According to Kaspersky researchers, scammers attempt to steam Toncoins (TON) from Telegram users worldwide using a highly scalable scheme involving cryptocurrency boosters and friend referrals.
Operational since November 2023, this scheme’s emergence has been growing since the rising popularity of TON and Telegram.
The scammers begin by prompting victims to join an unofficial Telegram bot, purportedly designed to store cryptocurrency, and to link it to a legitimate wallet. Simultaneously, the fraudsters instruct potential victims to purchase Toncoins through legitimate channels like the official Telegram bot, P2P markets, or cryptocurrency exchanges, which may lull them into a false sense of security.
Next, the victim is told to purchase so-called boosters using a separate bot. The scammers claim that users must complete this action to start earning. After the purchase, the user loses their cryptocurrency irrevocably. The costs of “boosters” – labelled by the scammers as “bike”, “car”, “train”, “plane”, or “rocket” – vary from 5 to 500 Toncoins depending on the tariff selected by the potential victim.
The Durov brothers originally developed the Telegram Open Network (TON) blockchain. An independent community now supports the project. Toncoin’s biggest advantage is Telegram. Messenger has reached 900 million monthly users and ranks the 6th most used and 6th most downloaded app globally. Therefore, the prospects for fraud associated with this blockchain are especially perilous.
The fraudsters have targeted victims worldwide. The threat actors devised a referral scheme to lure unsuspecting Telegram users. Potential targets receive a link to participate in an “exclusive earning program” from someone in their contact list.
“The ‘boosters’ are advertised by scammers as tools that allow users to earn on their coins. This scheme resembles boosters in online games – by purchasing one, the user gains additional advantages,” explains Olga Svistunova, Senior Web Content Analyst at Kaspersky.
After luring the user into purchasing the fake “boosters”, scammers take it one step further to scale the fraudulent scheme. The victim is prompted to create a private Telegram group with their friends and acquaintances, share a referral link generated specially and a video with instructions on “earnings”. The scammers pre-record this.
“The referral program is a key component of the scheme. The more people involved, the higher the scammers’ earnings. Perpetrators claim that at least five people should join the private group via the referral link so that a victim can start earning. They even suggest that victims call each person they invited to explain all the details verbally. According to the scammers, the victim will be paid for each friend they invite and will receive a commission for each booster purchased by referrals,” elaborates Olga Svistunova.
Kaspersky experts advise users to exercise caution regarding offers promising quick enrichment, even from friends or acquaintances. Additionally, it’s important to adhere to the following security measures:
- Do not transfer cryptocurrency to unknown or suspicious wallets.
- Use comprehensive protection for your crypto assets, such as Kaspersky Premium, which secures your crypto wallet from scammers, miners, and other threats. It also alerts you when visiting suspicious websites.
- Educate yourself, for example, by reading Kaspersky posts to stay updated on all the latest fraudulent schemes, and, if needed, inform your nearest and dearest—especially those who are not yet digitally savvy.
