A nightmare for currency bosses! Telegram’s common fraud vulnerability finally hides the login verification code

If Twitter is the most commonly used social platform for the cryptocurrency community, then Telegram is the most commonly used communication software. However, Telegram has a large number of social scams. Telegram accounts have been stolen through a Telegram verification login function, and even serious asset losses have occurred. This vulnerability has victimized many big names in the cryptocurrency industry, and Telegram finally has a remedial function to prevent it recently.
Telegram security vulnerability! Crypto giants are victimized one after another
Telegram has a login method that sends a verification code, and many malicious actors use this method to steal accounts.
Since Telegram can log in through a mobile phone number, as long as the user's mobile phone number is used, a "login verification code" can be sent to the mobile phone and the device being logged in. Because Telegram users’ mobile phone numbers are visible by system default, other users’ mobile phone numbers will be exposed to “contacts” or even “everyone” if they do not deliberately adjust the privacy settings.
The criminal modus operandi of malicious actors is as follows:
Malicious actors will send a message to the Telegram account of the encryption tycoon, indicating that "two duplicate encryption tycoons" appear in his contacts, and request the encryption tycoon to take screenshots of his mobile phone screen to assist in identification.
When the crypto guru takes a screenshot, the malicious actor will try to log in through the mobile phone number. At this time, Telegram's login verification code will also be pushed to the crypto guru's conversation line through the official account.
Through the previewed portion of the conversation, the five-digit login verification code will also be leaked. As shown below,
As long as the crypto tycoon does not set up Two-Step Verification, malicious actors can successfully seize the account by logging out of all the devices that the crypto tycoon is logged into.
Telegram vulnerability chain effect, TON wallet asset loss
Once a crypto tycoon is victimized, it is easier for malicious actors to pretend to be crypto tycoons and repeat this method to other friends to commit account fraud, creating a chain effect; they can steal data and get new accounts.
The scary thing is that since Telegram supports the cryptocurrency project Toncoin (TON) and has a built-in wallet application, when the crypto tycoon lost his account, he also lost the wallet permissions:
Telegram finally fixed the hole, and the login verification code is invisible
Perhaps because there are too many similar scams, the mysterious Telegram operation team finally previewed the "invisible" login verification code on the message terminal (but in actual testing, only the mobile version will be invisible, and the computer version will not):
As a result, the chance of the above method being established is even lower. But the important thing is that users should go to the settings interface to set up more protection features to avoid harm.
 
This article is a nightmare for currency bosses! Telegram’s common fraud vulnerability finally made the login verification code invisible. First appeared on Lian News ABMedia.