Tons of scams are on the rise: how to stay safe
The Open Network (TON), a blockchain platform based on Telegram, experienced record-breaking growth in 2024. The number of onchain-activated wallets increased from about one million in January to more than nine million in June.
However, tons of huge influx of new users cannot be ignored by fraudsters. In June 2024, blockchain security firm SlowMist warned of an increase in phishing attacks on the Ton ecosystem.
As the Ton Foundation expects to protect 500 million users by 2028, it raises the question of how best to protect users from all vector attacks without hindering rapid adoption.
Cointelegraph spoke to a number of executives and companies – including the Ton Foundation – to better understand the nature of risks in the Ton ecosystem and identify measures to protect users' assets.
Telegram is not responsible for the security of small apps, Hacken exec said.
It should be noted that Telegram is not responsible for the security of Ton mini-apps in recognition of the risks in the Ton ecosystem.
Small apps on Telegram – like Notecoin or Hamster Kombat – have been on the rise for the past few months. However, not all of those apps adhere to security best practices to ensure the financial safety of their users, Stepan Chekhovskoy, chief smart contract auditor at cybersecurity firm Hacken, told Cointelegraph.
“It's worth mentioning that this isn't Telegram's fault,” Chekhovskoy emphasized, adding that user security rests with founders and project teams on smaller applications. He added:
“However, Telegram takes care of the security of the platform and to ensure its functionality, it allows users to seamlessly protect their accounts. It has nothing to do with the security of a small app developed by a third party.
A Tone Foundation spokesperson confirmed that users and projects are solely responsible for security.
“As the TON blockchain is open-source and permissionless, users and projects should take care to ensure their own safety and security when conducting network activity.”
The Ton Foundation was “impressed” by the security measures in some mini-apps
The Ton Foundation strongly encourages security measures with small applications on Ton.
A representative of the Ton Foundation told Cointelegraph that “we are impressed by the actions of many projects when they want to protect their users.”
For example, one of the most popular Toon wallets, Toon Guard, allowed users to prove that the non-volatile token (NFT) sent to them was legitimate.
The spokesperson added that an active and engaged community is one of the most important factors in protecting against bad actors. The representative added:
“Users should always exercise caution when transacting onchain. Please remember that any onchain transaction is irreversible. We strongly advise our users not to click on suspicious links and double-check every detail before signing any onchain transaction.”
Self-maintenance and guardian mini-applications on Telegram
According to Håken Chekovskoy, Telegram's mini-apps are “no different” from apps built on other platforms from a security point of view. As such, one should apply the same web and crypto security measures to those applications.
According to Chekhovskoi, Telegram mini-apps have two ways of managing user private keys, which can be compared to custodial and non-custodial wallets in crypt.
“Most of Telegram's mini-apps are guarded, so like other wallet providers, they need to properly identify their users using additional passwords, 2FA mechanisms, and more,” the expert said.
For self-guarding applications, users must ensure strong encryption for private key storage. “If the app doesn't require an eight-character password, including numbers and special symbols or at least a fingerprint, then the private key is not securely encrypted,” Chekhovskoi said.
Related: Bybit Lists Hamster Kombat Pre-Marketing
Users should turn off the risks associated with automatic sign-in on all devices. If automated logging is enabled, anyone can access the mini-application that accesses the user's device by default.
Non-technical threats to the ecosystem
The decentralized nature and ease of use of the Ton ecosystem naturally lures fraudsters, and “there is no silver bullet to protect users,” Hacken said.
To avoid non-technical scams on TON, individuals should exercise caution when dealing with unofficial apps and those launched by lesser-known developers.
According to Steve Milton, co-founder and CEO of crypto wallet Fintopio, one way to avoid phishing attacks is to ensure that mini-apps have a verification token.
Telegram provides authentication to public representatives and organizations so that users can easily identify official sources. A Telegram group generally verifies bots, as well as official channels or public groups.
“Projects like Fintopio that have gone through this rigorous process have demonstrated a commitment to transparency and reliability,” Milton said.
Haki's Chekhovskoy warned against the get-rich-quick scheme on Telegram, explaining that free cheese is only found in mousetraps. And so he said.
“Always be skeptical of free money offers. If you receive a dubious opportunity, it is better not to risk your main crypto wallet and create a new account for this purpose.
For more tips on how to stay safe on Tone and Telegram, users can follow the appropriate guidance from the Tone Foundation.
Magazine: As Ethereum Mining Intensifies, Drains Move to Tons and Bitcoin
