Blog

On April 18, 2023, a KOL known as 'LoMao Principal' disseminated an airdrop tutorial titled 'Branded Airdrop, Double Reward, Estimated Return of 5000 USD for ZKS Quality Account' on Twitter. This tutorial, however, directed users to a fraudulent Orbiter cross-chain bridge website, serving as a phishing lure. Users who interacted with the project as instructed had their Ethereum (ETH) transferred directly to the scammer's wallet. Having accrued more than 30 ETH from the scam, the KOL has since deleted their account. This incident dubbed the 'LoMao Principal' event, has brought to light a more clandestine phishing scam methodology. Conventional phishing scams typically employ malicious links disguised as legitimate ones, propagated through search engines, emails, or social media. Most users are usually adept at identifying and avoiding these tactics. Yet, the phishing link was ingeniously embedded into the airdrop tutorial in this new case. The novelty can ensnare even those familiar with the blockchain industry and 'Point-and-Click' operations, underscoring the importance of maintaining constant vigilance and never trivializing potential threats. So, how can you avoid such incidents? Do not casually click on advertisement links from search engines and unknown websites. Bookmark frequently used addresses to prevent phishing scams. Never blindly trust airdrop tutorials or their associated links online. After interacting with an unknown contract, immediately revoke relevant authorizations. Before investing, conduct thorough research and make rational investment decisions based on your own capabilities and risk tolerance. Scams Exposed Security Alert | Beware of eth_sign Signing scams Recently, eth_sign signature phishing scams have run rampant, with scammers propagating phishing websites through search engines, emails, or social media and luring users to eth_sign signatures through WalletConnect and other means. Since signers are often unaware of what they're signing, a potential phishing risk arises. Once the signing is done, the scammer can steal your assets limitlessly. How do these scams occur? Click to view the security alert | Beware of eth_sign signing scams. To counter such scams, the new version of imToken has upgraded its risk control system. When a user visits a third-party DApp to call eth_sign for message signing, imToken will provide a risk warning pop-up, alerting the user to potential risks of the site being visited and initiating a 15-second cooldown countdown. This setup is designed to give users ample time to evaluate the necessity and safety of the signing operation. Risk Control In April, imToken marked 489 tokens and 21657 addresses as risky and banned 362 DApp websites. Please help us keep the community safe by reporting any risky tokens or DApps to [email protected] Your efforts can make a big difference in preventing asset loss! End Although airdrops have drawn many new users to the blockchain industry, they provide opportunities for illegal activities such as phishing scams. These scams cause losses for users and inflict tremendous damage on the entire industry. Therefore, we hope to persistently strive for one thing - to eradicate the limitations of publicity channels through time and persistence. imToken has always paid great attention to the security of users' assets and continuously updates its wallet safety reports. If you have any case or material related to wallet security, we would appreciate it if you could send it to [email protected] to help us build a safer wallet community. Let us work together to protect the security of users' assets and contribute to the developing the entire blockchain industry. Join the conversation now! Follow us on social media and share your thoughts. imToken Official Contacts Website: https://token.im Weibo: https://weibo.com/imToken Twitter: https://twitter.com/imTokenOfficial Discord: https://discord.com/invite/imToken

Celebrate imToken's 7th anniversary with us! 🎉 Participate in our "Sweet 7" themed series of events and stand a chance to win exclusive imToken 7th Anniversary limited edition NFTs and token rewards. We greatly value your input! That’s why we are gathering suggestions from our community for product improvements. Vote for the top 7 product suggestions you believe should be prioritized for our next version update. Your voice matters! Join imToken founder Ben and our 7 team members on May 26th at 8:00 PM for an exclusive AMA session on imToken Twitter. They will unveil the final 7 product requirements and delivery timeline. Don't miss this opportunity to get insights directly from the team! Event Duration: May 13th, 2023, 2:00 PM - June 5th, 2023, 11:00 PM (SGT) Portal👉: Enter now Event Schedule: May 13th - May 25th: Twitter community voting May 15th - May 17th: Discord community voting May 19th: Layer 2-themed English AMA on Twitter Space May 24th: Staking-themed English AMA on Twitter Space May 26th: imToken founder 7th Anniversary Chinese AMA on Twitter Space May 26th - June 5th: Experience Layer 2 DApps in imToken Join the celebration and make your voice heard.

Overview On May 11th and 12th, the Ethereum consensus layer experienced temporary anomalies. imToken's analysis suggests that the main cause of this anomaly was an overload on several Ethereum consensus layer client nodes, causing validators to go offline and fail. The overload directly resulted in Epoch voting not reaching 2/3, preventing the consensus layer from confirming finality. However, the Ethereum network quickly recovered on its own, which imToken believes demonstrates the resilience and self-healing capabilities of the Ethereum PoS consensus algorithm. Event and Background Under normal circumstances, the Ethereum PoS consensus network status would be finalized within 2 Epochs. However, last week, there were two instances of delayed Epoch finalization. The first instance occurred on May 11th, with the Epoch finalization being delayed by 3 Epochs, approximately 20 minutes. The second instance occurred on May 12th, with the Epoch finalization being delayed by 8 Epochs, approximately 51 minutes. During the event, the Ethereum network generated blocks and processed transactions normally. However, due to a low voting rate from validators, the Epoch could not be finalized (i.e., the Epoch did not receive the Ethereum PoS network consensus-level security guarantee). An unfinalized Epoch means that if most of the validators act maliciously and cause a fork, the epoch could potentially be rolled back, resulting in transactions being rolled back as well. No forks occurred on the Ethereum network during the event, and validators did not cast malicious votes. The inability to finalize the Epoch was solely due to many validators going offline, resulting in a low voting rate. Upon further examination, it was found that the validators experienced CPU overloads, causing them to go offline. In the second event, the Epoch finalization was delayed by 8 Epochs, triggering the Inactivity Leak handling mechanism within the Ethereum consensus algorithm due to the finalization delay being greater than MIN_EPOCHS_TO_INACTIVITY_PENALTY (=4). Penalties were imposed on offline validators, slashing their staked funds, with approximately 28 ETH being forfeited. Attestation rewards were canceled, resulting in approximately 50 ETH not being issued. This mechanism ensures that online Validators ultimately control 2/3 of the total staked funds in Ethereum, allowing the network status to be finalized eventually. imToken's node services also detected this event, providing early warning of abnormalities in the Ethereum consensus network by monitoring the Ethereum consensus layer Validator voting in real-time before the Epoch could not be finalized normally.  Under the PoW mechanism, the success of a transaction is determined by the probability that it will not be rolled back after a certain number of consecutive blocks. In PoS, the success of a transaction is determined by the block height returned by Safe Head. The current specification uses the Justified Checkpoint as the state recognition for Safe Head. Therefore, looking at the state of the previous Epoch, there may be a judgment delay of up to 6.4 minutes, which is a poor user experience. imToken's self-developed Safe Head service calculates safe blocks for transaction confirmation based on real-time Ethereum consensus layer data, shortening transaction confirmation time while ensuring user transaction security. Under normal circumstances, the block height returned by imToken's Safe Head algorithm (as shown in the yellow section in the image above) is close to the latest block height (green), thus improving user experience. Cause Analysis The direct cause of the events mentioned above is that several Ethereum consensus layer client nodes were overloaded, causing validators to go offline and disrupting the normal consensus voting process. After analysis, the reasons for the overload of these nodes are: When receiving attestations pointing to stale blocks, nodes must recompute the Beacon Chain state to validate these attestations, which requires consuming a large amount of CPU and memory resources. When a large number of attestations pointing to stale blocks are received simultaneously, the nodes' CPU and memory resources are exhausted, causing the validators to go offline. This issue could have been resolved through caching based on the blocks pointed to by attestations. However, due to the growth of validators and the emergence of a large number of such attestations, the cache implementation of the problematic clients was breached, forcing nodes to consume large amounts of resources to recompute the Beacon Chain state. The consensus layer clients Teku and Prysm have released patch versions to address this issue. Specifically, the patch version of the client implementation filters out these stale attestations, ignoring the attestations when the following conditions are met: The attestation points to a stale slot. The attestation points to a checkpoint the node has never seen before. However, we still need to continuously observe the Beacon Chain finalization situation to confirm the patch’s effectiveness. The consensus layer client patch versions for Teku and Prysm include the following: Prysm: v4.0.3-hotfix Teku: v23.5.0 Ethereum Design Advantages During the event, Ethereum ensured availability by continuously generating blocks and processing transactions while only delaying Epoch finalization. The key reasons for this were: The diversity of Ethereum clients. The design of the Gasper algorithm. Ethereum Client Diversity Although the consensus layer client implementations of Teku and Prysm had issues, the normal operation of other consensus layer clients were not affected. For example, the Lighthouse client was not affected by the event. Due to the differences in implementation design among various clients, some validators continued operating normally. The diversity of Ethereum clients ensures that even if some clients encounter issues (even leading to an Epoch not being finalized), it will not affect the normal clients generating blocks and processing transactions, keeping Ethereum's availability intact. Ethereum Gasper Consensus Algorithm for Availability One of the starting points for the design of the Ethereum consensus algorithm Gasper is ensuring the availability of Ethereum. The design separates Ethereum block production from finalization. Therefore, even if block finalization is hindered, block production will not stop. In most cases, block finalization will eventually recover (produced blocks will ultimately be finalized); hence the impact on users will be relatively low. In contrast, in other Byzantine Fault Tolerance (BFT) consensus algorithms: if block finalization fails, consensus nodes will stop producing the next blocks, resulting in the entire blockchain becoming unavailable, commonly referred to as "blockchain crashing." The second event also triggered the Inactivity Leak mechanism, which is mainly designed to ensure that Ethereum can still finalize blocks under extreme conditions (large numbers of Validators offline for extended periods). Experience and Lessons Learned Challenges of Ethereum Multi-Client Diversity Currently, the diversity of Ethereum clients is as follows: Source:https://clientdiversity.org/#distribution As seen, the Ethereum client diversity still needs to be promoted and publicized. If the client implementations were diverse enough so that the shares of Prysm and Teku were less than ⅓, the event might not have occurred (⅔ of clients operating normally would be sufficient to finalize the Epoch). In addition, the current execution layer clients are concentrated on Geth, with a share of up to 61%. This actually poses potential risks: if Geth does not operate properly, Ethereum will be affected significantly. Apart from the need for further efforts in Ethereum client diversity, the switching of Ethereum clients is also a pain point exposed by the event: how validators can switch to a properly functioning client implementation when one client encounters problems. The process involves:safely migrating the validation key of the problematic client to the normal clientdue to Ethereum's consensus slashing rules. This eliminates inconsistencies between the old and new clients' behaviors, such as: Voting on different sides of a forked checkpoint, resulting in slashing Producing different blocks in the same slot, resulting in slashing Monitoring Ethereum Consensus Services similar to Safe Head are needed to continuously monitor the real-time status of the Ethereum PoS network, and detect and alert such events in advance, rather than waiting for the Epoch to fail to finalize as expected to find abnormalities. The latest research on this can be found in this article: Popularizing Ethereum Consensus Algorithm This event exposed the necessity of popularizing the Ethereum PoS consensus mechanism. Many users mistakenly thought that "Ethereum crashed" during this event, causing unnecessary panic. However, in reality, the Ethereum network continued to generate blocks and process transactions. The combination of Ethereum's consensus layer and execution layer provides double protection for Ethereum transaction confirmations. The processing of blocks at the execution layer is not affected even if the consensus layer Epoch cannot be finalized. The abnormal situation of Epoch finalization is also designed and handled within the Ethereum consensus algorithm. Popularizing blockchain knowledge for users is still a direction practitioners should continue to work on. Implications for Ethereum Applications Although the Ethereum network is robust enough, occasional instability can have some impact on applications. At the same time, applications need to handle these unstable scenarios correctly. The deposit time from L1 to L2 will be extended. When minting on L2, an important prerequisite is to ensure that the L1 deposit transaction will not be rolled back. Therefore, when the Ethereum network Epoch finalization is delayed, the deposit time from L1 to L2 will also be extended accordingly. Similarly, exchanges should also prevent on-chain deposit transactions from being rolled back, so that their deposit times will also be extended accordingly. On-chain oracle quotes risk being rolled back. Therefore, high-value services that rely on them should be paused temporarily. During this event, Uniswap did not display balances and only allowed purchases, not sales, while dYdX suspended deposits. Conclusion In this event, we can see the resilience and self-healing ability of the Ethereum PoS consensus algorithm and the quick response and error correction of clients after an incident occurs. For the entire Ethereum ecosystem, continuous investment is needed in the following aspects: increasing client diversity, optimizing real-time monitoring and early warning of network status, in-depth user education (not only for ordinary users but also for practitioners), and emergency preparedness for ecosystem participants in case of network anomalies. Reference Finality issue updates May 2023 https://twitter.com/robplust/status/1657044364382846978 https://twitter.com/superphiz/status/1656780594326405121 https://twitter.com/terencechain/status/1657021042110631936  

With the Ethereum Shanghai upgrade and the emergence of Layer 2 ecosystem hotspots, the digital asset market has again experienced a resurgence. New and seasoned users are flocking to social platforms like Telegram and Discord to engage with others, seeking the latest industry news, project updates, and market trends. However, this market boom has also presented nefarious actors with ample opportunities for exploitation. To help our users mitigate risks and stay safe online, we have compiled the common Telegram scams and corresponding strategies in this wallet security bulletin. We aim to equip you with the knowledge necessary to identify and guard against potential cybersecurity threats. 1: Fake imToken App and Fake imToken Customer Support Scams Scammers create fake imToken fan groups on Telegram, guiding users to add fake imToken customer support friends in an attempt to deceive them into providing sensitive information such as mnemonic phrases and private keys. Scammers imitate imToken's official notifications in group chats, creating and spreading sham imToken announcement messages. Scammers attach fake imToken official website QR codes or links on promotional posters, luring users into downloading fraudulent imToken apps. Mitigation Techniques Please note that imToken has no official fan groups on Telegram. Besides, the official imToken customer support will never request mnemonic phrases, private keys, and other sensitive information from you. Refrain from entering your mnemonic phrase or private key into websites and applications provided by fraudulent support. To contact the official imToken customer support, reach out to us at [email protected] imToken's official announcements will be released first in the "Help Center" on the imToken official website: https://token.im. If you find any imToken information through other channels, verify it in the official website's Help Center. Apart from visiting the official website to download imToken, you can also send an email titled "Download" to [email protected] to receive the latest version of the imToken application. 2: Telegram Verification Code Screenshot Scam Scammers may impersonate your friends, requesting chat screenshots for seemingly legitimate reasons. While this may appear harmless, they are actually attempting to access your Telegram account using your phone number. If the screenshot you send contains an official login code, the scammer can successfully log in to your Telegram account and defraud your contacts. Here is a detailed outline of their deceptive process: Obtaining phone numbers: If your Telegram account privacy is set to "visible to anyone," scammers can see your phone number, or they may first gain access to your friend's account and then find your number. Deceiving users for chat screenshots: Posing as a friend, scammers use various tactics to trick users into providing chat screen captures, such as unblocking accounts or addressing chat interface issues. Exploiting login codes in screenshots: Scammers attempt to log in to the user's account on a new device using their phone number. The scammer can access the account if the screenshot contains a login code. Hijacking accounts and continuing to scam: Upon logging in, the scammer logs out all connected devices, changes the password, and utilizes the user's account to defraud other contacts further. Mitigation Techniques: Enable Telegram two-step verification: Navigate to Settings > Privacy and Security > Two-step Verification and follow the setup process. We recommend setting up a security email in subsequent steps to reset the password if you forget the two-step verification code. Hide your phone number and restrict people from adding you to new groups: Go to Settings > Privacy and Security and configure settings to hide your phone number, online status, profile picture, and forwarded messages. Set your account to prevent non-contacts from adding you to unfamiliar groups, reducing the likelihood of being scammed. Refrain from using Telegram's "People Nearby" feature. 3: Fake Telegram App Scam Since Telegram doesn’t offer a Chinese installation package, scammers often create counterfeit Telegram Chinese apps with malicious plugins. They purchase keyword advertising on search engines like Google and Baidu to lure users into downloading their fraudulent software. Users downloading and using these malicious Telegram apps risk making financial losses. The fake Telegram app automatically detects blockchain addresses in chats, replacing users' wallet addresses with scammers' addresses. If users copy the address for a transaction from the fake Telegram app and only verify part of it, they may mistakenly copy the scammers' address, leading to asset loss. Mitigation Techniques: Examine your software download sources: If you have downloaded the app through a web search, uninstall and reinstall it from the official website. Third-party malicious clients can access and control your account, read your entire chat history, and collect identifiable device information. For security reasons, always download and install the software from the official Telegram website: https://telegram.org. Always carefully verify addresses before making transactions: imToken recommends using the address book feature to save frequently used addresses, preventing the transfer of funds to incorrect addresses. 4: High-Return Investment Website Fraud Scammers pose as cryptocurrency experts on Telegram, luring users to invest with the promise of high returns. They typically guide users in private or group chats to access third-party scam websites using imToken's DApp browser, asking them to deposit assets. After a successful deposit, scammers display seemingly increasing investment returns, misleading users into believing their investments are profitable. However, when users attempt to withdraw funds, the scammers disappear with their controlled accounts, causing financial losses. The characteristics of these scam websites include High returns used as bait Fly-by-night operations that are difficult to shut down Poorly built websites with low-quality designs Touting "decentralized, secure, and transparent" credentials False advertising, impersonating well-known companies Promotional and recruitment behavior similar to Ponzi scheme projects Mitigation Techniques: Exercise caution when evaluating high-return investment projects: If you need help to discern their legitimacy, seek assistance from imToken's official customer service at [email protected] imToken issues risk warnings and blocks known high-risk DApps. If you encounter a blocked website, please refrain from interacting with it! 5: Virtual Platform Recharge Fraud Scammers exploit people’s desire for bargains by promising them discounted gas cards, gift cards, and recharge services on certain verification platforms. They guide users to their malicious websites to recharge. When users click the recharge button on these malicious sites, imToken displays a security alert warning users of potential changes to permissions. Once users confirm and enter their password signature, their address permissions change, causing them to lose control over their wallet's assets. Under these circumstances, users can only deposit tokens into the wallet, but cannot withdraw. Mitigation Techniques: Refrain from trusting online promotions for gift cards, gas cards, verification websites, and participating in recharge activities. Be especially wary of links offering recharge redirection services. Generally, legitimate recharge services only require the recipient's address for a transfer to complete the transaction. When it comes to safeguarding your funds, it's always better to be overly cautious. If you need clarification on the legitimacy of a recharge website, kindly contact imToken's official customer service at [email protected] for guidance to ensure the security of your assets. Scams Exposed Security Alert｜Be Wary of Fake Transaction Record Scams! Have you ever noticed unauthorized USDT transactions in your wallet's transaction history? Recently, scammers have been creating fake USDT transaction records on the blockchain, which appear in Etherscan and wallet history records, causing users to see unauthorized and false USDT transfer records. So, how exactly do these transactions occur? Click to learn about this new scam! The imToken security team advises that when you see an unauthorized USDT transaction in your ETH wallet, first verify whether the USDT in the transaction is genuine. Due to the immutable nature of blockchain technology, once a transaction is successfully executed on-chain, it cannot be canceled or reversed. Hence, it is crucial to thoroughly verify the recipient’s address before initiating a transfer! Security Alert｜Be Aware of Data Authorization Scams Recently, numerous users have inquired: “Under the pretense of offering discounted PetroChina fuel cards, an individual requests a zero-value transfer while requiring me to enable advanced mode and input a series of digits in the Data field, purportedly to verify the functionality of my wallet address. Does this pose any risk to my wallet's security?” The imToken security team cautions: This is the latest scheme scammers employ to steal token transfer permissions. The scammers leverage the authorization granted unknowingly to transfer assets from your wallet without consent. We dissected such deceitful tactics in our previous articles and offered corresponding tips to avert fraud. Follow this link to learn more. Risk Control In March, imToken marked 6108 tokens and 113232 addresses as risky and banned 137 DApp websites. Please help us keep the community safe by reporting any risky tokens or DApps to [email protected] Your efforts can make a big difference in preventing asset loss! End At imToken, we prioritize digital asset and wallet security because we know how scams exploit human emotions. Always stay alert, and don't fall for seemingly insignificant gains at significant costs! Be the change you want to see in the digital asset investment world. Spread the word and help prevent more people from falling victim to scams by sharing this article with your friends.

imToken is delighted to participate and co-host the “Web3 Financial Infrastructure: Digital Wallet and DID” session at the 2023 Hong Kong Web3 Festival with Wanxiang Blockchain Labs and HashKey Group. The Web3 Festival, a novel Web3 event brand, is held in Hong Kong with the aim of focusing on key topics within the domain, inviting top global projects and investment institutions to share cutting-edge technologies and insights. Additionally, regulatory representatives are invited to provide a thorough analysis of regulatory policies, delineating development boundaries. Chief Executive of Hong Kong stated at the inauguration of the Web 3.0 Association: "To fully unlock the potential of Web3 and its related technologies, it is crucial to establish suitable regulations for the market, thus making Hong Kong the premier hub for virtual asset businesses." imToken wallet held three keynote speeches during the Festival, with core content as follows: Breaking Wallet Trilemma: Balancing UX, Security, and Scalability in the Decentralized Era This speech was delivered by imToken CEO Ben. Web3 wallets currently face three major challenges: user experience, security, and scalability. User experience is hindered by unfamiliar technologies, while security is crucial due to the value associated with blockchains and the varying degrees of security needed for the protocol and application layers. Furthermore, current blockchain performance and costs are inadequate to meet the needs of millions of users, leading to an "impossible trilemma" relationship among these three issues. For a considerable period, this problem was insoluble. We could make breakthroughs in one or two aspects, but inevitably sacrifice others. As such, we strive to find a balance between the three while seeking technological breakthroughs. The blockchain ecosystem has progressed significantly in experience, scalability, and security. Notably, Rollup, data sharding, and modular application chains have made advancements in scalability and operability, while MPC and TSS technologies provide enhanced overall account security. ENS, .bit, DID, and other account abstraction technologies improve user experience and offer more possibilities for customization. However, these technologies still have limitations. For example, ENS still needs improvement in user experience and security risks, while Rollup still has centralization issues. Is there a more effective method besides extending the triangle to achieve better balance? Drawing on its extensive wallet experience spanning seven years, imToken proposes a layered architecture solution. By viewing the "two-dimensional" problem from a three-dimensional perspective, we position private keys as the core layer, chains as the network layer, and accounts as the access layer. By establishing a series of guiding principles, we can weigh and make trade-offs for different user scenarios to achieve greater balance. For different scenarios: 1. Newcomer: They wish to quickly create wallets and start using them for free. In this case, the user experience is crucial, and we can improve it by hiding private keys, waiving mining fees, and other measures. On the network layer, users can directly access Layer 2 or Layer 3. The core layer can employ mature WebAuthn technology for seamless security protection. 2. Deep DApp explorers: They need convenient, fast, and low-cost networks. In this case, the core layer can protect user account security through social recovery and risk control. The user experience layer can offer convenient operations, such as multi-step execution and multiple provider access. The network layer can continue to adopt multiple chains and networks for user convenience. 3. Asset management users: They require isolated multi-signature accounts and prioritize asset security. In this case, most activities take place on Layer 1, and users are not particularly sensitive to mining fees.The paramount concern is providing the highest level of security protection. 4. Payment: A smooth experience is essential and must be integrated with real-life situations. In this case, mining fees are not required, and large-scale scalability on Layer 3 must be achieved. To address the issue of account fragmentation across different scenarios, imToken proposes a unified account system. By introducing the concept of Universal Account, we eliminate the differences between multiple chains and networks, improving the fragmented user experience. By integrating various technical solutions and hiding complexity, we provide users with a friendly and easy-to-use system. Web3 Payments: Transforming the Way People And Businesses Handle Money And TransactionsScaling the Next-Generation Wallet: How Crypto Payment is Leading the Way These two speeches were delivered by imToken VP & RIVO GM Chuck and imToken Chief Architect Kai, respectively. imToken believes that payment scenarios are key use cases for expanding the next-generation wallet. Payments require high scalability; following the multi-stage rocket approach, each layer accelerates from Layer N … to Layer 3, Layer 2, and finally, Layer 1, to meet payment demands on blockchain network performance. RIVO is a new brand being incubated by imToken, which will focus on payment. We believe that paying by crypto is not necessarily equivalent to Web3 payment. Web3 payment consists of four fundamental elements: proof of ownership, payment authorization, medium of exchange, and network, which are added with decentralization, smart contracts, and tokenization. With these properties, RIVO will help consumers and merchants step into a new era of handling money and transactions. In Conclusion imToken believes that as technology continues to develop, and under clear guiding principles, it is possible to break through the wallet trilemma. Users can utilize blockchain technology in various life scenarios, particularly in daily payments, to seamlessly access the Web3 world anytime, anywhere. Moreover, we eagerly anticipate the steady and orderly development of Web3 under the support and appropriate regulation of the Hong Kong government.

Ethereum Network’s Shapella upgrade was activated at Epoch 194048, and Ethereum now supports withdrawal and exit functions for validator nodes. imToken will upgrade its non-custodial ETH staking service, including but not limited to the following: Supporting partial withdrawal function of validator nodes, which can automatically obtain the staking reward on the consensus layer periodically. Supporting full exit function of validator nodes, which can withdraw the staked ETH and rewards on the consensus layer. Updating the staking service charging model and supporting validator nodes to obtain block rewards on the execution layer. The release of the next version of imToken is scheduled for early May. We will promptly notify you once it is launched. Please stay tuned for further updates. If there are any questions, don’t hesitate to get in touch with us through “Support and Feedback” within the imToken app. imToken Team2023.04.14 SGT

Congratulations to the successful Ethereum Shapella upgrade. imToken supports this upgrade without any user action. Meanwhile, imToken will roll out a new version to support Shapella and the withdrawal function. Stay tuned for updates. Notably, users can find suitable staking solutions to earn yields as validators in imToken, regardless of the ETH amount they hold. Related articles: How to become an Ethereum validator with imToken ETH staking？ How to stake ETH on imToken？ Learn more about Shapella upgrade：https://support.token.im/hc/en-us/articles/17033455360921 imToken 2023.04.13

imToken Wallet will participate in the 2023 Hong Kong Web3 Festival, launched by Wanxiang Blockchain Lab and HashKey Group, and jointly organize the "Web3 Financial Infrastructure: Digital Wallet and DID" themed forum on April 13th. Industry experts are invited to explore the applications and challenges of digital wallets and decentralized identities in future financial infrastructures. imToken CEO Ben He will deliver a keynote speech on "Breaking Wallet Trilemma: Balancing UX, Security, and Scalability in the Decentralized Era," sharing imToken's perspectives on wallet advancements. The forum will also invite guests from SlowMist, Web3Auth, JoyID Wallet, UniPass, ZKP Lab, .bit, PADO Labs, HashKey DID, SevenX Ventures, Mask Network, Dmail Network, and zCloak Network to discuss digital wallet security, expanding the next generation of wallets, and the applications and prospects of ZK technology in DID. Venue: 5/F, Hong Kong Convention and Exhibition Centre - Sub-stage2 Time: 2:00 PM - 6:00 PM, 13 April 2023 Agenda: imToken is looking forward to coming together with everyone to discuss the latest advancements and upcoming trends in the areas of digital wallets and DID. Join imToken's Discord to learn more about the festival. About imToken imToken is a decentralized digital wallet used to manage and safeguard a wide range of blockchain- and token-based assets, identities, and data. Since its founding in 2016, it has helped its users transact and exchange billions of dollars in value across more than 150 countries around the world. imToken allows its users to manage assets on 12 mainstream blockchains and all EVM chains, it also supports decentralized token exchange and an open DApp browser. Official website: https://token.im About the 2023 Hong Kong Web3 Festival Web3 Festival will bring together the world’s brightest minds, top Web3 projects and leading venture capitals presenting content-rich discussions and topics centered around Web3. Hong Kong regulatory representatives will also dive into and interpret the latest digital asset regulation policies. Adhering to the Web3 spirits of openness and cooperation, we will invite partners to plan and organize part of the activities together for mutual development. Official website: https://www.web3festival.org/hongkong2023

The Shapella upgrade is set to go live on the Ethereum mainnet at epoch 194048, which is expected on Apr.13, 2023 (SGT).（Network upgrades improve Ethereum by adjusting its protocol and introducing new rules） What do imToken users need to do? imToken will roll out a new version to support Shapella and the withdrawal function, and users do not need to do anything for the upgrade. Stay tuned for updates. Shapella Upgrade The Shapella upgrade combines Shanghai upgrade on the execution layer and Capella upgrade on the consensus layer and will enable the withdrawal of staked ETH. (Shapella is the combination of the two terms Shanghai and Capella) Shanghai upgrade The Shanghai upgrade includes five EIPs: EIP-4895, EIP-3651, EIP-3855, EIP-3860, and EIP-6049： EIP-4895: Beacon chain push withdrawals as operations EIP-3651: Warm COINBASE EIP-3855: PUSH0 instruction EIP-3860: Limit and meter initcode EIP-6049: Deprecate SELFDESTRUCT （EIP：Ethereum Improvement Proposal） Capella upgrade Capella upgrade introduces: Full and partial withdrawals for validators(key feature of the upgrade） BLSTo Execution Change messages, which allow validators using a BLS_WITHDRAWAL_PREFIX to update it to an ETH1_ADDRESS_WITHDRAWAL_PREFIX, a prerequisite for withdrawals Independent state and block historical accumulators, replacing the original singular historical roots   How to stake ETH on imToken imToken supports ETH staking for all users, regardless of their ETH holdings. Find a suitable staking method and earn rewards. If you hold 32 ETH or more, you can choose the non-custodial staking option. For more details, please refer to the tutorial: How to become an Ethereum validator with imToken ETH staking If you hold less than 32 ETH, you can click on "Stake" on the imToken homepage to enter the Staking page, and then select your preferred staking option under “Eth2 DApps”.