Crypto Security

New to TON? Consider this your go-to guide to safety in the TON ecosystem

Jul 10, 2024
6 mins read
Your Go-to Security guide for Ton ecosystem.jpg

It's no secret that TON, aka The Open Network—a public blockchain deeply bound to Telegram—has been making waves among the crypto community and attracting many users who want to gain an edge over others by investing in its new projects. Like the ecological pyramid, the scammers follow these innocent users to prey on them, like sharks follow the blood trail of their prey!

Challenges and suggestions:

As a user, you cannot follow the same security habits that kept you safe in the EVM due to the differences in technical characteristics between EVM and TON blockchain.

As a leading hardware wallet provider active in the TON ecosystem, we have compiled 4 security suggestions to help you navigate this space safely.

  1. Choosing the right wallet
  2. Protect yourself against common forms of phishing
  3. Identifying fraudulent phishing with the blockchain browser
  4. Using a hardware wallet for further security

Let’s understand these security suggestions one by one with detailed examples and guidance that you can follow at once:

1. Choosing the right wallet:

Due to the technical differences, the regular EVM wallets we use, such as MetaMask and Rabby, do not currently support TON. So, we need to install another wallet that does.

When it comes to choosing a wallet to secure your asset, you should evaluate the wallets based on certain aspects, such as:

  • Open-sourced,
  • Security features,
  • Ability to connect Hardware wallet,
  • Attention to analysing the transaction details, etc.

To give you a head start, we have done some basic research to make your job easier!

Imagine you are on a TON phishing site, and the hacker wants to drain some assets from your wallet with a fake airdrop transaction.

We took two TON wallets, namely, OpenMask and Tonkeeper, and tried to simulate the transaction on both.

OpenMask vs Tonkeeper

If we start with the OpenMask, It seems like a normal transaction to claim airdrops, right? Now, pause for a second and check the same transaction on the Tonkeeper. It gives us more information compared to the former and clearly breaks the hacker's trap by revealing that the site is trying to steal the FISH tokens from our wallet.

Now tell us, which wallet users are more likely to fall for this?

A secure wallet is like a 'giant magnifying glass' that can effectively reduce users' anxiety about identifying phishing scams. Recently, Keystone also successfully integrated with Tonkeeper, and this addition of a hardware wallet can increase users' security on TON by a tonne.

2. Protect yourself against the common forms of phishing

Like any other public chain, phishing is TON's most common and widely used attack. Let's learn the various phishing tricks followed by hackers:

A) Zero-amount transfer phishing:

Hackers send TON dust to many addresses in bulk and try baiting the receiver by mentioning such as "receive 1000 TON airdrop, visit “", etc. in the transaction notes of these transactions. This method is to trick you into visiting their scammy site and stealing your assets by fooling you into signing your own wallet drain transaction.

B) NFT Airdrop Phishing

Similar to the earlier method, hackers airdrop NFTs to multiple users' wallets and attach URLs of phishing websites or NFT marketplaces, luring users to sell these airdropped scam NFTs. If you receive such an NFT, do not interact with it because hackers set up these websites to steal assets from your wallets.

C) Beware of TON's unique "comment" feature

Unlike EVM, Ton has an optional comment field on all transfer transactions, similar to the “remarks” column when transferring money from the bank. This user-friendly feature has now become a playground for hackers, who use it to confuse their victims.

Transaction Comment

As shown in the image above, the hacker tries to manipulate the user by mentioning a fake transaction, "Received +10 227 810 848 43 FISH," in the comment field. But, in reality, the transaction is created to drain the existing FISH token from the victim’s wallet.

Now, you can understand that any average user will buy into this scam out of curiosity to get the fake airdrop and end up losing his assets.

Reminder: Do not trust any content in the trade message.

To protect our TON users, we are including a safety message under the comments section to alert them before executing the transaction.

Keystone's safety measure

3. Identifying fraudulent phishing with the blockchain browser

Similar to Ethereum’s Etherscan, the TON blockchain has Tonscan and Tonviewer to view on-chain information.

Tonviewer vs Tonscan

On comparing these two explorers, Tonviewer does a better job by marking the suspected phishing transactions as "SUSPICIOUS", and the fraudulent airdrop NFTs are labelled as "SCAM" to prevent users from falling into the trap. On the other hand, TONSCAN only displays on-chain information and lacks some security-related tips.

Scam label on fake airdropped NFTs

4. Using a hardware wallet for further security

On any public chain, using a hardware wallet to take the seed phrases off the grid and verify transactions twice is an effective security measure to protect assets.

Keystone enables TON users to enjoy supreme security by integrating with the TonKeeper wallet. For hardware wallet users, we have the following suggestions:

  • Use hardware wallets to save large assets
  • Separate multiple wallets using Keystone's 3 sets of mnemonics to prevent the risk of a single point of failure.
  • Carefully verify the transaction information displayed by Keystone to avoid signature phishing transactions.

Eager to BUIDL in TON ecosystem:

In the blockchain world, opportunity often goes hand in hand with risk. As you grow with the TON ecosystem, don't forget to protect your assets with our above security suggestions while you continue looking for quality projects to invest in. Being a leading hardware wallet provider, we are willing to contribute to improving the security of the users by closely working with all parties in the TON ecosystem and doing our best to build a secure interaction environment.

Keystone Hardware Wallet
Both hardware & software are open-source
Explore Keystone