TON Ecosystem Scams. A blockchain technology connected with Telegram, known as The Open Network (TON), has seen unprecedented growth in 2024. Between January and June, the number of wallets activated by the on-chain skyrocketed, going from around 1 million to more than 9 million. Scammers, however, have not ignored TON’s tremendous influx of new users. A security firm specializing in blockchain technology, SlowMist, warned of a rise in TON ecosystem phishing attempts in June 2024.
The challenge of adequately safeguarding users from attacks of all potential vectors without impeding rapid adoption arises in light of the TON Foundation’s lofty goal of onboarding 500 million users by 2028. To learn more about the TON ecosystem’s vulnerabilities and find ways to protect users’ funds, we reached out to various CEOs and companies, including the TON Foundation.
Hacken Executive: Telegram isn’t Responsible for Mini App Safety
While considering the potential TON Ecosystem Scams, remember that Telegram has no control over the security of Mini Apps tied to TON. Notcoin and Hamster Kombat are just two examples of the many mini-apps that have recently seen explosive growth in Telegram users. Stepan Chekhovskoi, head smart contract auditor at the cybersecurity firm Hacken, said that not all of those apps follow recommended security practices to ensure that users’ cash is protected.
It should be noted that this is not Telegram’s fault, Chekhovskoi stressed, adding that the responsibility for ensuring the safety of users on Mini Apps rests with the project teams and founders. “However, Telegram has to ensure the platform’s security and make sure its features let users securely protect their accounts; it has absolutely nothing to do with the security of a third party’s Mini App,” he continued.
According to a TON Foundation spokesman, users and projects are fully responsible for their own safety and security when engaging in network activities. The spokesman reiterated the point that the blockchain is open-source and permissionless.
TON Foundation “Impressed” with Mini Apps’ Security
The TON Foundation highly encourages Mini Apps on Telegram to implement security precautions. According to a spokesperson, numerous projects’ efforts to ensure user safety have impressed the TON Foundation. One of the most widely used TON-based wallets, Tonkeeper, permits users to indicate the legitimacy of a non-fungible token (NFT) they have received.
The representative went on to say that one of the greatest defenses against evil actors is an engaged and active community. Users should always use caution when conducting transactions on-chain, the spokesman added. Keep in mind that there is no way to undo an on-chain transaction. Before finalizing any on-chain transaction, make sure all details are correct, and never click on a link that seems fishy.
Self- and Custodial Telegram Mini Apps
According to Hacken’s Chekhovskoi, Telegram Mini Apps are “no different” from apps produced on other platforms from a security viewpoint. So, it’s important to safeguard those apps using the same web and crypto security protocols. In the same manner that cryptocurrency wallets can be either custodial or non-custodial, Chekhovskoi claims that Telegram’s Mini Apps offer two methods for users to manage their private keys.
“As with any provider of a custodial wallet, Telegram Mini Apps must properly identify their users using additional passwords, 2FA [two-factor authentication] mechanisms, and others,” the expert noted, as most apps are custodial.
TON Ecosystem Scams: Users should ensure that the private key storage in self-custodial apps is securely encrypted. According to Chekhovskoi, “the private key is not securely encrypted” if the software does not demand a password consisting of eight symbols, including digits and special characters or even a fingerprint. Furthermore, users should diversify the dangers of automated login across all devices. If automated login is enabled, anyone with default access to the user’s device can access their Mini Apps.
Non-technical TON Ecosystem Threats
Scammers are drawn to the TON ecosystem because of its decentralized structure and user-friendliness, but there is “no silver bullet to protect users,” as Hacken puts it. Users should be wary of non-official programs or those created by unknown developers when using TON Ecosystem Scams since they can be non-technical scams. Checking for a verification mark on Mini Apps is one approach to avoid potential phishing attacks, according to Steve Milton, co-founder and CEO of the crypto wallet Fintopio.
To help users identify official sources, Telegram provides verification for organizations and prominent people. In general, the Telegram team checks both official channels and public groups for bots. Projects like Fintopio that have gone through this rigorous procedure have shown that they are committed to being reliable and transparent, according to Milton.
Hacken’s Chekhovskoi warned against get-rich-quick schemes on Telegram, saying that the only place you can find free cheese is in a mousetrap. Always be wary of offers of free money,” he warned. Instead of putting your primary cryptocurrency wallet at danger, it is safer to open a separate account just for accepting questionable opportunities. Users can also refer to the TON Foundation’s pertinent recommendations for keeping safe on TON and Telegram for further tips.