Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
TON Ecosystem Security Guide: What are the common forms of fishing?

TON Ecosystem Security Guide: What are the common forms of fishing?

BlockBeats2024/06/25 07:58
By:BlockBeats
Original source: Keystone Chinese

 

This year, TON (The Open Network) has received a lot of attention. As a public chain deeply bound to Telegram, with a huge user base and the wealth-creating effect of new projects, users want to enter the TON ecosystem and find their own Alpha.

 

As the saying goes: Where there are people, there are rivers and lakes. For public chains with traffic, hackers will also come around like sharks smelling blood. As a public chain with technical characteristics different from EVM, you cannot use the security habits on EVM when interacting on TON.

 

As a hardware wallet manufacturer that actively promotes integration with the TON ecosystem, we have compiled some security suggestions to help everyone embrace the TON ecosystem safely.

 

1. Choose the right wallet

 

Due to different technical implementations, the EVM wallets that everyone is used to using, such as Metamask, Rabby, etc., do not currently support TON, so we need to install another wallet that supports TON.

 

At this time, a highly secure wallet is crucial for us. We can evaluate which wallet is more suitable for us from aspects such as whether the wallet is open source and whether it supports hardware wallets. In particular, we should pay attention to whether the wallet has a comprehensive analysis of transaction information.

 

For example, when facing a phishing website on TON, when the hacker wants to transfer some assets in my wallet, the transaction analysis results of the wallet software OpenMask and TonKeeper @tonkeeper are very different, as shown in the following figure:

 

 

In OpenMask's view, this is a normal "receive airdrop" transaction, but is it really the case?

 

For the same transaction, Tonkeeper showed us more information. It seems that the phishing website is trying to steal the FISH tokens in the wallet. The hacker's behavior was successfully revealed by Tonkeeper.

 

In comparison, which wallet do you think users are more likely to be fooled?

 

A wallet with better security is like a "magic mirror" that can effectively reduce users' anxiety in identifying phishing scams. Recently, Keystone has also successfully integrated with TonKeeper. I believe that the addition of hardware wallets can greatly improve the security of users on TON.

 

Second, prevent common phishing forms

 

Like other public chains, phishing is currently the most common attack form on TON, with the most victims. Let's take this opportunity to understand the phishing methods used by hackers on TON:

 

1. Zero-amount transfer phishing

 

Hackers send 0 TON in batches to many addresses, and then make notes on the transfer transactions such as "to receive the airdrop of 1,000 TON, visit "http://xxxxx.com", etc. "Inexperienced" users may be deceived, visit the phishing website, and conduct the so-called collection interaction, and as a result, valuable assets are stolen by hackers.

 

2. NFT airdrop phishing

 

In addition to token transfers, hackers will also try to airdrop NFTs to user wallets for phishing. In addition to beautiful pictures on NFTs, phishing website URLs will also be left to deceive users.

 

For example, in the following case, a fake fragment market link is left on the NFT airdropped to the user. When the user enters the fake market and tries to sell the airdropped NFT, he falls into the hacker's trap. Not only did he fail to sell the NFT, but other assets were transferred away.

 

3. Beware of TON's unique "transaction remark" function

 

Transfer transactions on TON all have an optional comment field, which we understand as a transaction remark during a bank transfer. This is a user-friendly function, but it is also used by phishing websites with ulterior motives.

 

As shown in the figure below, hackers try to get users to transfer FISH tokens from their wallets and write "Received +xxx,xxx,xxx FISH" in the transaction remarks, misleading users into thinking they will receive more FISH tokens than the current amount, thereby confirming the transaction.

 

 

Here we remind you not to believe anything in the transaction remarks, and we hope that in the future, various wallet software will provide clearer security tips for transaction remarks.

 

3. Use blockchain browsers to identify fraudulent phishing

 

On Ethereum, we often use etherscan to view on-chain information, and the corresponding tools on TON are tonscan and tonviewer.

 

 

By comparing the security functions of the two, we can find that tonviewer is better at identifying fraudulent phishing: not only does it give a suspicious prompt of "SUSPICIOUS" for suspected phishing transactions, but it also adds the word SCAM to the airdropped fraudulent NFT to prevent users from being fooled.

 

 

And tonscan only displays the information on the chain, lacking some security-related prompts. We recommend that users who have just entered the TON ecosystem use tonviewer to view the wallet address information first.

 

Fourth, use hardware wallets to further ensure security

 

On any public chain, using a hardware wallet to take the mnemonic off the network and perform secondary verification of the transaction are both effective means of protecting assets. Keystone integrates with the TonKeeper wallet, allowing TON ecosystem users to also enjoy the security brought by hardware wallets. For hardware wallet users, we have the following suggestions:

 

• Use hardware wallets to store large amounts of assets

 

• Use Keystone's 3 sets of mnemonics to store assets in multiple wallets to prevent single-point risks

 

• Carefully check the transaction information displayed by Keystone to avoid signature phishing transactions

 

In the blockchain world, opportunities often coexist with risks. As the TON ecosystem grows, while looking for high-quality projects to invest in, don't forget to protect the security of your assets. Keystone is also willing to continue to build with all parties in the TON ecosystem to build a safe interactive environment.

 

 

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!