Dear users,
We would like to inform you about a security incident involving the non-custodial ETH staking service. InfStones, the staking service provider for imToken, performed a system upgrade on May 2, 2023, during which a risk vulnerability was introduced. The vulnerability was discovered by a white-hat hacker who promptly reported it to InfStones. InfStones responded swiftly and resolved the issue on July 10.
Upon investigation of logs, InfStones confirmed that, apart from the known white-hat hacker, no other signs of attacks were found. They have also engaged a third-party security firm to audit their services. Additionally, based on the information provided by InfStones, validators related to imToken's staking service were not affected by this vulnerability due to effective validator isolation within InfStones.
imToken is committed to providing a secure and stable Ethereum staking service, enabling users to participate in maintaining the security and decentralization of the Ethereum network while enjoying the benefits of ETH staking. In light of this incident, imToken will take the following measures to further enhance the security of our non-custodial ETH staking service:
1. Expand collaboration with staking service providers: To ensure maximum protection of users' digital assets, imToken will integrate more staking service providers, offering users a diversified choice of service providers and avoiding the risks associated with provider centralization.
2. Strengthen communication with service providers: We will establish more effective communication and security mechanisms with all staking service providers to promptly address and respond to potential issues.
Security is at the core of digital asset management, and we are dedicated to continually improving imToken's security defenses, providing users with the most secure and convenient digital asset management services.
imToken Team
December 14, 2023, SGT