In early October, scammers were buying Ad spots and bidding for Ad rank in search engines. By doing so, they lured users to download fake wallet Apps on fraudulent websites. This led to users’ assets being stolen. Some victims who couldn’t figure out the reason reached out to us, saying “My wallet was drained but my password was not compromised”
Many novice users of decentralized wallets will meet problems about the relationship between their password and digital asset security. They mistakenly believe that their assets are safe as long as their password is not compromised. In fact, mnemonic is the key to keeping digital assets secure. Once it is known to others, they can drain your wallet without knowing your password.
Here is an example showing the relationship among your mnemonic, password, and digital assets.
A decentralized wallet created by you is like a bank under your control. Your mnemonic or private key is the key to unlock the vault of that bank. This shows how important the key is. In this sense, it should be kept in a safe place such as a strongbox. The password for that strongbox is the one you created for your wallet.
The process of making transactions with a decentralized wallet is similar to getting money out of the vault of a bank. To finish that process, we need to open the strongbox with our password to get the mnemonic or private key, which is required for unlocking the vault.
Through the above example, could you come to the conclusion that your mnemonic or private key is crucial to the asset security of your decentralized wallet? On the blockchain, mnemonic represents asset ownership. Given that, with your mnemonic, others can steal your assets away without knowing your password.
Information including the mnemonic and private key of a user is secretly uploaded by fake wallet Apps to scammers. That is why his assets will be stolen after he downloads those fake Apps. However, the real wallet does not store this information about the user. Only users themselves know the mnemonic or private key of their wallet. That's why it's important to download a genuine imToken!
Check out the two articles below to know the right way to download imToken:
imToken is always protecting your asset security
Upgraded Authorization Notification
Authorization scams are a typical kind of fraud. Scammers lure users to authorize a personal address and then steal users’ assets. To tackle those scams, imToken has enhanced the authorization risk warning to resolve the address in advance. In this way, users can tell whether it is a personal address or a contract address. During the authorization of a personal address, the warning page will pop up, strongly suggesting users to cancel the authorization.
Recently, scams involving addresses with the same last characters are quite rampant. To avoid those scams, in addition to checking the receiver’s address before transferring to it, we recommend you to use the address book to keep the frequently used addresses. In this way, you can avoid transferring to a wrong address.
How to use the address book?
Set up your address book
Open imToken and click “My Profile” - “Address Book”. Then, click the “+” icon at the top right corner to add addresses.
Note: please check whether the added addresses are correct or not before clicking “save”.
Make transactions with the address book
Here is an example to transfer USDT with the TRX wallet. First, choose USDT and click “Send” to enter the transfer page. Then, click the icon on the right side to enter the address book where you can find the address. After entering the amount and checking the transfer details, you can click “Next” and enter your password to complete the transfer.
In October, 22 tokens, 393 DApps and 756 addresses were marked by the imToken security team as risky.
If you recognize any risky DApps or tokens, please report to us via firstname.lastname@example.org to help more users avoid being deceived.
Given recent market fluctuations, more people choose to use decentralized wallets. And it is necessary for newcomers to stay alert with security knowledge.