- Telegram’s The Open Network (TON) has faced a surge in phishing threats, raising safety concerns for its decentralized applications and users
- SlowMist has issued a warning about escalating attacks on the TON network, highlighting growing fraud vulnerability
- Yu Xian, founder of SlowMist, has emphasized the urgent need to address security breaches on the TON blockchain
Telegram’s layer-1 blockchain, The Open Network (TON), is grappling with a surge in phishing threats, raising concerns over the safety of its decentralized applications and millions of users. On June 23, blockchain security firm SlowMist issued a warning about the escalating attacks targeting the TON network, highlighting the growing vulnerability to widespread fraud. Yu Xian, the founder of SlowMist, emphasized the urgent need to address these security breaches affecting the TON blockchain.
TON Blockchain on the Rise
The TON blockchain has been a big winner in the recent turndown, with its token growing in price and its network usage increasing while other tokens have collapsed in price. However, this hasn’t come without drawbacks, as Yu noted on X (translated):
There are more and more phishing activities in the TON ecosystem. The Telegram ecosystem is too free, and many phishing links (or bot forms) are spread through message groups, airdrops and other deceptive methods to lure away users’ TON wallets in batches, including NFTs, especially Anonymous Telegram Numbers, which are similar to mobile phone numbers and are used by many people to create Telegram accounts.
According to Yu, the TON ecosystem’s vulnerability lies in the ease with which scammers can infiltrate these message groups. Once inside, they exploit phishing links and bot forms to deceive and steal from unsuspecting users. This issue is exacerbated by the high number of anonymous users on Telegram, who created accounts without tying them to a SIM card—a feature Telegram introduced in late 2022.
Yu added that if these are “phished away”, the corresponding Telegram account may also be lost unless the user has enabled further verification, such as two-step verification. He also warned that “The fishing methods are basically the same, so pay attention.”
Privacy Feature Backfires
Originally intended as a privacy-enhancing feature, anonymous numbers allow users to log in without relying on traditional SIM cards, instead utilizing blockchain-based anonymous numbers available on platforms like Fragment. However, this feature has now become a double-edged sword, potentially increasing user vulnerability to phishing attempts.
The warning about the TON phishing attacks reflects broader security concerns within blockchain-based applications, particularly those integrated with messaging platforms like Telegram. These vulnerabilities are becoming increasingly common and problematic.
