Original author: Bitrace

Original source: PANews

On July 1, Tether partnered with Web3 shopping and infrastructure company Uquid to allow Filipino citizens to pay social security funds with USDT on the Open Network (TON). This measure provides a useful practical case for the integration of the crypto industry and the real economy, and heralds the positive role of cryptocurrencies in financial innovation and improving payment systems.

Over the past year, the price of $TON has increased more than 5x, ranking among the top 10 cryptocurrencies by market capitalization. The ecologically prosperous TON has opened its doors to users, but we must always be wary of threats lurking in the dark. This article aims to provide risk warnings to users by elaborating on the security status of the TON ecosystem.

TON ecosystem users surge

According to Token Terminal data, as of July 2, the number of monthly active users of the TON network has surged from 228,000 at the beginning of the year to 4.64 million. The rise of TON is inseparable from the popularity of its Telegram-based click games. Take the popular game Notcoin as an example, which has attracted 35 million users by rewarding users for clicking on the screen. Hamster Kombat claims that its cumulative users have reached 200 million.

However, the millions of users who join the TON blockchain and hope to receive airdrops through various Telegram applets are not native cryptocurrency users and are often exposed to wallets and seed phrases for the first time through viral gaming experiences. . Due to the lack of correct understanding of the irreversibility of blockchain transactions and the potential risks of on-chain transactions, these new users are extremely vulnerable to fraud, hacker attacks and other incidents, resulting in asset losses.

TON’s presence on privacy-advocating Telegram provides a more convenient environment for scammers. As a non-EVM, TON has not yet integrated the mature and advanced security tools on EVM, which means that the security protection measures on the TON network may not be as complete as other mainstream blockchains.

TON Ecological Implicit Risks

In addition to the common EVM zero-amount transfer scams, NFT airdrop phishing and other scams, the more typical ones on TON are transaction message scams.

After the user clicked on the "Received +5,000 USDT" pop-up window and sent TON, he did not receive the "promised gift" of USDT. This is a new scam developed by fraudsters targeting TON. They use the postscript function in the TON transfer process to add misleading messages to defraud users of their assets.

After in-depth tracking by Bitrace, it was discovered that the fraudulent address O-ApOg2m was created on May 5. After a total of 14 postscript transfer tests in 2 days, the Russian word "прогрев" was left in the last test, which means warm-up. The formal fraud operation began. The next day, O-ApOg2m made his first haul via a PS scam.

 

As shown in the picture, victims were deceived one after another and sent varying amounts of TON tokens to the O-ApOg2m scam address in exchange for the 5,000 USDT promised in the postscript. According to statistics, in just two months, this simple transaction message fraud address has made a profit of at least 22,000 $TON (approximately 1.28 million yuan).

The victim denounced the scammer with a Russian postscript. In addition to various scams appearing in TON, Drainer has also extended its claws to the TON ecosystem. Drainer, a type of malware specifically designed to illegally empty or "drain" cryptocurrency wallets, is made available for rent by its developers, meaning anyone pays to use the malicious tool. Bitrace discovered a Drainer group selling its services through Telegram groups and taking a 30% cut of the stolen goods. They made remarks saying, “just to clarify: we don’t care where or who your victim is from. We allow draining from all countries including CIS. Nobody is special.”

The Drainer organization shown in the picture above has gained a total of 596 subscribers since its establishment in April, and in mid-May it announced that it had made more than 200,000 US dollars in profit from the TON ecosystem.

write at the end

As the TON user base expands, how to balance privacy protection and security needs has become an issue that needs to be solved. There are risks hidden behind the opportunities. While security experts are working hard to eliminate threats, users should also increase their vigilance, learn to use the TON browser to identify SCAM, and do not believe in unreasonable empty investment assets or unrealistic transaction notes.

(The above content is excerpted and reprinted with the authorization of our partner PANews, original text link)

Statement: The article only represents the author's personal views and opinions, and does not represent the objective views and positions of the blockchain. All contents and opinions are for reference only and do not constitute investment advice. Investors should make their own decisions and transactions, and the author and Blockchain Client will not be held responsible for any direct or indirect losses caused by investors' transactions.

〈With the surge in users in the TON ecosystem, what are the risks hidden behind the opportunities? 〉This article was first published in "Block Guest".