What is the minimum to know before farming TON drops?

Three things — what a seed phrase is and why nobody can see it, how TON Connect works and what transactions it signs, and how to separate the main wallet from the working one. Without these, farming is a lottery with negative expected value.

Can I farm with a single main wallet?

You can, but it is strongly discouraged. One compromised mini-app drains the whole balance. The base practice — two wallets — main and hot for mini-apps.

How do I tell if a mini-app is a scam?

Several markers — the official link in a verified project channel, review count, presence in the wallet whitelist (Tonkeeper, MyTonWallet maintain catalogues), no seed/private-key requests, clear text in the transactions you sign.

What if I entered the seed phrase on a suspicious site?

Act immediately — open the wallet, transfer all funds to a new address with a new seed, revoke all TON Connect permissions in the active session, check older transactions for suspicious outflows. The compromised wallet is dead — never touch it again.

How much can you safely earn from farming?

Realistic 2026 range — $0 to $100 per month across a dozen projects in parallel, with 30–60 minutes a day invested. Profits like '$5000 per airdrop' are no longer the norm — they are the exception.

How to farm TON drops safely: anti-scam guide 2026

Airdrop farming is the main way to earn from the TON ecosystem without capital. It is also the main loss channel — phishing, drain transactions, fake mini-apps. Per 2024–2025 data, scam-bot activity in Telegram grew 2000% and more than 1800 malicious bots collected logs from 5M victims. Below — how to farm and not lose.

Threat map: what attackers want

Before defending, understand what exactly attackers want. In TON-Telegram there are five primary targets.

1. Seed phrase. The Holy Grail — gives full control of the wallet. Any mini-app that asks for it is automatically a scam. Always. No exceptions.

2. Drain transaction signature. Through TON Connect a mini-app can ask you to sign a transaction that moves all your USDT-jettons, NFTs or TON to the attacker. The most dangerous — transfer from a jetton wallet, set_jetton_wallet, change_dns_record.

3. NFT discount scam. Fake “unique offers” — “buy a rare sticker for 0.001 TON” that is actually 0.001 TON × 1000 = full balance.

4. Telegram social engineering. “Project moderator” accounts, DMs asking to “pass KYC” via a phishing site, fake support bots.

5. Keyloggers and malware. Installing extensions disguised as “optimisers” or “trade bots”. Less common but critical — steals all keys at once.

The “compartmentalisation” principle

The main security principle is separation by risk level. You should have at least three separate wallets, ideally four.

Tier	Purpose	Amount	Wallet
Cold	Long-term storage	Most	Tonkeeper / MyTonWallet + Ledger
Trading	Active DEX trades	Mid balance	Separate Tonkeeper account
Mini-app	All mini-apps and farming	Up to $50	Separate hot wallet
Burner	Sketchy tests	$1–5	Clean MyTonWallet

Airdrop farming is tier 3 or 4. Never connect tiers 1–2 to mini-apps. A drain transaction from a burner wallet — $5 lost. From a cold wallet — everything.

Checklist for a new mini-app connection

Before opening an unfamiliar app and especially before connecting your wallet, run through this.

Step 1. Link source.

Only from the project’s official channel (verify the channel name in a search engine and compare with the project site).
From the Tonkeeper / MyTonWallet whitelist.
From a trusted source’s article (CoinGecko, ton.org, major media).
NOT from a referral link in a stranger’s DM.
NOT from an ad in a foreign channel without confirmation.

Step 2. Domain check.

Compare the URL with the official site character by character — attackers use lookalikes (tеlegram.org with a Cyrillic ‘е’).
Extensions like ScamSniffer or MetaMask Phishing Detection catch most clones.

Step 3. Contract check.

On Tonscan / Tonviewer find the mini-app contract.
Check age, transaction count, verification.
Fresh contract plus millions of daily transactions is a common scam-collector signature.

Step 4. Read the signing prompt.

Tonkeeper and MyTonWallet show a human-readable description.
Any “approve all jettons” or “change DNS” — refuse.
The transfer amount must match what you expected.

Step 5. Damage cap.

Connect only the burner or mini-app wallet.
Do not keep more than $30–50 there.

Attack types in detail

Drainer mini-app

Scenario: ad campaign promotes a “new airdrop”, the link points to a Notcoin or Hamster Kombat clone. After connecting, the app asks to “activate the account” — actually signing a transfer of all USDT.

Defence — never connect unfamiliar apps with the main wallet. Tell-tale: a signing prompt before play.

Fake support DM

Scenario: you ask in a public project chat. A minute later a “moderator” DMs you asking for verification through a link. The link points to a clone site asking for the seed.

Defence — never reply to DMs from “moderators”. Real support flows through public tickets or an official bot linked in the channel header.

Fake airdrop

Scenario: “Claim 1000 TON airdrop from Notcoin, connect your wallet here”. TON Connect connection, then a drainer transaction or a request to “pay gas” in a disproportionate amount.

Defence — official airdrops never ask you to send funds first. If they ask for “TON to activate” — guaranteed scam.

Scam NFT in the collection

Scenario: a “free NFT” lands in your wallet with “tap Approve to unwrap”. Approve fires the drainer.

Defence — never interact with unsolicited NFTs. Tonkeeper hides them from the basic view.

Phishing link spam in chats

Scenario: a bot posts “urgent Tonkeeper airdrop” in popular channels. The link goes to a phishing page.

Defence — never open links from mass spam. All official news comes only from the project’s own channel.

Fake wallet update

Scenario: a popup says “update Tonkeeper to 5.0 or your access will be blocked”. The link installs malicious software.

Defence — wallets only update via App Store / Google Play or the official site (for desktop). Never install an APK from a chat link.

Technical security rules

1. Enable 2FA on Telegram. Cloud Password is mandatory. Without it the account is exposed to SIM-swap.

2. Use a paper-only seed phrase. No cloud, no notes, no photo. Ideal — two copies in physically separate places.

3. Hardware wallet at the cold tier. Ledger or TonHardware (a new TON-specific hardware wallet) — guarantees the private key never leaves the device.

4. Regular TON Connect session cleanup. Once a month open Tonkeeper / MyTonWallet and disconnect all active sessions. Especially if you farm many mini-apps.

5. Separate browser for crypto. Brave or Firefox with ScamSniffer / Wallet Guard, no other extensions or logins.

6. No Bluetooth Ledger on public Wi-Fi. The vector exists; only pair at home.

What to do if already compromised

If you entered the seed on a phishing site or signed a drain transaction.

Step 1. Move remaining assets. Open the wallet, transfer everything to a new address with a new seed. Do this from another device if you suspect malware.

Step 2. Close all TON Connect sessions. In Tonkeeper / MyTonWallet — Settings, Connected apps, Disconnect all.

Step 3. Rotate Telegram passwords. Cloud Password, active sessions, 2FA.

Step 4. Audit on-chain history. Use Tonscan to see recent transactions — understand what was stolen and when.

Step 5. Report to wallet and project. Tonkeeper and Tonscan have forms to add addresses to a blacklist. That helps others.

Step 6. Post-mortem. Note exactly how the compromise happened — that prevents repetition.

The old wallet is dead from now on. Never reuse it, even if it seems the attacker is gone.

Realistic income expectations

To save you from illusions — what farming actually pays in 2026.

Activity level	Daily time	Monthly income
Casual	10 minutes	$0–10
Active	30–45 minutes	$10–50
Pro	1.5+ hours	$50–200, not stable
Sybil farmer	many hours	unpredictable, high ban risk

“Pro” requires monitoring 20+ projects in parallel, understanding trends and rapid rebalancing. That is work, not passive income.

Sybil farming (creating hundreds of accounts) is actively tracked by major projects since 2025 via on-chain pattern analysis and in-app behaviour. The vast majority of sybil accounts get 0 at TGE.

Daily “common sense” checklist

No seed phrase anywhere except the wallet.
All mini-apps opened only from the official source.
Hot wallet separated from cold.
Every signature reviewed.
Moderator DMs ignored.
Suspicious NFTs not opened.
Monthly TON Connect session cleanup.
Monthly tier rebalance.

Following this checklist drives scam losses near zero while preserving the ability to farm. For real earning — see the top games 2026 piece and the mini-apps guide.

Sources

ton.org — Staying Safe on TON — official security guide.
tonkeeper.helpscoutdocs.com — Common scams — practical scam breakdown.
plisio.net — Telegram Scams 2026 — stats and red flags.
hexn.io — Crypto Scams 2026 — current threat analysis.