imKey Pro hardware wallet uses an Infineon security chip (Model: SLE 78CLUFX5000PH). Its security level has attained the military-grade CC EAL 6+ standard, recognized as the highest security level among the hardware wallets currently using security chips. As the generally accepted safest digital asset storage solution on the market, hardware wallets can protect sensitive information, such as private keys, from being illegally accessed or tampered with by hackers, making assets more secure. However, there is no foolproof guarantee, and for hardware wallets, the supply chain is a security vulnerability that cannot be ignored.
This article introduces some measures that imKey Pro takes to deal with supply chain attacks from two aspects: purchasing channels and product unboxing.
How to Purchase imKey Pro
We strongly recommend purchasing through official channels to ensure product quality and uninterrupted after sale services. Currently, imKey Pro is available in three official purchasing channels:
Youzan Store: If you are in mainland China, you can purchase through our official Youzan store. The product will be shipped through SF Express in mainland China, with fast and secure delivery.
Amazon Store: Amazon is a well-known global e-commerce platform, and purchasing and shipping imKey Pro through it is very convenient.
Official Website: You can order through the imKey Pro official website. You can count on us to handle the logistics of your order delivered to your local address.
Note: Only imKey products purchased through official channels can guarantee the safety of your assets, while also enjoying official after-sales service. We cannot guarantee product quality and after-sales service if you purchase through other channels.
How to Prevent Supply Chain Attacks on Hardware Wallets
Before opening the package for the first time, please follow these steps to check if the imKey Pro is an official product:
1. Check the shipping location: Ensure that the shipping location is the address assigned by the official website.
2. Check the shipping packaging: Verify that the shipping box is the official customized packaging box.
（This package box is a medium-sized with a printed imKey logo.）
3. Check the product packaging: Ensure the plastic film on the outer packaging is intact and the irreversible seal on the left and right sides is intact and undamaged. After tearing off the seal, the letter stripes should be complete.
（The irreversible seal of imKey Pro.）
4. Check the device interface: After turning on the inactive device, its screen interface should display the language selection and device Bluetooth name in a sequence.
（This user interface implies that the imKey device is not activated yet.）
5. Verify if the device can be activated successfully: When connecting to the imToken application for the first time, the hardware device will prompt "Activation Successful."
Please note that if your imKey Pro fails to pass the above checks, you may have purchased a product that has already been used! Continuing to use it may result in asset losses. If you encounter this situation, please contact us through Discord or our official email firstname.lastname@example.org for further confirmation.
After receiving a new device, you must complete the following operations:
- Activate the device (activation is irreversible and each device can only be activated once)
- Set and backup your PIN and binding code
- Create and backup your mnemonic phrase
Quoting the two principles from the preface of "Blockchain Black Forest Handbook":
1. Zero Trust: To make it simple, stay skeptical, and always stay so.
2. Continuous Security Verification: In order to trust something, you have to validate what you doubt, and make validating a habit.