In 2024, The Open Network (TON), a blockchain platform integrated with Telegram, has witnessed an unprecedented surge in growth. In just a few months, the number of on-chain-activated wallets skyrocketed from around 1 million in January to an impressive 9 million in June. Nevertheless, scammers have taken notice of TON’s significant influx of new users. In June 2024, SlowMist, a blockchain security firm, warned about the growing number of phishing attacks targeting the TON ecosystem.
Given the TON Foundation’s ambitious goal of onboarding 500 million users by 2028, it becomes crucial to ensure robust protection against various attack vectors while also promoting rapid adoption. It is important to note that Telegram is not responsible for TON-linked Mini Apps’ security when identifying the TON ecosystem risks.
Over the past few months, there has been a significant surge in the number of Mini Apps on Telegram, such as Notcoin or Hamster Kombat. According to Stepan Chekhovskoi, a lead smart contract auditor at Hacken, a cybersecurity firm, some apps do not follow the best security practices to protect their users’ funds.
“It’s worth mentioning that this is not Telegram’s fault,” Chekhovskoi emphasized that the safety of users on Mini Apps relies heavily on the founders and project teams. He stated: “However, Telegram has to take care of the platform’s security and ensure its functionality enables users to seamlessly secure its accounts; it has little to nothing to do with the security of a Mini App developed by a third party.”
The TON Foundation spokesperson emphasized that safety is the sole responsibility of users and projects, as they confirmed: “As TON blockchain is open-source and permissionless, individual users and projects must be careful to ensure their safety and security when undertaking network activity.”
The TON Foundation highly recommends the implementation of security measures by Mini Apps on Telegram. As an example, Tonkeeper, a highly popular TON-based wallet, has provided users with the ability to verify the authenticity of non-fungible tokens (NFTs) they receive. “We have been impressed with the actions of many projects as they look to protect their users,” Newsmen were informed by a TON Foundation representative.
Advertisement Banner
The spokesperson emphasized the significance of a vibrant and involved community as a strong defense against malicious individuals. The representative stated: “Users should always be careful when transacting on-chain. Please remember that any on-chain transaction is irreversible. We strongly advise our users not to click on suspicious links and double-check every detail before signing any on-chain transaction.”
Hacken’s Chekhovskoi says that from a security point of view, Telegram Mini Apps are “no different” from apps made on other platforms. Because of this, the same web and crypto security steps should be used for those apps. Chekhovskoi says that Telegram’s Mini Apps have two ways to handle user secret keys, which can be compared to custodial and non-custodial crypto wallets.
“The majority of Telegram Mini Apps are custodial, so like any other provider of a custodial wallet, they must properly identify their users using additional passwords, 2FA [two-factor authentication] mechanisms, and others,” Chekhovskoi stated.
TON Ecosystem Scams: Ensuring Security
To ensure the security of self-custodial apps, users must prioritise strong encryption when storing their private keys, “If the application doesn’t require an eight-symbol-character password, including numbers and special symbols, or at least a fingerprint, it means the private key is not securely encrypted,” Chekhovskoi said.
Users should diversify the risks associated with automated login on all devices. Enabling automated login grants unrestricted access to the user’s Mini Apps to anyone with access to their device. Decentralised and easy to use, the TON ecosystem attracts scammers, and Hacken says there’s “no silver bullet to protect users.” Use caution when using non-official apps and those from lesser-known developers on TON to avoid non-technical scams.
According to Fintopio co-founder and CEO Steve Milton, Checking Mini Apps for verification marks can help prevent phishing assaults. Telegram verifies public individuals and organizations to help users identify official sources. It also verifies bots, official channels, and public groups.
The price predictions and financial analysis presented on this website are for informational purposes only and do not constitute financial, investment, or trading advice. While we strive to provide accurate and up-to-date information, the volatile nature of cryptocurrency markets means that prices can fluctuate significantly and unpredictably.
You should conduct your own research and consult with a qualified financial advisor before making any investment decisions. The Bit Journal does not guarantee the accuracy, completeness, or reliability of any information provided in the price predictions, and we will not be held liable for any losses incurred as a result of relying on this information.
Investing in cryptocurrencies carries risks, including the risk of significant losses. Always invest responsibly and within your means.
