TON's ecosystem user surge, what risks are hidden behind the opportunities?

On July 1st, Tether partnered with Web3 shopping and infrastructure company Uquid, allowing Filipino citizens to use USDT to pay social security funds on the Open Network (TON). This move provides a beneficial practical case for the integration of the cryptocurrency industry with the real economy, heralding the positive role of cryptocurrency in financial innovation and improving payment systems.

In the past year, the price of $TON has pumped more than 5 times, and its market cap has entered the top ten. The thriving TON ecosystem has opened its doors to users, but we must always be vigilant against the threats lurking in the dark. This article aims to alert users to the risks by elaborating on the security status of the TON ecosystem.

TON ecosystem users surge

According to Token Terminal data, as of July 2nd, the monthly active user count of the TON network surged from 228,000 at the beginning of the year to 4.64 million. The rise of TON is inseparable from the popularity of its Telegram-based click games. Taking the popular game Notcoin as an example, it has attracted 35 million users by rewarding them for clicking on the screen, while Hamster Kombat claims to have accumulated 200 million users.

However, millions of users who joined the TON blockchain and hope to receive airdrops through various Telegram mini-programs are not native cryptocurrency users. Under the viral game experience, they are usually exposed to wallets and seed phrases for the first time. Due to a lack of proper understanding of the irreversibility of blockchain transactions and the potential risks of on-chain transactions, these new users are highly susceptible to scams, hacker attacks, and other incidents, resulting in asset losses.

TON appears on the privacy-focused Telegram, providing a more convenient environment for scammers. As a non-EVM, TON has not yet integrated mature and advanced security tools on EVM, which means that the security measures on the TON network may not be as comprehensive as other mainstream blockchains.

TON ecosystem implies risks

In addition to the common zero-value transfer scam and NFT airdrop phishing scam on EVM, the more typical scam on TON is the transaction message scam.

Users did not receive the promised USDT after clicking on the ‘Received +5,000 USDT’ pop-up and sending TON. This is a new type of eyewash scam specifically targeting TON, where scammers use the memo function during the TON transfer process to add misleading information in order to deceive users’ assets.

After in-depth investigation, it was found that the scam address O-ApOg2m was created on May 5th. After 2 days of testing with 14 transactions, the last test message was in Russian, saying “прогрев”, which means preheating. After that, the formal fraud operation began. The next day, O-ApOg2m obtained the first proceeds through the scam with postscript.

As shown in the figure, the victims were deceived one after another and sent varying amounts of TON tokens to the scam address O-ApOg2m in exchange for the promised 5,000 USDT with a memo. According to statistics, within just two months, this simple transaction memo scam address has made a profit of at least 22,000 TON tokens (about 1.28 million RMB).

The victim used a Russian note to denounce the scammer.

In addition to all kinds of scams appearing on TON, Drainer has also extended its claws to the TON ecosystem. Drainer is a type of malware specifically designed to illegally empty or “drain” cryptocurrency wallets, and this software is offered for rent by its developers, meaning that anyone pays to use the malicious tool. Bitrace discovered that a Drainer group was selling its services through a Telegram group and receiving a 30% share of the stolen money. They made a statement saying "just to clarify: we don’t care where or who your victim is from. We allow draining from all countries including CIS. Nobody is special.」

The Drainer organization shown in the figure has accumulated 596 subscribers since its establishment in April, and in mid-May, it promoted that it has made over 200,000 U.S. dollars in profit in the TON ecosystem.

At the end

As the TON user base expands, balancing privacy protection with security needs has become an urgent issue. There are risks behind opportunities. While security experts are working hard to eliminate threats, users should also increase their vigilance, learn to use the TON browser to identify SCAM, not trust unexplained airdropped assets, and not trust unrealistic transaction memos.