The article examines the impact of smart contract vulnerabilities on The Open Network (TON) security in 2024, highlighting over 96,000 TON token losses due to a flaw in the TON Virtual Machine. It addresses the broader security challenges in blockchain platforms, with a focus on phishing attacks targeting TON’s growing user base and the comparative lack of security tools versus Ethereum. The content is tailored for developers, investors, and security professionals seeking insights into TON's security landscape and strategies for counteracting emerging threats. Key themes include vulnerability management, user protection, and security tool development.
Smart contract vulnerabilities led to losses of over 96,000 TON in 2024
The year 2024 marked a significant security challenge for The Open Network (TON) ecosystem when a critical vulnerability in the TON Virtual Machine led to substantial financial losses. This serious exploit, specifically involving nested Continuations in the VM's architecture, resulted in threat actors making off with more than 96,000 TON tokens. The vulnerability was formally acknowledged by the TON Blockchain team after being discovered and reported by security firm TonBit.
This incident represents a notable part of the broader security concerns affecting blockchain platforms in 2024, where smart contract vulnerabilities continued to pose serious risks despite accounting for a relatively smaller percentage of total crypto losses compared to other attack vectors.
| 2024 Blockchain Security Issues |
Percentage of Total Losses |
| Access Control Vulnerabilities |
75% |
| Smart Contract Vulnerabilities |
14% |
| Phishing Attacks |
Remaining % |
The TON VM vulnerability highlighted the importance of rigorous security auditing and testing, particularly as the TON ecosystem experienced explosive growth throughout 2024 with daily active addresses increasing from 26,000 in January to over 880,000 by December. Following the incident, TonBit not only identified the vulnerability but also proposed effective solutions to enhance the overall security of the TON virtual machine, contributing to greater ecosystem stability and preventing further exploitation of this particular vulnerability.
Phishing scams and malicious messages targeted TON's 38 million active users
The Open Network (TON) has witnessed substantial growth in its ecosystem, attracting approximately 38 million active users. This impressive adoption, however, has unfortunately made TON users prime targets for sophisticated phishing attacks and malicious messages. Cybercriminals are increasingly exploiting this expanding user base to orchestrate fraudulent schemes designed to compromise wallet security and steal digital assets.
These phishing attempts typically arrive through deceptive messages that mimic legitimate communications from TON-related services. The attackers craft convincing scenarios that create urgency, prompting unsuspecting users to click malicious links or share sensitive information such as private keys and passwords.
Security experts have documented various attack vectors targeting TON users:
| Attack Method |
User Impact |
Prevention Measure |
| Fake websites |
Credential theft |
URL verification |
| Malicious messages |
Wallet draining |
Source authentication |
| Fraudulent applications |
Malware installation |
Official store downloads |
| Social engineering |
Private key compromise |
Two-factor authentication |
The recent volatility in TON's price, which dropped from $3.375 to $1.972 between July and November 2025, has created additional opportunities for scammers to exploit user anxiety about market conditions. Users should exercise heightened vigilance by manually typing URLs, enabling all available security features, and verifying communications through official channels before taking action on any request involving their assets or account information.
While Ethereum enjoys a robust security framework developed over years, TON's security infrastructure remains comparatively underdeveloped, creating significant risk exposure for projects built on the platform. The lack of reliable security tools like Blockaid on TON exacerbates user vulnerabilities, particularly as the ecosystem experiences rapid growth.
| Security Feature |
TON |
Ethereum |
| Smart Contract Auditing |
Limited providers (Hacken, Beosin) |
Extensive ecosystem (Slither, MythX, Securify) |
| Bug Bounty Programs |
No specific program |
Multiple tiers ($250K-$1.5M rewards) |
| Static Analysis Tools |
Early development (TONScanner) |
Mature tooling (EVM-based analysis) |
| Formal Verification |
Limited (CertiK only) |
Multiple providers and methods |
The security risks in TON are further amplified by phishing attacks and sophisticated malware designed to exploit network vulnerabilities. Recent incidents highlight this concern - in 2025, TON narrowly avoided a critical crash due to a vulnerability that was detected and fixed. The SlowMist Security Team has released best practices specifically addressing these concerns, advising developers to avoid executing third-party code in contracts and to implement secure update practices.
As projects migrate to TON attracted by its performance capabilities, they must account for the increased security oversight required in an environment with fewer established security tools and standards.
FAQ
Is TON a good coin?
Yes, TON is considered a strong cryptocurrency. It ranks high among top coins and shows promising market performance. Its potential for growth makes it an attractive investment option.
Does Toncoin have a future?
Yes, Toncoin shows promise. Predictions suggest a price of $2.32 by 2030, with active market interest. Its future depends on broader crypto trends and continued development.
What is the Toncoin?
Toncoin (TON) is the native cryptocurrency of the TON blockchain, used for transactions, network operations, and decentralized applications. It supports a full ecosystem including decentralized storage and anonymous domain names.
How much is 1 Toncoin worth?
As of November 2025, 1 Toncoin is worth $2.33. You can buy about 0.577 TON for $1.
* The information is not intended to be and does not constitute financial advice or any other recommendation of any sort offered or endorsed by Gate.
