Secure Your TON Space
TON Space is a noncustodial wallet, which means responsibility for the safety of its funds lies solely with the owner of the wallet.
Sole access to the wallet and the ability to control its secret recovery phrase are key features of noncustodial wallets. This can result in greater security and independence, but also means greater personal responsibility.
That is why it is crucial to always be aware of your digital footprint and how you store your personal information, especially if it is connected to your crypto wallets.
Follow these simple rules and read further to learn more on how to make your experience with blockchain safer:
- Always do your own research before committing to any projects connected to finances.
- Always double-check before opening suspicious links or files. Such files could contain malware.
- Always be aware of social engineering. Even if you receive a message from someone you know, double-check before sharing personal information or sending them crypto, as it’s possible their account has been compromised.
- Always be aware of impersonators. Wallet will never DM you first, will never ask for access to your account, and will never ask for your secret recovery phrase
- Never share your 24-word secret recovery phrase with anyone, for any reason, as it gives full access to your funds.
- Never respond to unsolicited messages from people you don’t know. Any “offer” or “opportunity” they offer you is likely a hoax.
In this article, we will tell you what to pay attention to when using TON Space, so that your funds stay safe.
The main schemes that can be used for dishonest purposes
- Unverified jettons
- Fake NFTs
- Dust attack
- Impersonation of TON Space / Wallet / Telegram support team
- Rug Pulls or Pump and Dump schemes
- Phishing
- Fake airdrops and giveaways
- Fake bots on Telegram
- P2P Market orders using TON Space
Unverified jettons
In the TON blockchain, any user can create their own jetton with any name – even a name that is similar or identical to a more popular cryptocurrency.
Try going to ston.fi and when exchanging cryptocurrency in settings, turn on the toggles for ‘Deprecated assets’ and ‘Community assets’. On top of the list, in most cases, a legitimate jetton will be shown, and below - its duplicates, created by the community or dishonest users.
Be vigilant dealing with the jettons belonging to the second type. Most unverified jettons will be labeled with “The community does not have information regarding this jetton”.
Why are unverified jettons created
Such jettons are oftentimes created to defraud users. Verified jettons may show some value in fiat, while the price of an unverified asset is often zero.
In many chats dedicated to cryptocurrency, you can find offers from people who sell jettons at a reduced price. As a result, users looking to get a good deal send payment to these sellers, only to receive a valueless jetton or nothing in return.
How to distinguish an unverified jetton from a verified one
Each jetton in the TON blockchain has its own contract address. You can find the contract address of a jetton on ston.fi via the arrow next to its name.
When you open a jetton page in a blockchain explorer (for example, Tonviewer), you can see its contract address, its value as well as the number of holders. For verified and unverified jettons of the same name, these components should differ.
Below you can see an example of a verified GOI jetton in the explorer.
And here is an example of an unverified GOI jetton.
Fake NFTs
In addition to jettons, any user on the TON blockchain can create a counterfeit NFT that copies the design of legitimate NFT collections. Dishonest sellers usually try to sell them via crypto group chats, capitalizing on current trends.
When you go to GetGems (the main NFT platform for the TON blockchain), you can search for a specific collection. Official collections will have a ‘verified’ checkmark icon.
Below you can see an example of the official Notcoin voucher page in GetGems.
You can also find the official NFT contract address on GetGems. When inputting it into explorer, you’ll see a link to the official collection.
I obtained an NFT, but do not see it in my TON Space, even though the transaction is successful on the blockchain
It’s possible that you received a fake NFT mimicking an official collection. Fake NFTs will be hidden from view and will not appear in your TON Space, regardless of transaction status.
Only NFTs from official collections appear in TON Space. Make sure that you received the NFT from its official distributor, for example, via GetGems. If you believe it was indeed legitimate and do not see the NFT in your TON Space, but do see it on the blockchain, please contact the sender of the NFT.
Below, the first picture shows an original Notcoin voucher, while the second one belongs to a fake voucher. Always double-check the origin of an NFT.
I received an NFT with a link to a third-party website, are such NFTs and websites legit
If you received an NFT with a link or a QR code, please be careful and do not open the link, and do not scan the QR code especially if you don’t trust the sender. To secure your wallet, do not connect to unfamiliar or suspicious apps and do not confirm transactions without verifying their details.
TON Space provides NFTs on the TON blockchain, and does not bear responsibility for NFTs created by third-parties. TON Space is a non-custodial service, thus it is solely the owner’s responsibility to keep the assets safe.
Dust attack
I received a deposit with a small amount of TON, what does this mean? How did they get my address
This is likely a dust transaction.
“Dust” is a small amount of cryptocurrency, sent to wallets at random, in the hopes of identifying the owners of the wallets. Different bots exist that monitor transactions on the blockchain and send dust to random wallets. Such bots do not have access to your data, they simply send dust to any active wallets they see on the blockchain. By participating in transactions, your wallet address becomes publicly visible on the blockchain — there’s nothing to worry about, simply ignore any dust you receive and treat it like spam.
In order not to fall victim to a dust attack, if possible, do not exchange this “dust” via blockchain and do not withdraw it. Also do not click on unknown links, do not connect your TON Space wallet to unverified or suspicious apps and do not confirm transactions in unverified apps.
Impersonation of TON Space/Wallet/Telegram support team
TON Space, Wallet or Telegram employees will never message you first. We only contact users from our official accounts, and will never ask you to access outside platforms or third-party apps for any reason.
We only communicate through the official support bot Wallet Support Team. You can find the official bot in your Wallet settings.
Be careful: imposter accounts may try to appear official by using custom emoji in their name or status, but only our verified bot has a real verification checkmark from Telegram. Emoji in the status are not an account verification sign.
If you see such a message when opening the chat, tap ‘Block User’ immediately.
If you encounter suspicious messages, please immediately report them to TON Space support, and never reply to any requests or offers the fake bot might make.
I received a request to provide a Recovery phrase from Support, can I share it
Never share your Secret Recovery Phrase with anyone, even the TON Space support team. Our support team will never ask for your Recovery Phrase and can only reply to your support requests — they will never message you first.
Rug Pulls or Pump and Dump schemes
Unfortunately, some crypto projects use hype and social media reach to quickly increase the price of their cryptocurrency, so the creators can abandon the project (pull the rug out) and run away with the profits. They often rely on influencers or celebrities to promote their coin, leading to a rush of buyers and a sharp increase (pump) in coin value. However, once that happens, the coin creators and its early buyers sell off (dump) all their assets, leading to a huge loss in value for everyone else.
To avoid being a victim of this, you should always do your own research (DYOR) before investing in a project. We recommend that you study the project team and their history, and look for more details about them on blogs and social media.
Phishing
Attempts to gain access to your personal information or accounts through impersonation is known as phishing. To do so, impersonators often use email or messaging apps to contact you with false claims about your account. For example, someone might falsely claim that your TON Space has been compromised or will be banned unless you give them certain information or pay them some kind of “fee” to fix it.
Phishing schemes can be very personal, relying on social engineering and direct contact, or very impersonal — simply hoping you click on a malicious link or download a file containing malware. Almost all phishing schemes rely on creating false urgency — so that you are too scared to notice the warning signs. To protect yourself, here are a few basic rules:
Always check the actual email address of the person contacting you. Usually in phishing, the domain name will be slightly different than the official one. For example, someone impersonating “walletbot.net” might be sending you emails from “waletbot.net” or “walletbot.com”.
Never open links or attachments in emails or messages on devices with access to your TON Space. Even if the link or file comes from a trusted source (like a friend or family member), it’s possible that their account could have been compromised by phishing, and that the impersonator is using their account to mislead you.
I accidentally showed my Recovery Phrase to someone or entered it on a website. What should I do
If you accidentally shared your Recovery Phrase with a third-party website or showed it to someone, you will need to replace your TON Space as quickly as possible by creating a new TON wallet.
Once you create the new wallet, write down its Recovery Phrase (don’t share it with anyone!) and immediately transfer all the funds from your TON Space to the new wallet. After doing so, you should remove the compromised TON Space from your Wallet app. You can do so via this instruction.
After removing the compromised TON Space, you can create a new TON Space and transfer funds back to it. Your new TON Space will have a new Recovery Phrase and be completely separate and safe from the one you removed.
Under no circumstances should you ever share your Recovery Phrase with anyone. There is never a technical reason to share it — if someone tries to persuade you to do so, ignore them and block their account on whichever platform they’re using to contact you.
Fake airdrops and giveaways
Airdrops and giveaways are a common promotional tool for crypto projects — by giving away some of their cryptocurrency to fans and followers, they grow their audience and support their community. However, you must be aware that not all airdrops are legitimate, and that some fake airdrops and giveaways may look very convincing. In these cases, the fake airdrop promises you a free reward (usually in higher-value cryptocurrencies or NFTs) in exchange for sending some of your crypto or collectibles to their platform.
I received an NFT with a link to an airdrop. Is it real
Make sure that you received the NFT from the official distributor on GetGems or another verified website. If you received the NFT in a random transfer or not from a trusted source, simply ignore it and do not open any links it may contain.
To secure your wallet, do not connect to unverified or suspicious apps and do not confirm transactions without first verifying their details. Do not share your Recovery Phrase or your Telegram account data, including your phone number, login codes or password, with anyone.
Neither TON Space support nor Telegram support will ever ask you for your account data.
Fake bots on Telegram
Just like how phishing emails and sites attempt to look authentic, fake bots are built to fully imitate popular mini apps on Telegram — hoping that new users don’t notice. Many popular bots on Telegram have a verified checkmark, but it’s best to always confirm the username of the bot and make sure it matches the service you are trying to use.
The most common way that users interact with a fake bot is via advertisements in official Telegram channels. The channel will lead you to the bot, which then asks you to connect your TON Space. It usually then sends a notification that you need to top-up your balance and then perform some transaction via tapping “Confirm” — which is how the bot may get your funds.
Note: TON Space has no control over the content of third-party channels on Telegram. If you encounter a fake ad or bot, kindly report them to Telegram.
For your own safety, you should always be cautious when interacting with bots promoted by Telegram ads. If it does appear to be a verified and popular bot, make sure it has the correct username before proceeding with any kind of transaction.
I connected my TON Space to an unknown bot. I tapped on the ‘Confirm’ button and lost my funds. Can I get them back
Once the transfer is successfully initiated, it is impossible to return any funds — as blockchain transactions are irreversible.
By tapping the ‘Confirm’ button, you confirm the transfer of funds, so please always check who you’re sending funds to, and the details of the transaction, as the amount might be different than expected. Similarly, you should never send cryptocurrency or collectibles to unknown people or services.
To keep your TON Space secure, do not connect to unverified apps and never share your Recovery Phrase or account details with anyone.
See how to safely connect a TON Space wallet via TON Connect here.
P2P Market orders using TON Space
If you sell cryptocurrency on the P2P Market, potential buyers may ask you to communicate with them elsewhere, like on another messenger. To entice you, they may offer more favorable rates or a faster transaction. You should never accept such an offer. Any potential buyer looking to interact with you outside of the P2P Market should never be trusted.
By leaving the P2P Market to complete the transaction, Wallet support will be unable to help you if the buyer fails to send payment. For your own safety, all communication should only occur in the official order chat, and any crypto transfers should only take place within the P2P Market.
I followed an unknown link on the P2P Market, and my Telegram account got deleted. Will I be able to recover my TON Space wallet
There are only two ways of recovering your TON Space:
1. If you still have access to the Telegram account and email linked to your TON Space, you can recover your TON Space by opening the TON Space section of your Wallet app and requesting a recovery code via email.
2. If you do not have access to the Telegram account linked to your TON Space, the only way to recover your TON Space is by using its Recovery Phrase to import the address on a new Telegram account. If your Telegram account has been deleted and you do not know your Recovery Phrase, your TON Space will be impossible to recover.
To keep your TON Space secure, do not connect to unverified apps and never share your Recovery Phrase or account details with anyone.