ImToken

Basics

• The biggest non-custodial wallet in Asia, ImToken, launched its native DEX in beta, based on both Kyber and 0x. ImToken has close to 10M registered users and is the biggest ERC-20 and ETH wallet in the world.
• From 0x 2019 recap (31-12-2019):

"Tokenlon was a major new entrant to the space, launched as the native DEX solution within imToken, the most popular mobile wallet in Asia with over one million users. Tokenlon built a request-for-quote (RFQ) system on 0x that supports aggressive prices and that is accessible through their mobile wallet and recently launched web portal. imToken initially used Kyber as their DEX solution; by switching to a novel RFQ system on 0x, they were able to support custom assets (imBTC, imATOM, imEOS) and monetize trading volume."

Token

Tech

Oracle Method being used

Governance

Upgrades

Audits

$300,000 Uniswap Hack

• From Tokenlon's Twitter (18-4-2020):

"Today, the imBTC pool on Uniswap has been attacked & drained. The hacker utilized an attack vector on ERC777 tokens on Uniswap. The BTC in custody is not impacted. We have paused imBTC transfers for now, are evaluating the situation & will notify when transfers are restored"

• From The Block (19-4-2020):

"The imBTC attack took advantage of the fact that imBTC uses ERC 777 standard, which allows the hacker to continuously call the Uniswap smart contract to withdraw funds before the external balance could be updated.

On Twitter, some users are speculating that Lendf.Me experienced a similar attack to the imToken one, as transaction records show that the hacker repetitively called Lendf.Me's withdrawal function to take out imBTC that was supplied to the lending protocol by the hacker in the first place.

A ConsenSys audit of Uniswap last year also discussed this vulnerability in depth."

$25M dForce Hack

• From CoinDesk (19-4-2020):

"Earlier speculation from DeFi protocol builders say the attack was caused by imBTC, an ethereum token pegged one-to-one with bitcoin, used as collateral that turned out to be fraudulent, enabling the attacker to drain funds for nearly free. Compound CEO Robert Leshner said on Twitter that dForce “copy/pasted Compound v1 without changes.” Leshner told CoinDesk on Telegram that the v1 code "was not flawed," but that the group was cautious about which assets it listed. "This is a follow-up attack to the imBTC Uniswap attack yesterday," he said, noting that imBTC is an ERC-777 token and "not a normal Ethereum asset. Smart contracts that include imBTC have to be extra cautious, and write additional code to protect against 're-entrancy attacks,'" he said."

Roadmap

Usage

Competition

Pros and Cons

Team, Funding, Partnerships, etc.

Team

Funding

• imToken has announced a $30M Series B investment round (31-3-2021).

Partners 

• Has partnerships with Digi Global
• Part of the WBTC community (still as of 8-2019)
• Has a partnership (as of 9-2019) with Dforce and its USDx project
• Partners with Decentraland.
• imToken has joined with Matter Labs to support zkSync (29-3-2021).
• Mentioned (13-7-2021) as part of the Investor Network of Asia DeFi Network (ADN).