Scammers Leverage Telegram’s Popularity To Steal Toncoins

Scammers are attempting to steal Toncoins (TON) from Telegram users worldwide using a highly scalable scheme involving cryptocurrency boosters and friend referrals, Kaspersky researchers found. This scheme has been operating since at least November 2023. Its emergence amidst the rising popularity of TON and Telegram makes it particularly perilous.

Victims from every corner of the world have been targeted by the fraudsters. The threat actors devised a referral scheme that lures unsuspecting Telegram users. Potential targets receive a link to participate in an “exclusive earning program” from someone in their contact list.

The scammers begin by prompting victims to join an unofficial Telegram bot, purportedly designed to store cryptocurrency, and to link it to a legitimate wallet. Simultaneously, the fraudsters instruct potential victims to purchase Toncoins through legitimate channels like the official Telegram bot, P2P markets, or cryptocurrency exchanges, which may lull them into a false sense of security.

Next, the victim is told to purchase so-called boosters using a separate bot. The scammers claim that users must complete this action to start earning. After the purchase, the user loses their cryptocurrency irrevocably. The costs of “boosters” – labeled by the scammers as “bike”, “car”, “train”, “plane”, or “rocket” – vary from 5 to 500 Toncoins depending on the tariff selected by the potential victim.

“The ‘boosters’ are advertised by scammers as tools that somehow allow users to earn on their coins. This scheme resembles boosters in online games – by purchasing one, the user gains additional advantages,” explains Olga Svistunova, Senior Web Content Analyst at Kaspersky.

How scammers aim to profit through victims’ friends

After luring the user into purchasing the fake “boosters”, scammers take it one step further to scale the fraudulent scheme. The victim is prompted to create a private Telegram group with their friends and acquaintances, share with them a referral link that has been generated specially and a video with instructions on “earnings”. This is pre-recorded by the scammers.

“The referral program is a key component of the scheme. The more people involved, the higher the scammers’ earnings. Perpetrators claim that at least five people should join the private group via the referral link so that a victim can start earning. They even suggest that victims call each person they invited to verbally explain all the details. According to the scammers, the victim will be paid for each friend they invite and they will receive a commission for each booster purchased by referrals,” elaborates Olga Svistunova.

The Telegram Open Network (TON) blockchain was originally developed by the Durov brothers. The project is now supported by an independent community. Toncoin’s biggest advantage is Telegram. The messenger has reached 900 million monthly users and ranks as the 6th most used and 6th most downloaded app in the world. Therefore, the prospects for fraud associated with this blockchain are especially perilous.

Kaspersky experts advise users to exercise caution regarding any offers promising quick enrichment, even if they come from friends or acquaintances. Additionally, it’s important to adhere to the following security measures:

  • Do not transfer cryptocurrency to unknown or suspicious wallets.
  • Use comprehensive protection for your crypto assets, such as Kaspersky Premium, which secures your crypto wallet from scammers, miners, and other threats. It also alerts you when visiting suspicious websites.
  • Educate yourself, for example by reading Kaspersky posts to stay updated on all the latest fraudulent schemes, and, if needed, inform your nearest and dearest – especially those who are not yet digitally-savvy.