On July 1, Tether partnered with Web3 shopping and infrastructure company Uquid to allow Philippine citizens to pay social security funds with USDT on the Open Network (TON). This move provides a useful practical case for the integration of the crypto industry and the real economy, and foreshadows the positive role of cryptocurrency in financial innovation and improving payment systems.
In the past year, the price of $TON has risen more than 5 times, and its market value ranks among the top ten. The ecologically prosperous TON has opened its doors to users, but we must always be vigilant against the threats lurking in the dark.This article aims to warn users of risks by explaining the security status of the TON ecosystem.
TON Ecosystem Users Surge
According to Token Terminal data, as of July 2, the number of monthly active users of the TON network surged from 228,000 at the beginning of the year to 4.64 million. TON's rise is inseparable from the popularity of its Telegram-based click games. For example, the popular game Notcoin has attracted 35 million users by rewarding users for clicking on the screen, and Hamster Kombat claims that its cumulative users have reached 200 million.
However, the millions of users who joined the TON blockchain and hoped to receive airdrops through various Telegram applets are not native cryptocurrency users. They are often exposed to wallets and seed phrases for the first time under the viral game experience. Due to the lack of correct understanding of the irreversibility of blockchain transactions and the potential risks of on-chain transactions, these new users are extremely vulnerable to fraud, hacker attacks and other incidents, resulting in asset losses.
TON appeared on Telegram, which advocates privacy, providing a more convenient environment for fraudsters. As a non-EVM, TON has not yet integrated the mature and advanced security tools on the EVM, which means that the security protection measures on the TON network may not be as complete as other mainstream blockchains.
TON Ecosystem Implicit Risks
In addition to the common zero-amount transfer scams of EVM and NFT airdrop phishing scams, the more typical scams on TON are transaction message scams.
After the user clicked the pop-up window of "Received +5,000 USDT" and sent TON, he did not receive the "promised" USDT. This is a new scam developed by fraudsters against TON, using the postscript function in the TON transfer process to add misleading information to defraud users of assets.
After in-depth tracking, Bitrace found that the fraud address O-ApOg2m was created on May 5. After 14 PS transfer tests in 2 days, the Russian word "прогрев" was left in the last test, which means warm-up, and then the formal fraud operation was started. The next day, O-ApOg2m received the first sum of stolen money through the PS scam.
As shown in the figure, victims were deceived one after another and sent varying amounts of TON tokens to the O-ApOg2m fraud address in exchange for the 5,000 USDT promised in the postscript. According to statistics, in just two months, this simple transaction message fraud address has made at least 22,000 $TON (about 1.28 million RMB).
The victim denounced the scammer in a Russian PS
In addition to various scams appearing on TON, Drainer has also stretched its claws to the TON ecosystem. Drainer is a malware designed to illegally empty or "drain" cryptocurrency wallets. This software is rented out by its developers, meaning that anyone pays to use the malicious tool. Bitrace found that a Drainer organization sold its services through Telegram groups and collected a 30% share of the stolen money. They made a statement saying "just to clarify: we don’t care where or who your victim is from. We allow draining from all countries including CIS. Nobody is special."
Since its establishment in April, the Drainer organization shown in the above picture has accumulated 596 subscribers, and in mid-May it advertised that it had made more than $200,000 in profits in the TON ecosystem.
Written in the end
With the expansion of TON's user base, how to balance privacy protection and security needs has become an urgent problem to be solved. Opportunities are fraught with risks. While security experts are working hard to eliminate threats, users should also be more vigilant and learn to use TON browsers to identify SCAMs. They should not easily believe in unfounded empty investments or unrealistic transaction notes.
