TON Blockchain Faces Increasing Phishing Attacks: SlowMist
Telegram layer-1 blockchain The Open Network (TON) is facing growing phishing threats. On June 23, SlowMist warned of escalating attacks on the network, leaving its decentralized applications and millions of customers vulnerable to widespread fraud.
Rising Phishing Attacks On the TON Ecosystem
Yu Xian, founder of the blockchain security firm SlowMist, raised the alarm to address the recent security breaches on the TON blockchain.
Xian observed that the TON ecosystem had increasingly become an attractive target for phishing attackers amid the chain’s rapid growth this year.
The security expert pointed out that the TON phishing attacks stemmed from the ecosystem’s vulnerability, which made it easy for scammers to access message groups. Once they gain access, bad actors use phishing links and bot forms to deceive and steal from unsuspecting users within these groups.
“The Telegram ecosystem is too free, and many phishing links — or bot forms — are spread through message groups, airdrops, and other deceptive methods to lure away users’ TON wallets in batches,” Xian said.
Another particular concern is the heightened risk for Telegram users with anonymous numbers. These accounts are created without being tied to a SIM card, a feature introduced by Telegram in late 2022.
Xian warned that if these accounts are compromised through phishing attacks, users might lose access to their corresponding Telegram accounts. The risk is particularly serious with users who haven’t enabled additional security measures such as independent passwords or two-step verification.
The introduction of anonymous numbers on Telegram was initially seen as a privacy-enhancing feature, allowing users to log in without relying on a traditional SIM card. Instead, users can utilize blockchain-based anonymous numbers available on platforms like Fragment.
This feature now appears to be a double-edged sword, potentially increasing user vulnerability to phishing attempts.
Recent Exploits Highlight Broader Security Concerns
The warning about the TON phishing attack is part of a larger trend, as vulnerabilities in blockchain-based applications, particularly those integrated with messaging platforms like Telegram, are becoming increasingly common.
For instance, Solana-based Telegram trading bot Solareum recently shut down following a security breach. The vulnerability allowed wallet drainers to steal over 2,800 SOL, worth approximately $520,000, from more than 300 Solana users.
In February, Web3 security company Blowfish identified two new Solana drainers capable of sophisticated attacks.
With a tip from @phantom, our team at Blowfish identified the first live examples of this in two newer Solana drainers – "Aqua" and "Vanish".
These are both examples of 'drainers as a service'; meaning they provide the drainer script to customers for a fee.
Let’s break it down:
— Blowfish (@blowfishxyz) February 9, 2024
In addition, cryptocurrency security firm Scam Sniffer also revealed that wallet drainers stole $295 million from over 300,000 users in 2023 as bad actors continue to deploy sophisticated techniques to steal unsuspecting users’ funds.
