Rest assured! Regarding the recent NPM supply chain attack incident, OneKey products and users were not affected. Why? (1) For apps, we have a supply chain attack prevention mechanism: You can understand it as locking down the use of previously stable and secure "NPM dependency code". We will not rashly update and use new versions of code. If hackers want to poison the software supply chain, they must use the new version. Because if the old version of the dependency code is modified, the fingerprint of the code package will change, and everyone will immediately know that there is a change. Professionally speaking, OneKey's dependency code management adopts a locked version method to avoid being affected by the poisoning of the new version dependency. At the same time, we have established a secure release process such as multiple audits and fingerprint verification on the software side to reduce potential risk transmission. (2) For hardware wallets, we have local independent verification: You can see in many related tweets about this incident that hardware wallet users are not affected. Because for hardware wallets, private keys are stored offline, and all transaction signature content is transmitted to a local offline chip for independent de-simulation, and then physically confirmed, what you see is what you get. The analysis and simulation include the method, amount, recipient or authorizer, and contract name, among other details. In this front-end "Civet Cat Substitution" attack, some hacked wallets displayed legitimate addresses, which were actually replaced with the hacker's address. However, with independent verification on a hardware wallet, you can see the actual transfer destination and immediately identify the risk. For more information on signature security technology, see the article "OneKey Signature Guardian/SignGuard Technology: Clear Transaction Preview and Real-Time Phishing Detection" posted in the comments section. OneKey has previously published a related information briefing, detailing our comprehensive defenses against supply chain attacks, which can also be found in the comments section. Security is a never-ending game. It's a dynamic process, not a one-and-done solution. We will continue to strengthen security mechanisms and prevent risks, providing users with a trustworthy user environment.