SECURITY

"Click to receive 5000 ETH?" Dangerous TON wallet phishing! Wallet displays false received payment information, deceiving users to transfer TON assets

share
"Click to receive 5000 ETH?" Dangerous TON wallet phishing! Wallet displays false received payment information, deceiving users to transfer TON assets

Recently, a large number of Key Opinion Leaders (KOL) have been actively promoting the Telegram blockchain Ton. In addition, the US venture capital firm Pantera has included TON tokens in its latest fund, calling it "TON, our largest investment ever," which has brought more attention to the Ton blockchain. However, security issues cannot be ignored. Security software company Scam Sniffer exposed a bizarre phishing attack incident on 5/10.

Scam Sniffer: Click and Get 5000 USDT, But You Will Lose Money

Scam Sniffer indicates that when you click on a pop-up link promising you 5000 USDT, after confirmation, the TON in your wallet disappears without any USDT coming in.

Scam Sniffer breaks down the attack principle:

Deconstructing the Phishing Principle

Scam Sniffer states that during the transfer of TON, a Comment can be included.

For TON wallets like Tonkeeper, during the signature stage, these comments are displayed, leading to misunderstandings.

As shown below:

It is actually a transaction to transfer out TON, but the attacker adds a note "Received 5000 USDT" to mislead regular users.

Phishing websites for TON also tailor different misleading comments for each phishing activity.

Within a few days, this method has already gained nearly 400 TON.

Scam Sniffer mentions that as the popularity of the Ton network rises, phishing activities are becoming more rampant.