On July 1, Tether partnered with Web3 shopping and infrastructure company Uquid to allow Philippine citizens to pay social security funds with USDT on the Open Network (TON). This measure provides a beneficial practical case for the integration of the cryptocurrency industry and the real economy, indicating the positive role of cryptocurrencies in financial innovation and improving payment systems.

Over the past year, the price of $TON has increased more than fivefold, and its market value has entered the top ten. The prosperous TON has opened its doors to users, but we must be vigilant about the hidden threats. This article aims to provide risk warnings to users by explaining the security status of the TON ecosystem.

TON User Growth

According to Token Terminal data, as of July 2, the number of monthly active users on the TON network has increased from 228,000 at the beginning of the year to 4.64 million. TON’s rise is inseparable from the popularity of its Telegram-based click game. For example, the popular game Notcoin has attracted 35 million users by rewarding them for clicking on the screen, and Hamster Kombat claims to have accumulated 200 million users.

However, the millions of users who join the TON blockchain and hope to receive airdrops through various Telegram mini programs are not native cryptocurrency users. Under the viral game experience, they usually encounter wallets and seed phrases for the first time. Due to the lack of correct understanding of the irreversibility of blockchain transactions and the potential risks of on-chain transactions, such new users are prone to scams, hacker attacks, and asset losses.

TON appeared on the privacy-focused Telegram, providing a more convenient environment for scammers. As a non-EVM, TON has not yet integrated mature and advanced security tools available on EVM, which means that the security measures on the TON network may not be as comprehensive as other mainstream blockchains.

Hidden Risks in the TON Ecosystem

In addition to common zero-value transfer scams and NFT airdrop phishing scams on EVM, TON has typical transaction message scams.

Users who click on the pop-up window saying “Received +5,000 USDT” and send TON will not receive the “promised gift” of USDT. This is a new scam targeting TON, which adds misleading messages through the memo function during TON transfers to deceive users’ assets.

Bitrace discovered that the scam address O-ApOg2m was created on May 5. After 2 days and 14 memo transfers, the Russian word “прогрев,” meaning preheating, was left in the last test, indicating the start of the formal scam operation. The next day, O-ApOg2m harvested its first loot through the memo scam.

As shown in the image, victims continue to be scammed, sending varying amounts of TON tokens to the scam address O-ApOg2m in exchange for the promised 5,000 USDT. According to statistics, this simple transaction memo scam address has made profits of at least 22,000 $TON (about 1.28 million yuan) in just two months.

Victim expressing their anger towards the scammer in Russian memo

In addition to various scams on TON, Drainer has also extended its claws to the TON ecosystem. Drainer is a type of malware designed to illegally empty or “drain” cryptocurrency wallets. This software is offered for rent by its developers, which means anyone can pay to use this malicious tool. Bitrace discovered that a certain Drainer organization sells its services through Telegram groups and takes a 30% cut of the loot. They stated, “just to clarify: we don’t care where or who your victim is from. We allow draining from all countries including CIS. Nobody is special.”

Drainer organization shown in the image has accumulated 596 subscribers since its establishment in April and has advertised that it has made over 200,000 USD in profits in the TON ecosystem by mid-May.

Conclusion

With the expansion of the TON user base, balancing privacy protection and security needs has become an urgent problem. While security experts work to eliminate threats, users should also increase their awareness, learn to use TON browsers to identify scams, not trust unexplained airdropped assets, and not trust unrealistic transaction memos.

(The above content is excerpted and reproduced with the authorization of our partner PANews. Original article link)

Disclaimer: The article represents the personal opinions of the author and does not represent the views and positions of Blockcast. All content and opinions are for reference only and do not constitute investment advice. Investors should make their own decisions and trades, and the author and Blockcast shall not be liable for any direct or indirect losses resulting from investors’ transactions.