New Dark Web Emerges? TON Used to Fund Pro-Russian Hacker Groups, Fueling Various Illegal Activities on Telegram
The U.S. cybersecurity firm ANALYST1 recently reported that Toncoin TON, one of the top ten cryptocurrencies by market capitalization, is being used by the pro-Russian hacker group "KillNet" as one of their operational funding sources, leveraging the anonymous accounts, wallets, and bot services of The Open Network. The integration of Telegram with TON is also seen as a new gathering place for illicit activities in the dark web.
"The deep integration of the Toncoin ecosystem with Telegram is worrisome. As bad actors transition from the dark web Tor to Telegram, resulting in a significant increase in illegal activities, the risk of Toncoin becoming increasingly popular among cybercriminals has also escalated," wrote ANALYST1.
The Open Network TON in-depth analysis Part 1: Innovations and Vision
Advertisement - Please scroll down for more content
Table of Contents
Pro-Russian Hacker Group KillNet Highly Utilizes Telegram and TON
Pro-Russian Hacker Group KillNet
ANALYST1 stated that KillNet is a pro-Russian hacker group that has been operating since late 2021, engaging in DDoS attacks, and using Toncoin as one of its funding sources. The organization targets entities that oppose Russian geopolitics to openly support Russia. According to KillNet's Telegram posts, it has launched multiple attacks on NATO countries.
KillNet, A Long-Time User of Telegram
KillNet has been using Telegram for an extended period, using it as a communication channel and for fundraising. They request financial support in both fiat currency and various cryptocurrencies, including Toncoin.
Three of KillNet's TON Fundraising Addresses
According to ANALYST1 research, three Toncoin addresses are highly believed to be associated with KillNet: KillNet Address #1, KillNet Address #2, and KillNet Address #3. Investigations reveal that these three addresses have collectively received nearly 16,800 Toncoin.
In addition to donations to these three addresses, KillNet supporters also leave patriotic Russian comments, such as "Glory to Russia," through multiple transactions conducted via Telegram's Ton wallet and bots.
KillNet Utilizes Telegram's Fragment Anonymous Account Service
The Fragment anonymous account service on Telegram is an anonymous phone number auction marketplace that allows creating a Telegram account without a SIM card. Users can input any desired number with a length of 4-8 digits, link it to the Ton blockchain wallet Tonkeeper, and then use TON tokens for bidding.
This means that individuals can purchase Telegram accounts with TON without revealing their real identities. KillNet used the registration service without a SIM card to purchase the username @killnet linked to one of KillNet's channels on November 18, 2022, for 600 Toncoin.
Telegram's Privacy Upgrade! Fragment Launches "Phone Number" Market, Buy an Anonymous Account for $17
Only a Fraction of KillNet
ANALYST1 indicates that through a single case study, the flow of funds from these three addresses to exchanges can be traced. However, further investigation is required to uncover the full extent of Toncoin usage by KillNet.
Illegal Risks of Telegram and Ton
ANALYST1 believes that cybercriminals are often attracted to specific cryptocurrencies due to their features that facilitate illegal activities. Several factors may lead to a broader adoption of Toncoin TON by malicious actors within the Telegram ecosystem. TON aims to attract nearly 30% of Telegram's active users, which amounts to around 300 million users in the next three to five years, potentially escalating illicit activities.
Illegal Activities Shift from the Dark Web Tor to Telegram
ANALYST1 notes that over the past two years, an increasing number of malicious actors have shifted from the dark web Tor to Telegram, resulting in a sharp rise in illegal activities on Telegram. Various illicit services, including paid DDoS attacks, money laundering services, carding, ransomware, "Initial Access Broker" (IAB), and hacker groups like KillNet, are observed on Telegram.
Telegram's Large Russian User Base Poses Risks
ANALYST1 points out that with 30.73% of Telegram traffic originating from Russia and a significant number of Russian-speaking individuals engaging in illicit activities, there could be a broader adoption of Toncoin.
TON x Telegram x Russian Finance
ANALYST1 believes that the deep integration of Toncoin TON with various Telegram services, such as wallets, crypto bots, donations, and Fragment, poses risks exploited by malicious actors. The ease, anonymity, and availability provided by buying and sending cryptocurrencies within the platform enable illicit actors. Moreover, the involvement of Russian financial institutions further amplifies the risks. This accessibility streamlines money laundering activities for cybercriminals and creates potential opportunities, ranging from direct exploitation by cybercriminals to the participation of money mules.
Ton Foundation's Ties to Russia
Interestingly, Max Pertsovskiy, the Chief Operating Officer of Ton Foundation, was previously the Chief Operating Officer of Waves Labs. Waves Labs has maintained close ties with Russian government agencies and has been involved in handling Russian financial flows, attracting significant attention during the Russia-Ukraine conflict.
TON x DWF x Huobi
Ton received a controversial investment from market maker DWF Labs, providing tens of millions of dollars in investment and responsible for market making for Ton. Andrei Grachev, Managing Partner at DWF Labs, previously served as the CEO of Huobi Russia, and currently, HTX Huobi has the highest liquidity for Ton among exchanges.
ANALYST1 Issues a Warning to the World
ANALYST1 emphasizes the importance of implementing robust measures and regulations to effectively prevent illicit activities within the Toncoin ecosystem. While Toncoin is not the sole cryptocurrency used in cybercrime, its deep integration with Telegram raises concerns. Given the significant illicit activities on Telegram facilitating cybercriminals, continuous monitoring is essential.
Top 10 Cryptocurrencies: Limited Liquidity for TON, Unlisted on Binance, Coinbase
Although TON is among the top 10 cryptocurrencies by market capitalization, its liquidity and market value ratio are relatively low compared to other cryptocurrencies. For instance, Bitcoin has a "Trading Volume/Market Cap" ratio of 0.026, ETH 0.035, while TON stands at only 0.004, indicating poor liquidity conditions.
Furthermore, TON is the only cryptocurrency among the top 10 by market capitalization not listed on Binance and Coinbase. 43.6% of trading volume is concentrated on HTX Huobi, and 16.87% on Poloniex, warranting further exploration into the reasons behind this.
Related
- China improves infiltration methods: Taiwanese military officer accepts USDT in exchange for national secrets, Telegram anonymous individuals
- Microsoft and CrowdStrike issue lead to the largest IT outage in history
- Multiple robberies reported at Belgium's ETHCC, suspected to target participants of the cryptocurrency summit