Skip to main content
T TON Adoption
RU
Basics BEGINNER · 2026

7 beginner mistakes with TON and how to avoid them

The most common TON beginner mistakes: lost seed, phishing, address poisoning, Telegram scams, yield chasing. How to avoid each in 2026.

Author
TON Adoption Team · editorial
Published
6 min read

Most TON losses by beginners happen not from sophisticated hacking attacks, but from seven repeating mistakes that almost everyone starting out makes. Each has cost someone real money, and each can be avoided with a minute of attention.

Below — the seven most common, in order of cost.

Mistake 1: save your seed phrase in cloud or a messenger

What happens: the newcomer creates a wallet, sees 24 words, and thinks “let me save them in Telegram Saved Messages / Google Keep / Notes”. Some time later the account is breached, or the cloud auto-syncs to a device that someone else got hold of — and the seed leaks.

Why dangerous: the seed phrase = your wallet. Anyone with the seed can drain all funds in a minute. And you can’t revoke a seed — it’s not a password you can change.

Right way:

  • Write on paper. Pencil, not pen (paper fades over time, pencil doesn’t).
  • Store at home in multiple places (e.g., a duplicate at your parents’, in a bank safe deposit box).
  • For large amounts — metal seed plates (steel plates) that don’t burn or rot.
  • DO NOT keep in cloud, messengers, photo libraries.

Mistake 2: skip verifying recovery immediately

What happens: seed phrase is written down, the wallet works, the person is confident. Six months later the phone breaks, the person grabs the seed — and the words on the paper turn out to be misspelled, or not from the right wallet. TON lost.

Why dangerous: trusting your seed without verification = trusting hope. The act of writing doesn’t guarantee correctness.

Right way:

  • On day one after creating a wallet: delete the app → reinstall → recover from seed. See the same balance — seed works.
  • Do this immediately when there’s $50, not when there’s $50,000.
  • Re-verify once every six months for your main wallet.

Mistake 3: enter seed on a website

What happens: user sees a site “Tonkeeper Recovery” or “TON Wallet Restore” (phishing copy), enters seed to “restore” — and 30 seconds later all funds are gone.

Why dangerous: legitimate wallets never ask for the seed on websites. All recovery flows happen locally inside the app.

Right way:

  • Memorise: the seed phrase is only entered in the wallet app. Never in a browser. Never on a site. Never to a bot.
  • If a site asks for the seed “to check the balance” / “to authorise” / “to verify” — that’s 100% phishing.
  • Install wallets only from the official domain (tonkeeper.com, mytonwallet.io). Verify the URL character by character.

More — in our safe TON discovery checklist.

Mistake 4: trust “support” in Telegram

What happens: a newcomer asks a question in a public TON chat. Five minutes later a “Tonkeeper Support” account with a verified-looking avatar DMs them: “Hi, I’m the official support, here to help. For verification, please enter your seed phrase into the @tonkeeperSupportBot.”

Why dangerous: legitimate wallet support DOES NOT operate via DM. Tonkeeper, MyTonWallet, Wallet in Telegram — all communicate via open channels and chats, not personal messages.

Right way:

  • Anyone DMing you offering “help” is a scammer. No exceptions.
  • If you have a problem — post in the public support channel. Staff reply there, and everyone sees them.
  • If something came in DM — mark as spam, don’t reply.

More — social engineering in TG chats.

Mistake 5: copy an address from history without verifying

What happens: the newcomer once sent TON to a friend. The address sits in history. Today they send again — copy from history, paste, send. But the history actually has a replaced address (address poisoning attack): a scammer sent a small TON transaction from an address very similar to the friend’s, and history saved it.

Why dangerous: “copy from history” is the most convenient habit, and it turns into an attack vector.

Right way:

  • Verify the destination address character by character, especially the last 4-6. Takes 10 seconds.
  • For regular recipients (friend, exchange, your second wallet) — add to the address book under a name. Then you click “Friend” instead of copying an address.
  • Before a big transfer, do a 1-TON test. “Received” confirmation = safe to send the main amount.

More — address poisoning attacks.

Mistake 6: sign whatever a dApp asks

What happens: the newcomer connects to a new dApp through TON Connect. The wallet shows “Sign data for [site]”. Without reading, they click “Sign”. The request was actually a permission to drain all the wallet’s jettons.

Why dangerous: not every signing request is “just an authorisation”. Some requests give the dApp the right to debit funds without further confirmation.

Right way:

  • Read every signing request. The wallet shows: which dApp, which domain, what you’re signing.
  • If the request is unclear or shows “approve all” / “approve unlimited” — refuse.
  • An unknown dApp without audits and history — don’t even connect. More — TON Connect phishing.

Mistake 7: chase yield without understanding risk

What happens: newcomer sees a Telegram channel post: “new protocol on TON, APR 250%, get in fast”. They put a third of all their TON in, a week later TVL goes to zero, the contract shows a rugpull.

Why dangerous: in DeFi, APR > 50% always means either high risk or token emission that will dilute in months. APR > 200% — almost always a rugpull or ponzi.

Right way:

  • Baseline on TON — ~4-5% from Tonstakers (liquid staking, lowest risk).
  • LP pools on STON.fi / DeDust — 5-15% “real yield”, plus fees, minus impermanent loss.
  • Lending on EVAA — variable, floats 5-12%.
  • Anything above 30% APR in stablecoins, or 50% in TON — requires serious due diligence. Most such offers are scams.

More — APR vs real yield, TOP-5 strategies with real yield.

Bonus: rare but painful mistakes

  • Give a seed to “a friend who’ll help withdraw” — always ends with “the friend” pocketing it. Nobody actually withdraws TON using someone else’s seed legitimately.
  • Buy a “new Toncoin 10x” memecoin — most memecoins in Telegram channels live 2-3 weeks and zero out.
  • Use a wallet on a jailbroken/rooted device — built-in wallet protection becomes weaker.

What to do if you’ve already made one of these mistakes

MistakeUrgent action
Seed phrase compromisedCreate a new wallet, move ALL funds to a new seed. Discard old.
Didn’t verify recoveryDo it now. If seed doesn’t work — while you still have app access, move funds to a new wallet with a verified seed.
Entered seed on phishing siteImmediately move ALL remaining funds to a new wallet. Act in minutes, not hours.
Trusted DM “support”Don’t reply, block. If you already shared the seed — move to a new wallet.
Sent to wrong addressCheck the address in tonviewer. If yours, retrieve. If a stranger’s, contact wallet support (low odds).
Signed carelesslyThrough tonviewer check active approvals. Revoke any suspicious ones.
Bought a scam memecoinAccept as “tuition”. Don’t try to double down to recover.

Main rules in one line

  1. Seed on paper, verify recovery immediately.
  2. Never enter the seed anywhere except the wallet app.
  3. No DM support — all real support lives in public chats.
  4. Verify destination addresses character by character.
  5. Read every signing request.
  6. Yield above 30% — verify three times.
  7. Test transfer before any large operation.

If you memorise all seven — 90% of losses won’t happen to you. The cheapest education in crypto: 5 minutes reading now saves months of pain later.

Full first-month plan — TON for beginners: first 30 days. Safe discovery checklist — here.

Frequently asked

Losing the seed phrase without verifying recovery first. The wallet feels easy to set up, you think the seed is written down somewhere, half a year passes — then the device breaks and you can't restore. Second place: phishing (entering seed into a fake site). Third: address substitution on copy.
Yes. Not from advanced hacker attacks — from ordinary mistakes: saved the seed in the cloud, sent TON to an address from the wrong history entry, trusted 'support' in Telegram. Every mistake on this list has cost someone real money.
Practically no, if the mistake is purely yours (you typed a wrong address and funds went to a real wallet). If funds went to a scammer's address, you can try reporting the address to Tonkeeper / TON Foundation, but the chance of recovery is minimal. Main lesson: it's easier to prevent than to fix.
Depends on which. Compromised seed — immediately move all funds to a new wallet with a new seed. Sent to the wrong address — check whose address it is (in tonviewer); if it's yours, send back; if a stranger's, contact wallet support with low hope. Entered seed into phishing — move everything that's left immediately.
Main rule: legitimate wallet support NEVER messages you first in DM. If someone writes 'Hi, there's a problem with your wallet, let me check' — that's 100% a scam. Tonkeeper and MyTonWallet don't run DM support; they communicate only via channels/chats publicly.
Curated catalogues: [/en/wallets/](/en/wallets/), [/en/dex/](/en/dex/), [/en/cex/](/en/cex/), and our [glossary](/en/glossary/). Telegram channel @ton_adoption. Official Telegrams of protocols (NOT DM bots). Twitter of verified protocols. Avoid: nameless 'education channels' in Telegram that 'teach how to earn on TON'.

Related

← Back to blog