In the past year, the price of $TON has increased by more than fivefold, propelling its market value into the top ten. The thriving TON ecosystem has opened its doors to users, yet we must remain vigilant against lurking threats. This article aims to alert users to risks by detailing the current security status of the TON ecosystem.
On July 1st, Tether partnered with Web3 shopping and infrastructure company Uquid, enabling Philippine citizens to use USDT for social security payments on the Open Network (TON). This initiative provides a beneficial case study for integrating cryptocurrencies into financial innovation and improving payment systems.
According to Token Terminal data as of July 2nd, monthly active users on the TON network surged from 228,000 at the beginning of the year to 4.64 million. The rise of TON owes much to its Telegram-based click games’ popularity. For instance, Notcoin, a popular game, has attracted 35 million users by rewarding them for clicking on the screen. Hamster Kombat claims an accumulated user base of 200 million.
However, millions joining the TON blockchain to receive airdrops via various Telegram bots are not native cryptocurrency users. Exposed to viral game experiences, they often encounter wallets and seed phrases for the first time. Due to a lack of awareness about the irreversibility of blockchain transactions and potential risks, these new users are highly susceptible to fraud and hacking attacks, resulting in asset losses.
With Telegram advocating privacy, it has inadvertently provided a convenient environment for scammers. As a non-EVM (Ethereum Virtual Machine), TON has yet to integrate mature and advanced security tools available on EVM-based blockchains, potentially rendering its security measures less robust compared to other mainstream blockchains.
In addition to common EVM scams like zero-sum transfer fraud and NFT airdrop phishing, TON is particularly susceptible to transaction message scams.
Users clicking on a pop-up promising “+5,000 USDT received” and sending TON, subsequently not receiving the promised USDT, fall victim to a new scam specifically tailored for TON. This scam exploits the misleading information added via the memo feature during TON transfers to deceive users of their assets.
Following an investigation, Bitrace found that the scam address O-ApOg2m, created on May 5th, engaged in 14 memo transfers over two days, concluding with a Russian message “прогрев” (preheating), marking the beginning of fraudulent operations. The next day, O-ApOg2m collected its first proceeds from memo scams.
As depicted, victims continue to be defrauded by sending varying amounts of TON tokens to the scam address O-ApOg2m in exchange for the promised 5,000 USDT via memo. Statistics show that within just two months, this simple transaction memo scam address has profited from at least 22,000 $TON tokens (approximately 1.28 million RMB).
In addition to various scams, Drainer has also infiltrated the TON ecosystem. Drainer is malicious software designed to illegally empty or “drain” cryptocurrency wallets, offered for rent by its developers, indicating anyone can pay to use this malicious tool.
Bitrace discovered a Drainer organization selling its services through Telegram groups, taking a 30% cut of the stolen funds. They proclaimed, “just to clarify: we don’t care where or who your victim is from. We allow draining from all countries including CIS. Nobody is special.”
As shown, since its inception in April, the Drainer organization has amassed 596 subscribers and promoted earnings exceeding $200,000 from the TON ecosystem by mid-May.
With the expanding user base of TON, balancing privacy protection and security needs has become an urgent issue. Behind every opportunity lies risks. While security experts strive to eliminate threats, users must enhance their vigilance, learn to identify scams using TON browsers, and avoid trusting unverified airdropped assets or unrealistic transaction memos.