Mediaboss Marketing

The TON blockchain has been the crypto success story of 2024. Toncoins price has increased by more than 5x over the past year and it surged into the top 10 cryptocurrencies by market capitalization.

Its clicker games with airdrops like Notcoin and Hamster Kombat have helped drive daily active addresses above Ethers.

The 900 million users of the Telegram messaging platform excites proponents who see TON as a potential mass adoption play.

The eye-watering numbers are a projects dream, but its also an oasis for drainers stuck in Ethereum, where lakes of victims are starting to dry up.

Israel-based security firm Blockaid reports that cryptocurrency drainers have started migrating to The Open Network (TON), a blockchain initially developed by messaging app Telegram.

Were seeing a lot of drainers become more and more interested in the TON ecosystem [because] there is so much value streamed through TON, Raz Niv, co-founder of Blockaid, tells Magazine.

Crypto newcomers who have flocked to the platform for games are ideal, unsophisticated targets for drainers.

To make matters worse, draining activity on TON is relatively new, and the networks wallets dont yet contain the security tools that older chains like Ethereum do.

One TON drainer was seen phishing victims with the allure of 5,000 USDT. This scheme uses TONs unique comment feature, which allows transfers to contain a custom message for the recipient at the signing stage in their wallets.

When the transfer pops up saying Receive 5,000 USDT, along with a Confirm button, victims get hooked without knowing that theyre actually signing off on a token drain.

This simple yet effective trick earned one particular drainer at least 22,000 TON (about $152,000), according to Scam Sniffer.

More recently, the same suspicious address was seen spinning up a campaign related to a Notcoin airdrop phishing scam.

As TON gains popularity, phishing scams are on the rise. ScamSniffer has detected a surge in TON-related phishing sites past month, the security firm warned in a May tweet.

Magazine has found TON drainers scripts available for as little as $300 on Telegram, naturally.

Drainers are scam tools developers sell to help illicit actors steal cryptocurrencies. Scammers often hook investors via phishing links that set them up to get their assets stolen.

For example, a user who posts about a stuck transaction on Coinbase on X will often see a dozen replies from fake Coinbase support staff offering to help, leading to a fake website that tricks users into handing control of their wallet over to a drainer. Similarly, a post about revoking old token approvals (which is a good idea to avoid being exploited) may lead to a drainer.

In May, victims lost $42 million to phishing scams, with almost 80% of those victims coming from Ethereum, according to Scam Sniffer. Thats an increase from Aprils $38.6 million but down from $75 million in March.

Many of these drainers are looking for new opportunities because business has become difficult on chains like Ethereum, where security tools are increasingly able to sniff out malicious links and requests with high accuracy.

Blockaid is a security tool that poses one of the largest threats to the draining industry. Attached to wallets like MetaMask and Coinbase, the service simulates transactions behind the scenes and screens for suspicious transactions.

When a threat is identified, Blockaid posts stop signs on wallets to warn users of potential losses (some investors still decide to proceed despite multiple warnings).

A Blockaid bypass has become a feature advertised by the surviving drainers though not all of them work.

Over the past year, Blockaids wallet integration has played a key role in drainers closing up shop, with Violet Drainer being one of the latest examples to directly cite Blockaid as a reason for the shutdown.

Violet Drainer announced its closure in April 2024, citing a dropping scamming success rate due to Blockaids security tools as the primary reason.

Many drainers have been shutting down because of few hits, [and] all together draining has been getting harder, the operator of the former Violet Drainer Telegram channel tells Magazine, claiming the Telegram channel has been sold for $7,000 and is now under new management.

He (the new manager) is also draining but with a private drainer which claims to have a full Blockaid bypass, they say.

Private drainers operate in closed communities. In some instances, they require a stamp of approval from a group member to be onboarded to the draining services.

The Violet Drainer operator adds that drainers are switching over to a new coin that is now drainable.

In my opinion, its better than both SOL and ETH draining, the operator says.

When asked which cryptocurrency the drainers were moving to, the operator declined to comment as it would bring heat to the community.

But drainer operators in a number of Telegram communities single out TON and Bitcoin networks as prime candidates to become the new hot zones for draining.

Blockaids Niv tells Magazine that drainers are favoring TON.

The increased difficulty of draining on Ethereum and Ethereum Virtual Machine-compatible blockchains makes the increasing popularity of TON attractive. The blockchains user base is exploding on the back of viral mini apps usually tied with promises of future airdrops.

According to Token Terminal, the network had a record 5.7 million monthly users as of June 14, up from just 228,000 at the beginning of the year.

But its not as simple as porting over to TON, especially because TON is not inherently an EVM-based blockchain. Drainer developers have started offering multichain products for EVM chains like Ethereum, Binances BNB Chain or Avalanche.

For non-EVM chains like TON, developers must deploy new draining products.

Thats not to say that TON comes with new security vulnerabilities, but rather that advanced security tools and scam detectors arent integrated into the networks wallets yet.

Telegrams privacy-focused nature (encrypted messaging, though not end-to-end encryption) is attractive to users who feel mainstream messaging applications arent focused enough ondata protection and privacy. The messaging app has 900 million users, according to founder Pavel Durov.

However, its privacy-focused design has also made the application a platform ripe for illicit activities, and some have dubbed it the new dark web.

Blockaid says it is working on security measures across various blockchains, including TON, but isnt keen on sharing information and data that could be used by illicit actors to front-run the company.

Because of this cat-and-mouse game, everything that we show publicly is immediately being used by the drainers to try and circumvent us, Niv says.

TONs rise comes amid an eruption of popularity in Telegram-based games, which recently pushed the networks daily address count over Ethereum, excluding users on its second layer.

Notcoin, a viral Telegram game that rewarded users for tapping their screens, reportedly gained 35 million users. Its spiritual successor, Hamster Kombat, claims to have a player base of more than 150 million cumulative users.

Where there are large numbers of users and plenty of profits in crypto, youll find scammers and thieves.

The TON networks integration with Telegram, an app that champions privacy, makes for an even more convenient environment for scammers.

Telegram has been rising as an alternative to the dark web in recent years with cybercriminals migrating en masse to the messaging app from the traditional dark web.

A social engineering Telegram channel monitored by Magazine with over 5,500 members shows crypto criminals buying and selling each others services, such as SIM swapping and trading accounts, at cryptocurrency exchanges that have passed Know Your Customer verifications.

Frequently, scammers are seen arguing after getting scammed by another member of the channel.

Draining is among the services frequently offered in such Telegram channels.

Magazine has found a separate Telegram channel that is selling a TON drainer script.

The product is advertised as a wallet drainer script that only works with the Tonkeeper wallet as its still in its earliest available version.

At the time of writing, the drainer only works for two types of tokens, Toncoin and Jetton (TONs fungible tokens). The full source code is selling for $1,000 and a lighter version is offered at $300.

The millions of users who are joining the TON blockchain in hopes of receiving airdrops through various Telegram mini apps are not crypto natives and will be introduced to wallets and seed phrases for the first time through this viral experience.

Unfortunately for them (but fortunately for drainers), Blockaid does not yet support TON wallets. But it does scan and detect for malicious code in all DApps, including those on TON.

Crypto newbies who arent yet fully aware of the threats posed by drainers may have to find out the hard way until security tools land on the relatively new network.

We started from Ethereum blocked them there. They moved to Solana blocked them there. Now, theyre moving to TON. After this, they will be at the next chain, Niv says.

Ethereum-based assets, particularly ERC-20 tokens, are the most drained assets in the world, but even they have their limitations, according to Cos, founder of security firm SlowMist.

Thats because only one ERC-20 asset such as USDT or USDC can be drained at a time in a single transaction. The exception is that multiple tokens can be drained when approval is given to platform contracts (like OpenSea Seaport or Uniswap Permit2).

In Bitcoin, transactions use the UTXO model, where each transaction can include multiple inputs (unspent outputs from previous transactions) and multiple outputs (new UTXOs).

Since all Bitcoin-based assets (including native Bitcoin) exist as UTXOs, if a user is drained, all of their Bitcoin-based assets may potentially be drained simultaneously in a single transaction, Cos explains.

This means that if an attacker gains control over a users wallet, they can create a transaction that consolidates all UTXOs belonging to the user, potentially draining all Bitcoin-based assets in a single transaction, whether they be BRC-20s, Ordinals, Runes and even Bitcoin.

Blockchain forensics firm Chainalysis reported in May that it spotted the first Bitcoin drainer disguised as the website of Magic Eden, a non-fungible token marketplace that supports Bitcoin Ordinals trades.

This drainer stole about $500,000 across more than 1,000 transactions as of April 2024, Chainalysis said.

But Cos says that an even earlier incident suggests that Bitcoin drainers are already a year old.

In June 2023, a social media user reported a scam disguised as a BRC-20 project promoted alongside a suspicious phishing link.

The rise of TON presents a new frontier for drainers, expanding their lifespan as the Ethereum draining business becomes tougher.

Some of the most successful drainers have decided to retire, with Pink Drainer hanging up their boots after looting $85 million. Inferno Drainer closed in late 2023 after stealing $70 million, but in May started becoming active again.

TONs exploding user base of crypto newbies and Telegrams privacy features are providing new opportunities and a fresh sea of victims for illicit actors. The absence of reliable security tools like Blockaid on the TON network (for now) exacerbates the vulnerability of these users.

This is part of the ongoing cat-and-mouse game, as Niv calls it, in which security firms and cybercriminals battle to outmaneuver each other.

Once a security measure has been set up for the TON network, a new threat is bound to appear, as recently observed with rare incidents on Bitcoin, where a UTXO model presents an efficient draining scenario for bad actors.

The operator of Violet Drainers calls this phase of private drainers and threats in multiple blockchains the new era of draining.

But Blockaid claims that they are a step ahead of the drainers and that they are still able to identify and track draining activities whether they operate publicly or privately.

Subscribe

The most engaging reads in blockchain. Delivered once a week.

Yohan Yun is a multimedia journalist covering blockchain since 2017. He has contributed to crypto media outlet Forkast as an editor and has covered Asian tech stories as an assistant reporter for Bloomberg BNA and Forbes. He spends his free time cooking, and experimenting with new recipes.

Follow this link:

As Ethereum phishing gets harder, drainers move to TON and Bitcoin - Cointelegraph