On April 18, 2023, a KOL known as 'LoMao Principal' disseminated an airdrop tutorial titled 'Branded Airdrop, Double Reward, Estimated Return of 5000 USD for ZKS Quality Account' on Twitter. This tutorial, however, directed users to a fraudulent Orbiter cross-chain bridge website, serving as a phishing lure. Users who interacted with the project as instructed had their Ethereum (ETH) transferred directly to the scammer's wallet. Having accrued more than 30 ETH from the scam, the KOL has since deleted their account.

This incident dubbed the 'LoMao Principal' event, has brought to light a more clandestine phishing scam methodology. Conventional phishing scams typically employ malicious links disguised as legitimate ones, propagated through search engines, emails, or social media. Most users are usually adept at identifying and avoiding these tactics. Yet, the phishing link was ingeniously embedded into the airdrop tutorial in this new case. The novelty can ensnare even those familiar with the blockchain industry and 'Point-and-Click' operations, underscoring the importance of maintaining constant vigilance and never trivializing potential threats.

So, how can you avoid such incidents?

  • Do not casually click on advertisement links from search engines and unknown websites. Bookmark frequently used addresses to prevent phishing scams.
  • Never blindly trust airdrop tutorials or their associated links online. After interacting with an unknown contract, immediately revoke relevant authorizations.
  • Before investing, conduct thorough research and make rational investment decisions based on your own capabilities and risk tolerance.

Scams Exposed

Security Alert | Beware of eth_sign Signing scams

Recently, eth_sign signature phishing scams have run rampant, with scammers propagating phishing websites through search engines, emails, or social media and luring users to eth_sign signatures through WalletConnect and other means. Since signers are often unaware of what they're signing, a potential phishing risk arises. Once the signing is done, the scammer can steal your assets limitlessly. How do these scams occur? Click to view the security alert | Beware of eth_sign signing scams.

To counter such scams, the new version of imToken has upgraded its risk control system. When a user visits a third-party DApp to call eth_sign for message signing, imToken will provide a risk warning pop-up, alerting the user to potential risks of the site being visited and initiating a 15-second cooldown countdown. This setup is designed to give users ample time to evaluate the necessity and safety of the signing operation.


Risk Control

In April, imToken marked 489 tokens and 21657 addresses as risky and banned 362 DApp websites.

Please help us keep the community safe by reporting any risky tokens or DApps to [email protected]. Your efforts can make a big difference in preventing asset loss!


Although airdrops have drawn many new users to the blockchain industry, they provide opportunities for illegal activities such as phishing scams. These scams cause losses for users and inflict tremendous damage on the entire industry. Therefore, we hope to persistently strive for one thing - to eradicate the limitations of publicity channels through time and persistence.

imToken has always paid great attention to the security of users' assets and continuously updates its wallet safety reports. If you have any case or material related to wallet security, we would appreciate it if you could send it to [email protected] to help us build a safer wallet community.

Let us work together to protect the security of users' assets and contribute to the developing the entire blockchain industry.

Join the conversation now! Follow us on social media and share your thoughts.

imToken Official Contacts