Skip to main content
T TON Adoption
RU
← Glossary
NODE/03 · Term

Social engineering

A class of attacks that manipulates the human, not the code. The attacker convinces the victim to surrender data, transfer funds, or sign a malicious transaction through deception, pressure, and emotional triggers.

Aliases: manipulation attack, human hacking

Social engineering is the most effective way to defeat any technical defence. The attacker does not break Ed25519 and does not find a TVM bug — they persuade the user to hand over the keys or sign the wrong transaction.

In crypto, social engineering accounts for the vast majority of losses, far more than smart-contract exploits.

Common TON-specific scenarios

  • Fake support. A Telegram account claiming to be “Tonkeeper moderator” offers “wallet verification” via entering the seed phrase. Real support never works that way. The very premise — handing your seed to a stranger — should trigger zero trust.
  • “Airdrop help”. “I’ll help you claim, just send the seed” is the classic. More refined: the victim is offered a “joint multisig” and asked to sign a transaction that adds the attacker as an owner.
  • Fake job. Victim is recruited for a crypto role, receives a “test task” link that is either a drainer or a malware download.
  • Romance / pig-butchering scams. Long correspondence, gradual trust building, then a “joint investment” through a controlled DEX or exchange. Months of manipulation, then everything is drained.
  • Urgency via authority. “I’m Durov, urgent matter” — impersonation account of a famous person, pressure, hurry.

Triggers exploited

  • Greed. “Free TON”, “exclusive airdrop”, “guaranteed 30% per week”.
  • Fear. “Your wallet is locked, verify now”, “suspicious activity detected”.
  • Urgency. “Today only”, “17 minutes left”.
  • Authority. “I’m from the dev team”, “moderator”, “exchange representative”.
  • Trust built over time. Long relationship before the actual attack.
  • Fatigue and pressure. Midnight, long chat, emotional state.

Defence

Technology helps little here. The defence is behavioural:

  • Never share the seed phrase, with anyone, ever. No exceptions. Anyone asking is malicious.
  • Cold DMs are scams by default. Partnerships, support, help — only through official channels.
  • Urgency is a red flag. Demands for an immediate decision are almost always suspicious.
  • Cross-verify on a second channel. “Durov messaged”? Check Durov’s actual channel.
  • Slow down. A 15-minute pause kills most attacks: the emotional trigger fades, the rational brain re-engages.

Social engineering cannot be patched by TON Connect or a hardware wallet — only by a slow, sceptical attitude toward every message.

Related terms