Fraudsters have decided not to operate in TON. But is this a good thing?
Crypto scammers using malware to steal digital assets refused to attack TON users. However, things are not so clear-cut.
Scam Sniffer experts noted that the operators of a drainer popular among scammers rejected the TON network.
In a message published in an unspecified Telegram channel, the drainer creators announced its closure in the TON ecosystem. The main reason is the lack of crypto whales:
The malicious application’s developers are now moving to the Bitcoin blockchain, which will probably create many more opportunities for scammers to rob.
“What’s next? If you enjoyed draining on the TON network you will definitely live draining Bitcoins.”
One of the main reasons for the lack of whales is the vast number of airdrops on TON. They make fraud not the most profitable way to earn money: phishing schemes on The Open Network bring little profit, reducing scammers’ interest.
However, SlowMist founder Yu Xian said that such an assessment of whale activity in TON may need to be more complex. In his opinion, the drainer team may need to pay more attention to the potential of the TON blockchain.
“A phishing group on TON is ready to shut down, arguing that they believe TON has no whale players and is a small community. They have already turned to the Bitcoin ecosystem… Too realistic. Or maybe this gang isn’t smart enough.”
Yu Xian, SlowMist founder
How the TON blockchain became a new haven for scammers
TON has become one of the most successful stories of 2024, with the value of its token growing by more than 100% since the beginning of the year. In addition, integrating TON with the Telegram messenger, which has more than 900 million users, strengthened its position as a potential residence for the widespread distribution of cryptocurrency.
Scammers’ activity in TON arose against the backdrop of the rapid growth of the blockchain. Due to increased interest and investment in TON, fraudulent activity has gained momentum since at least November 2023.
The interest is mainly driven by the increasing popularity of mini-apps. They successfully exploited the popularity of projects such as Notcoin and Hamster Kombat. Typically, the attackers used the popularity of tap-to-earn games.
For example, Kaspersky Lab noted that scammers offered to earn Toncoin (TON) using bots and referral links. To make it easier to deceive users, the scammers recorded a video with instructions, created text manuals, and provided them with many explanatory screenshots.
Tonkeeper explained that the scammers rely on current trends in the ecosystem. For example, they created a token against the backdrop of the excitement caused by the launch of Hamster Kombat. Therefore, the names and tickers of fake tokens are often consonant with the names of popular projects.
“Usually, scammers create tokens before the official listing of the real coin. Check information about the token launch in official sources.”
Tonkeeper team
Experts from BlockAid also noted that attackers used leak tools previously used on the Ethereum and Solana platforms. In September, more than 300 malicious decentralized applications (dapps) were launched on TON, highlighting the growing threats.
What is the most popular blockchain for fraud?
Despite the growing popularity of TON, the blockchain has yet to boast of popularity among fraudsters, according to data from the REKT Database.
Thus, Ethereum became the leader in phishing attacks last year, suffering losses of over $65 million, 91% of the total loss. Arbitrum also suffered losses of $5.2 million, while Bitcoin lost $768,000.
In terms of exploits, Ethereum was also the most affected blockchain in this category, with losses of $482.7 million, while Binance was the most vulnerable to exit scams, with a loss of $74.5 million.
Regarding attackers’ move to the Bitcoin blockchain, CertiK, another well-known company in the blockchain security field, emphasized that scammers are becoming increasingly interested in Bitcoin due to its high transaction volumes, large user base, and significant total value locked (TVL).
Phishing attacks on Bitcoin have increased significantly in recent months. One of the most notable incidents was the attack on a Bitcoin whale that resulted in $238 million in losses, further highlighting the growing risks in this area.