CertiK Doubles Down on Finding Telegram Exploit

Users are advised to implement security measures on Telegram as CertiK reiterates its warning.

Guy moderating blockchain space and seeing paper planes fly around.
Created by Kornelija Poderskytė from DailyCoin
  • Blockchain security firm CertiK Alert is doubling down on the identified Telegram vulnerability.
  • Telegram brushed off the firm’s initial warning as inaccurate.
  • CertiK has urged the platform users to be cautious.

Cybersecurity in crypto is now more commonplace than ever, considering the threats the industry faces from relentless malicious actors. This has given rise to amped efforts by security experts, resulting in bolstered measures to protect users and mitigate losses. 

On Wednesday, April 9, a blockchain security firm alerted the industry of a vulnerability in Telegram’s social media platform. However, the platform swiftly blurred the claims, asserting the accuracy of the warning. 


Following a further investigation, CertiK has unveiled new findings.

CertiK Stands Firm on Telegram Vulnerability Claims

In a tweet on Friday, April 12, the blockchain security firm asserted that the Telegram threat exists despite the platform’s denial.

The double down followed the firm’s removal of its initial warning tweet, which resulted from Telegram’s assertion that it could not provide reliable information backing its claims.

A Telegram spokesperson informed DailyCoin that reports of a “zero-click vulnerability” in the company’s desktop app are “inaccurate.” The spokesperson went on to assert that the automatic download feature poses no risks to users with the option enabled.


Telegram stated that a separate issue was identified and patched, but that initial reports remained false.

"On Telegram Desktop, there was an issue that required the user to click on a malicious file while having the Python interpreter installed on their computer. Contrary to earlier reports, this was not a zero-click vulnerability." The spokesperson told DailyCoin.

A server-side fix has been applied to ensure that even this issue no longer reproduces.” They added, stating that the fix has been applied to all versions of Telegram Desktop. Despite this, questions about the flagged vulnerability remain across the industry.

What was the Alleged Telegram Vulnerability?

The reported threat, flagged by CertiK Alert, exists in Telegram’s media automatic download feature, which could result in extensive damage if exploited.

The security firm identified the vulnerability as a “Remote Code Execution” (RCE), a type of security flaw that grants attackers unauthorized access to users’ accounts and allows them to remotely execute commands or run malicious programs.

This could be facilitated by sharing compromised media files such as images, videos, or GIFs, which would automatically download onto a user’s device without requiring authentication.

While the exploit primarily affects Telegram’s desktop application, users should remain vigilant across all devices and adopt protective measures. These measures include disabling Telegram’s automatic download feature and implementing additional security measures like two-factor authentication and stronger passwords.

On the Flipside

Why This Matters

The blockchain security firm’s reaffirmation of concerns regarding Telegram underscores the importance of users upholding security practices to prevent exploitation and potential losses.

Read more on how to stay safe from the identified Telegram vulnerability:
Telegram Suffers Security Exploit: Are You at Risk?

The SUI token has suffered a major decline from its all-time high price; read more: 
SUI Struggles to Grip $1.50 in 45% Slide Below All-Time Peak

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Grace Abidemi

Grace Abidemi, a cryptocurrency reporter at DailyCoin, covers industry developments and trends. She previously worked as a freelance writer. With a Bachelor's degree in German Language and certifications in marketing and storytelling, Grace creates engaging content. When not working, she's in Nigeria, mastering cooking and canvas painting, and enjoys learning about different cultures and languages.