On July 1st, Tether collaborated with Web3 shopping and infrastructure company Uquid, allowing Filipino citizens to use USDT to pay social security funds on the Open Network (TON). This initiative provides a beneficial example of integrating the cryptocurrency industry with the real economy, highlighting the positive role of cryptocurrencies in financial innovation and improving payment systems.
Over the past year, the price of TON has increased more than fivefold, propelling its market value into the top ten. The thriving ecosystem of TON has opened its doors to users, but caution must be exercised against lurking threats. This article aims to alert users to risks by describing the current security situation within the TON ecosystem.
According to Token Terminal data as of July 2nd, the monthly active users on the TON network surged from 228,000 at the beginning of the year to 4.64 million. TON’s rise can be attributed in part to its Telegram-based click games, such as the popular game Notcoin, which has attracted 35 million users through its screen-tapping reward mechanism, and Hamster Kombat, boasting 200 million cumulative users.
However, many of the millions who have joined the TON blockchain, eager to receive airdrops through various Telegram apps, are not native cryptocurrency users. Exposed through viral game experiences, they often encounter wallets and seed phrases for the first time. Due to a lack of understanding of irreversible blockchain transactions and the potential risks of on-chain transactions, these new users are vulnerable to scams, hacking, and asset losses.
The presence of TON on privacy-focused Telegram provides a convenient environment for fraudsters. As a non-EVM (Ethereum Virtual Machine), TON has not yet integrated mature and advanced security tools available on EVM, suggesting that its security measures may not be as robust as those on other mainstream blockchains.
In addition to common EVM scams like zero-value transfer scams and NFT airdrop phishing, TON faces typical scams such as transaction message scams. Users deceived by pop-ups claiming “Received +5,000 USDT” after sending TON often do not receive the promised USDT. This new type of scam capitalizes on misleading information added through the transaction memo feature of TON transfers.
Bitrace investigation reveals that the scam address O-ApOg2m, created on May 5th, executed 14 test transactions over two days, with the final test including a Russian message “прогрев” (preheating), before initiating full-scale fraudulent operations. Subsequently, O-ApOg2m harvested its first proceeds through memo scams.
As depicted, victims continue to fall prey, sending varying amounts of TON tokens to the scam address in exchange for the promised 5,000 USDT memo. Statistics indicate that within just two months, this simple memo scam address has profited at least 22,000 TON tokens (approximately 1.28 million RMB).
In addition to various scams, the TON ecosystem is also threatened by Drainer. This malicious software is designed to illegally empty or “drain” cryptocurrency wallets and is available for rent from its developers, who claim a 30% share of the stolen funds. The Drainer organization, with 596 subscribers since its establishment in April, has already boasted profits exceeding $200,000 in the TON ecosystem by mid-May.
In conclusion, as the user base of TON expands, striking a balance between privacy protection and security needs becomes an urgent issue. Behind every opportunity lies inherent risks. While security experts work to eliminate threats, users must remain vigilant, learn to use TON browsers to identify scams, and avoid trusting unexplained airdropped assets and unrealistic transaction memos.
