assets or other sensitive information. Do not visit unknown links to avoid phishing attacks and data breaches; only visit known and trusted links.
Additional Recommendations
-
Separate Hot and Cold Wallets
- Hot wallets (e.g., imToken) are easy to use but require good security awareness. Hardware wallets (e.g., imKey) use secure chips to maximize private key security at the hardware level, making them more beginner-friendly. It is recommended to use imToken software wallets for small assets and imKey hardware wallets for large assets. Combining both ensures a good user experience while maximizing asset security.
-
Regularly Update Software and Operating Systems
- Regularly update or upgrade the software and operating systems on your devices to fix vulnerabilities or bugs and prevent hacker attacks.
-
Manage Applications on Your Device
- Limit applications' auto-start settings, thoroughly delete unnecessary applications, and avoid installing software from unknown sources. Avoid installing applications with remote desktop viewing functions, as malicious actors may use them to spy on your desktop and steal your mnemonic phrases or private keys.
-
Disable Cloud Storage
- Do not use automatic cloud functions to upload sensitive data to online accounts, as this could lead to sensitive information leaks if cloud data is compromised.
-
Use Strong Passwords
- Set strong passwords that include uppercase letters, lowercase letters, numbers, and special characters, and regularly change your passwords.
Final Recommendations
Decentralized wallets offer users greater security and autonomy, but they also come with certain security risks. By understanding these common issues and adopting the corresponding strategies, users can better protect their digital assets.
Lastly, in the "dark forest" of the blockchain world, always remember these two security principles:
- Zero Trust: Maintain a high level of skepticism at all times.
Continuous Security Validation: If you choose to trust something, you must have the ability to verify your doubts and make this practice a habit.
Experience Web3 Projects
See all articlesimKey RWA NFT Purchase and Physical Delivery Guide
This guide will walk you through the process of purchasing imKey hardware wallet RWA NFTs on RareShop and claiming physical delivery.
1. RWA NFT Project Overview
RareShop has partnered with imKey, the hardware wallet brand under imToken, to issue an RWA NFT for the imKey family pack on the Mint Network, based on the ERC7765 asset protocol standard. Priced at $139, this NFT allows users to opt for physical delivery, gift transfers, and potentially receive airdrop rewards from the Mint ecosystem. RareShop offers an all-in-one Web3 digital solution for businesses and brands, supporting crypto payments, privacy protection, and product pre-sales.
Key Links:
2. Step-by-Step Purchase Guide
Step 1: Bridge funds to Mint Blockchain
Utilize the fast cross-chain bridge on Mint Blockchain to quickly, securely, and affordably transfer assets to Mint, ensuring efficient transfers while maintaining robust security and low fees.
🍀Steps to Use Mint Fast Bridge
- Visit the Official Website: Go to the Mint Blockchain website Bridge page.
- Connect Your Wallet: Click on the "Connect Wallet" and follow the prompts to link your wallet.
- Choose the Chains: Select the blockchain from which you want to transfer assets to Mint Blockchain.
- Complete the Transfer: Enter the amount you wish to transfer and confirm the transaction.
🍀Tips
-
Large Transfers: IFor deposits over 2 ETH or withdrawals over 0.5 ETH, use the official Mint Superbridge for a more robust solution.
-
Specific Tokens: For USDC or USDT cross-chain transfers, head over to the official Mint Superbridge for an optimal experience.
Step 2: Purchase the imKey RWA NFT on RareShop
- Go to the purchase page .
- Connect your wallet.
- Purchase the imKey RWA NFT with either 139 USDT or USDC.
- If you are a MintID or activated GreenID NFT holder, you’ll receive a $15 cashback. New users to the Mint ecosystem, among the first 5,000, will receive a $15 coupon for your next RareShop purchase.
Step 3: Physical delivery
- Go to the physical delivery page .
- Please complete the required shipping information. Shipping costs will be calculated based on your delivery location. If your country/region isn’t listed, select “Other” and provide details for your country/region. A flat rate of 40 USDT will be applied.
By following the steps above, you can successfully purchase and redeem your imKey RWA NFT and enjoy a new on-chain shopping experience.
How to use imKey Pro to swap in Tokenlon?
This article provides a step-by-step guide on how to use imKey to perform token swaps on the decentralized exchange Tokenlon.
Besides securely storing assets, imKey also supports the use of Tokenlon's swap feature for tokens trading.
What is Tokenlon?
Tokenlon is a decentralized trading and settlement protocol that provides users with fast, competitively priced, and diverse decentralized cryptocurrency exchange services.
How to use imKey Pro to swap in Tokenlon?
- Open the ETH wallet on imKey and enter the "Market" page. On the market page, set the token and amount you want to exchange, then click "Review".
- After reading the Tokenlon Service Terms, click "I have read and agree to the Tokenlon Service Terms" and confirm.
- After verifying that the order information is correct, click "Request imKey Confirmation" and confirm by signing with imKey. Please wait patiently until the exchange is successful. Note: The signing process requires multiple confirmations.
Note: The signing process requires multiple confirmations.
Note: If prompted "Order has expired, please place your order again," it means that the transaction request has timed out, and you will need to click "Request imKey Confirmation" again and complete the signing with imKey.
- Return to the ETH wallet and check if the assets have arrived. If not, click '+' - 'All My Assets', then click the '+' symbol on the right side of the token to add the token to the wallet homepage.
How to Use Orbiter Finance with imKey?
Summary
To perform cross-chain asset transfers using Orbiter Finance with imKey, open imKey, switch to the Ethereum network, search for and open the Orbiter Finance app. Select the token and network you want to transfer to, enter the amount, click confirm, and complete the signature on the hardware device. After the transaction is complete, switch to the target network to check your assets. If you encounter any issues, contact Orbiter Finance official support.
What is Orbiter Finance?
Orbiter Finance is a decentralized cross-rollup bridge for transferring the Ethereum-native tokens, which is the infrastructure of Layer 2, it offers low cost and almost instant transfers. Orbiter Alpha supports cross-rollup transfers between Ethereum, StarkNet, zkSync, Loopring, Arbitrum, Optimism, Polygon, BNB Chain, ZKSpace, Immutable X, dYdX, Metis and Boba.
Click here to know more about Orbiter Finance.
How to Transfer Tokens through Orbiter Finance?
Orbiter Finance allows you to move your tokens across different blockchains. Here are the steps to transfer USDT from Polygon to zkSync through the bridge:
- Open the imKey wallet, click on "Bridge" find "Orbiter " and open the app.
- Click "Confirm" to allow the app to access your wallet address.
- Select the token you want to transfer cross-chain, as well as the networks for sending and receiving the assets.
- After entering the amount of tokens to transfer, click "SEND," then "CONFIRM AND SEND," and finally "Request confirmation from imKey." Complete the signature confirmation on the hardware device.
- Wait for the status to change from "Processing" to "Completed," and for three green checkmarks to appear below, indicating that the transaction is complete. Then, return to the imKey homepage, switch to the zkSync Era network, and you will be able to see your assets.
If you encounter any issues while using Orbiter Finance, please contact Orbiter Finance support through the following channels:
- Discord: http://discord.gg/orbiter-finance
- Twitter: https://twitter.com/Orbiter_Finance
Lastly
imKey is a professional hardware cold wallet incubated by imToken, deeply integrated with imToken and also supporting the Layer2 ecosystem. If you have higher security requirements for your wallet or need to store large amounts of assets, we strongly recommend using the imKey hardware wallet. imKey will provide you with exceptional security and a convenient user experience.
Risk Disclaimer: The content of this article does not constitute any form of investment advice or recommendation. imToken makes no guarantees or commitments regarding the third-party services and products mentioned in this article and assumes no responsibility. Token investments carry risks; please carefully assess these risks and consult relevant professionals before making any decisions.
How to Rent Tron Energy on Feee.io?
What is Feee.io?
Feee.io is an energy rental platform on TRON, where users can obtain the energy they need at a lower cost from TRX stakers. This effectively reduces the burning of TRX in their accounts and decreases transaction fees when transferring USDT.
The rental period for energy can range from 1 hour to 1 month. Read more information about Feee.io.
How to Use Feee.io in imToken?
1. Enter imToken, switch to the TRON account, and click "Rent” to launch Feee.io.
2. The default recipient is your current wallet address. Enter the amount of energy and rental duration you need, click "Pay", and confirm the payment again in the pop-up window. Once the order is completed, the energy will be credited to the corresponding account.
FAQ
Q1. When will the energy be credited after a successful payment?
A: The energy will be credited within a few minutes after payment. Due to broadcasting delays and other reasons, there may be a delay of 5 to 10 minutes in rare cases.
Q2. How long does it take for energy to recover after use?
A: The energy will be restored within 24 hours after use.
Q3. How to rent bandwidth?
A: You can enter the "Trading Market" from the menu bar in the upper left corner of Feee.io, click "Buy" and select bandwidth.
Q4. Can an order be canceled?
A: Once an order is created, it cannot be canceled.
Q5. What should I do if the order fails but tokens are still deducted?
A: You can send an email to service@feee.io or contact the official customer service of Feee.io on Telegram at @trongascom.
Learn more about Feee.io FAQs.
Risk Warning: The content of this article does not constitute any form of investment advice or recommendation. imToken does not make any guarantees and promises for the third-party services and products mentioned in this article, nor assume any responsibility. Token investment has risks. You should carefully evaluate these investment risks and consult with relevant professionals to make your own decisions.
How to Participate in Non-Custodial ETH Staking with imKey?
If you hold 32 or more ETH, you can choose to use imKey to participate in non-custodial ETH staking. This article will guide you step-by-step on how to do it.
imKey hardware wallet now officially supports non-custodial ETH staking in imToken.
imToken’s 'non-custodial' solution is suitable for users with high requirements for asset security. This approach allows staking users to earn stable returns while ensuring maximum ownership and control over their staked assets, without the need to worry about the operational services of the validator node.
If you have 32 or more ETH, you can choose the non-custodial staking solution and own a validator node at the Ethereum consensus layer.
Step-by-Step Tutorial for Non-Custodial ETH Staking with imKey
- Open imToken, click on the navigation bar in the top left corner to enter the 'Select Account' page, then click on the ETH account of the imKey hardware wallet.
2.On the ETH wallet homepage of imKey, click 'Stake' to access the ETH staking page, then click 'Stake' again. Enter the number of validators you want to purchase. One validator requires a deposit of 32 ETH. After confirming the number of validators, click 'Next' to access the fee confirmation page.
3. Choose the imKey ETH wallet address and confirm the fees. The fees are divided into four parts:
- Staking Amount: Each validator requires 32 ETH to be staked.
- Service Fee: InfStones charges a service fee of 0.2 ETH/validator/year for maintaining node operations.
- Block Reward Sharing: Automatically distributed proportionally each time additional block rewards are generated, with 80% allocated to the validator and 20% to the service provider.
- Gas Fee: The gas fee required to send the transaction. It varies depending on the real-time Ethereum network situation.
Note: The current service fee is 0.2 ETH/validator/year. Please refer to the service fee shown in your wallet when staking.
4. Carefully read the risk terms. After verifying that they are correct, check the box to confirm the terms. Please note:
- The mnemonic phrase of your imKey ETH wallet will be used to retrieve the assets staked on the consensus layer. Therefore, back up your mnemonic phrase securely. You cannot retrieve the staked ETH principal and accumulated earnings if you lose your mnemonic phrase.
- For backing up your mnemonic phrase, it is recommended to use the imKey stainless steel mnemonic phrase HeirBoxes.
5. After confirming the terms, the 'In-App signature' interface will be prompted. Click 'Request confirmation from imKey', and then confirm the authorization signature on your imKey.
6. After the 'Creating Validators' process is completed, proceed to the request staking step. Click 'Request confirmation from imKey', and at the same time, confirm the payment information, recipient address, and gas fee on your imKey.
7. Wait for Consensus Layer Confirmation and Validator Activation
- After a successful transaction, wait for the consensus layer confirmation, which will take 12-18 hours.
- Once the transaction is confirmed on the consensus layer, the validator will be in a 'Pending' state, waiting for activation. You will wait for activation since only 900 validators are activated per day. As of press time, the activation waiting time is about four days.
- When the validator reads "Active" status, it means it has been activated and is generating rewards. You can check APR and accumulated earnings on the ETH staking interface.
- Beacon Chain explorers:
Rewards Explanation
ETH staking earnings consist of two parts:
- Staking rewards: Validators receive this reward for checking new blocks and “attesting” to if they are valid at the Ethereum consensus layer.
- Block rewards: When a validator is chosen to propose the next block, it can obtain the gas fees for all transactions in the corresponding block. In addition, it can also receive additional auction income through the block auction market.
You can learn more about the Rewards Structure of Non-Custodial ETH Staking Services.