SlowMist Flags Escalated Phishing Attacks in the TON Ecosystem

SlowMist founder raises the alarm over “more and more phishing” activities in the TON Ecosystem.

Robot reaching to a ton wallet.
Created by Kornelija Poderskytė from DailyCoin
  • SlowMist founder has issued a security alert.
  • The alert warned users of increased phishing activities on a new blockchain.
  • The activities put users at risk of losing their Telegram accounts and crypto assets.

Blockchain security firm SlowMist, through its founder, raised the alarm on Monday over escalated phishing activities in the TON Ecosystem.

The Open Network (TON) ecosystem is a comprehensive blockchain platform hosting hundreds of decentralized applications (dApps) across DeFi, gaming, NFTs, and memecoins. The ecosystem gained a utility boost after Binance, the world’s largest exchange by trade volume, integrated TON for USDT transfers on June 21.

Escalated Phishing Activities on TON

On June 24, SlowMist founder Yu Xian (Mr. Cos) shared an alert on X (Twitter), urging users to beware of “more and more phishing activities” in the TON ecosystem.


According to the founder, the “Telegram ecosystem is too free,” which allows phishing links or bot forms to be spread through message groups, airdrops, and other deceptive ways to hack users’ assets in TON wallets.

The phishing attacks mainly target Anonymous Telegram Numbers, which users often leverage to create accounts that are not linked to traditional call and SMS-enabled SIM cards. An anonymous number can also be used to change the phone number of an existing account.

“If these are phished away, it means that the corresponding Telegram account may also be lost, unless the user has enabled an independent password, i.e. Two-Step Verification),” Mr. Cos explained. “The fishing methods are basically the same, so pay attention.”

SlowMist’s warning comes as phishing attacks continue to plague the crypto industry. In May Web3 security firm Scam Sniffer tracked $42 million in crypto assets stolen from around 32,000 victims through phishing scams.


As of this month, a user has already lost $11 million in aEthMKR and Pendle USDe due to signing multiple Permit phishing signatures.

Stay updated on OKX’s upgrades for preventing “deepfake” attacks:
OKX Founder Teases New Upgrades for Preventing ‘Deepfake’ Attacks

Read how Binance denied responsibility in Chinese investors’ $1M hack:
Binance Denies Responsibility for Chinese Investor’s $1M Hack

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Brian Danga

Brian Danga, a Kenyan crypto reporter, is dedicated to delivering breaking news and updates from the cryptocurrency world. With a background as a Web3 writer and project manager, he recognizes the importance of unbiased reporting. Holding an LLB degree from the University of Nairobi, Brian's analytical skills contribute to his accurate news reporting. His personal interests include cooking, watching documentaries, reading, and engaging in intellectual discussions.