TON Blockchain Faces Increasing Phishing Attacks: SlowMist

TON Blockchain Faces Increasing Phishing Attacks: SlowMist

The Open Network (TON), a layer-1 blockchain associated with Telegram, is currently grappling with a surge in phishing threats. On June 23, the blockchain security firm SlowMist issued a warning regarding the escalating attacks, highlighting the vulnerability of TON’s decentralized applications and millions of users to widespread fraud.

Rising Phishing Attacks on the TON Ecosystem

Yu Xian, the founder of SlowMist, has brought attention to the recent security breaches plaguing the TON blockchain. Xian noted that the rapid growth of the TON ecosystem this year has made it an appealing target for phishing attackers.

Xian identified that the primary issue lies in the ecosystem’s susceptibility to phishing attacks, which allow scammers to infiltrate message groups. These malicious actors use phishing links and bot forms to deceive users and steal their assets within these groups.

“The Telegram ecosystem is too free, and many phishing links — or bot forms — are spread through message groups, airdrops, and other deceptive methods to lure away users’ TON wallets in batches,” Xian explained.

A significant concern is the increased risk for Telegram users with anonymous numbers. Introduced by Telegram in late 2022, these accounts can be created without a SIM card. Xian warned that if these accounts are compromised, users could lose access to their Telegram accounts, especially if they haven’t enabled additional security measures like independent passwords or two-step verification.

Originally designed as a privacy-enhancing feature, the use of blockchain-based anonymous numbers available on platforms like Fragment now appears to have a downside, increasing user vulnerability to phishing attacks.

Recent Exploits Highlight Broader Security Concerns

The warning about TON’s phishing attacks reflects a broader trend of vulnerabilities in blockchain-based applications, especially those integrated with messaging platforms like Telegram.

For example, the Solana-based Telegram trading bot Solareum recently shut down after a security breach allowed wallet drainers to steal over 2,800 SOL, valued at approximately $520,000, from more than 300 Solana users.

In February, the Web3 security company Blowfish identified two new sophisticated Solana drainers. Additionally, the cryptocurrency security firm Scam Sniffer revealed that wallet drainers have stolen $295 million from over 300,000 users in 2023, as malicious actors continue to deploy advanced techniques to steal funds from unsuspecting users.


The rising phishing attacks on the TON blockchain underscore the need for enhanced security measures in the rapidly growing ecosystem. Users are urged to implement additional security protocols and remain vigilant against phishing attempts to safeguard their assets. As the blockchain industry continues to evolve, addressing these security vulnerabilities will be crucial to maintaining user trust and the integrity of decentralized platforms.

Powered by Crypto Expert BD

Follow us on Twitter:

Join our Telegram channel:


No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *