Airdrop farming is the main way to earn from the TON ecosystem without capital. It is also the main loss channel — phishing, drain transactions, fake mini-apps. Per 2024–2025 data, scam-bot activity in Telegram grew 2000% and more than 1800 malicious bots collected logs from 5M victims. Below — how to farm and not lose.
Threat map: what attackers want
Before defending, understand what exactly attackers want. In TON-Telegram there are five primary targets.
1. Seed phrase. The Holy Grail — gives full control of the wallet. Any mini-app that asks for it is automatically a scam. Always. No exceptions.
2. Drain transaction signature. Through TON Connect a mini-app can ask you to sign a transaction that moves all your USDT-jettons, NFTs or TON to the attacker. The most dangerous — transfer from a jetton wallet, set_jetton_wallet, change_dns_record.
3. NFT discount scam. Fake “unique offers” — “buy a rare sticker for 0.001 TON” that is actually 0.001 TON × 1000 = full balance.
4. Telegram social engineering. “Project moderator” accounts, DMs asking to “pass KYC” via a phishing site, fake support bots.
5. Keyloggers and malware. Installing extensions disguised as “optimisers” or “trade bots”. Less common but critical — steals all keys at once.
The “compartmentalisation” principle
The main security principle is separation by risk level. You should have at least three separate wallets, ideally four.
| Tier | Purpose | Amount | Wallet |
|---|---|---|---|
| Cold | Long-term storage | Most | Tonkeeper / MyTonWallet + Ledger |
| Trading | Active DEX trades | Mid balance | Separate Tonkeeper account |
| Mini-app | All mini-apps and farming | Up to $50 | Separate hot wallet |
| Burner | Sketchy tests | $1–5 | Clean MyTonWallet |
Airdrop farming is tier 3 or 4. Never connect tiers 1–2 to mini-apps. A drain transaction from a burner wallet — $5 lost. From a cold wallet — everything.
!One wallet, one risk tier
Do not break this principle “just this once”. Each violation is a lottery where you mostly win time and occasionally lose everything. Most losses happen to people for whom “it usually worked fine”.
Checklist for a new mini-app connection
Before opening an unfamiliar app and especially before connecting your wallet, run through this.
Step 1. Link source.
- Only from the project’s official channel (verify the channel name in a search engine and compare with the project site).
- From the Tonkeeper / MyTonWallet whitelist.
- From a trusted source’s article (CoinGecko, ton.org, major media).
- NOT from a referral link in a stranger’s DM.
- NOT from an ad in a foreign channel without confirmation.
Step 2. Domain check.
- Compare the URL with the official site character by character — attackers use lookalikes (
tеlegram.orgwith a Cyrillic ‘е’). - Extensions like ScamSniffer or MetaMask Phishing Detection catch most clones.
Step 3. Contract check.
- On Tonscan / Tonviewer find the mini-app contract.
- Check age, transaction count, verification.
- Fresh contract plus millions of daily transactions is a common scam-collector signature.
Step 4. Read the signing prompt.
- Tonkeeper and MyTonWallet show a human-readable description.
- Any “approve all jettons” or “change DNS” — refuse.
- The transfer amount must match what you expected.
Step 5. Damage cap.
- Connect only the burner or mini-app wallet.
- Do not keep more than $30–50 there.
Attack types in detail
Drainer mini-app
Scenario: ad campaign promotes a “new airdrop”, the link points to a Notcoin or Hamster Kombat clone. After connecting, the app asks to “activate the account” — actually signing a transfer of all USDT.
Defence — never connect unfamiliar apps with the main wallet. Tell-tale: a signing prompt before play.
Fake support DM
Scenario: you ask in a public project chat. A minute later a “moderator” DMs you asking for verification through a link. The link points to a clone site asking for the seed.
Defence — never reply to DMs from “moderators”. Real support flows through public tickets or an official bot linked in the channel header.
Fake airdrop
Scenario: “Claim 1000 TON airdrop from Notcoin, connect your wallet here”. TON Connect connection, then a drainer transaction or a request to “pay gas” in a disproportionate amount.
Defence — official airdrops never ask you to send funds first. If they ask for “TON to activate” — guaranteed scam.
Scam NFT in the collection
Scenario: a “free NFT” lands in your wallet with “tap Approve to unwrap”. Approve fires the drainer.
Defence — never interact with unsolicited NFTs. Tonkeeper hides them from the basic view.
Phishing link spam in chats
Scenario: a bot posts “urgent Tonkeeper airdrop” in popular channels. The link goes to a phishing page.
Defence — never open links from mass spam. All official news comes only from the project’s own channel.
Fake wallet update
Scenario: a popup says “update Tonkeeper to 5.0 or your access will be blocked”. The link installs malicious software.
Defence — wallets only update via App Store / Google Play or the official site (for desktop). Never install an APK from a chat link.
Technical security rules
1. Enable 2FA on Telegram. Cloud Password is mandatory. Without it the account is exposed to SIM-swap.
2. Use a paper-only seed phrase. No cloud, no notes, no photo. Ideal — two copies in physically separate places.
3. Hardware wallet at the cold tier. Ledger or TonHardware (a new TON-specific hardware wallet) — guarantees the private key never leaves the device.
4. Regular TON Connect session cleanup. Once a month open Tonkeeper / MyTonWallet and disconnect all active sessions. Especially if you farm many mini-apps.
5. Separate browser for crypto. Brave or Firefox with ScamSniffer / Wallet Guard, no other extensions or logins.
6. No Bluetooth Ledger on public Wi-Fi. The vector exists; only pair at home.
×What you must NEVER do
- Do not enter the seed anywhere except the wallet app.
- Do not send the seed in a Telegram chat, even to yourself.
- Do not screenshot the seed.
- Do not store the seed in cloud notes, password managers, messengers.
- Do not connect Ledger to unknown apps.
- Do not sign transactions whose description you do not understand.
What to do if already compromised
If you entered the seed on a phishing site or signed a drain transaction.
Step 1. Move remaining assets. Open the wallet, transfer everything to a new address with a new seed. Do this from another device if you suspect malware.
Step 2. Close all TON Connect sessions. In Tonkeeper / MyTonWallet — Settings, Connected apps, Disconnect all.
Step 3. Rotate Telegram passwords. Cloud Password, active sessions, 2FA.
Step 4. Audit on-chain history. Use Tonscan to see recent transactions — understand what was stolen and when.
Step 5. Report to wallet and project. Tonkeeper and Tonscan have forms to add addresses to a blacklist. That helps others.
Step 6. Post-mortem. Note exactly how the compromise happened — that prevents repetition.
The old wallet is dead from now on. Never reuse it, even if it seems the attacker is gone.
Set up a separate hot wallet for farming
MyTonWallet — open source, supports TON Connect 2.0, available on iOS, Android, desktop and as an extension. Perfect for risk-tier separation.
→
Realistic income expectations
To save you from illusions — what farming actually pays in 2026.
| Activity level | Daily time | Monthly income |
|---|---|---|
| Casual | 10 minutes | $0–10 |
| Active | 30–45 minutes | $10–50 |
| Pro | 1.5+ hours | $50–200, not stable |
| Sybil farmer | many hours | unpredictable, high ban risk |
“Pro” requires monitoring 20+ projects in parallel, understanding trends and rapid rebalancing. That is work, not passive income.
Sybil farming (creating hundreds of accounts) is actively tracked by major projects since 2025 via on-chain pattern analysis and in-app behaviour. The vast majority of sybil accounts get 0 at TGE.
Daily “common sense” checklist
- No seed phrase anywhere except the wallet.
- All mini-apps opened only from the official source.
- Hot wallet separated from cold.
- Every signature reviewed.
- Moderator DMs ignored.
- Suspicious NFTs not opened.
- Monthly TON Connect session cleanup.
- Monthly tier rebalance.
Following this checklist drives scam losses near zero while preserving the ability to farm. For real earning — see the top games 2026 piece and the mini-apps guide.
Sources
- ton.org — Staying Safe on TON — official security guide.
- tonkeeper.helpscoutdocs.com — Common scams — practical scam breakdown.
- plisio.net — Telegram Scams 2026 — stats and red flags.
- hexn.io — Crypto Scams 2026 — current threat analysis.
Top comments (0)