Scammers are attempting to steal Toncoins (TON) from Telegram users worldwide using a highly scalable scheme involving cryptocurrency boosters and friend referrals, Kaspersky researchers found. This scheme has been operating since at least November 2023. Its emergence amidst the rising popularity of TON and Telegram makes it particularly perilous.
Victims from every corner of the world have been targeted by the fraudsters. The threat actors devised a referral scheme that lures unsuspecting Telegram users. Potential targets receive a link to participate in an “exclusive earning program” from someone in their contact list.
The scammers begin by prompting victims to join an unofficial Telegram bot, purportedly designed to store cryptocurrency, and to link it to a legitimate wallet. Simultaneously, the fraudsters instruct potential victims to purchase Toncoins through legitimate channels like the official Telegram bot, P2P markets, or cryptocurrency exchanges, which may lull them into a false sense of security.
Next, the victim is told to purchase so-called boosters using a separate bot. The scammers claim that users must complete this action to start earning. After the purchase, the user loses their cryptocurrency irrevocably. The costs of “boosters” – labeled by the scammers as “bike”, “car”, “train”, “plane”, or “rocket” – vary from 5 to 500 Toncoins depending on the tariff selected by the potential victim.
“The ‘boosters’ are advertised by scammers as tools that somehow allow users to earn on their coins. This scheme resembles boosters in online games – by purchasing one, the user gains additional advantages,” explains Olga Svistunova, Senior Web Content Analyst at Kaspersky.
How scammers aim to profit through victims’ friends
After luring the user into purchasing the fake “boosters”, scammers take it one step further to scale the fraudulent scheme. The victim is prompted to create a private Telegram group with their friends and acquaintances, share with them a referral link that has been generated specially and a video with instructions on “earnings”. This is pre-recorded by the scammers.
“The referral program is a key component of the scheme. The more people involved, the higher the scammers’ earnings. Perpetrators claim that at least five people should join the private group via the referral link so that a victim can start earning. They even suggest that victims call each person they invited to verbally explain all the details. According to the scammers, the victim will be paid for each friend they invite and they will receive a commission for each booster purchased by referrals,” elaborates Olga Svistunova.