# .ton Domain Scams

In the **TON** network, a domain can be linked to any wallet and used instead of a long, complex address. This is convenient—but the lack of moderation also makes domains a perfect tool for scammers.

In this article, we’ll break down one of the most common schemes and explain how to avoid it.

### 🤔 What’s the scheme?

A **.ton domain** is created through [**TON DNS**](https://dns.ton.org). The address can contain any text—from a personal name to the name of a well-known service or brand. There’s no content review, and scammers take advantage of this by registering lookalike or misleading domains.

They then send contact people in messengers to trick the user into sending funds to their address.

### 🥷 How it works

{% stepper %}
{% step %}

#### Fake address registration

The scammer takes a real deposit address from a centralized exchange (like Binance or Bybit) and registers a similar-looking domain in the **.ton** zone.
{% endstep %}

{% step %}

#### False promises

The victim is told that depositing via this domain will “increase the deposit” or “unlock a bonus.”

For example, they might be asked to send funds to <kbd>bybitusdt.ton</kbd> or <kbd>0x742d35Cc6634C0532925a3b844Bc454e4438f44.ton</kbd>.

When sent, the funds go directly to the scammer—not to the exchange.
{% endstep %}

{% step %}

#### Building trust

At first, scammers return part of the transferred funds with a small “profit” to appear trustworthy. They do this quickly and visibly to reinforce the illusion of reliability.
{% endstep %}

{% step %}

#### Disappearing with a large sum

Once the victim sends a substantial amount, the scammer disappears. The funds are gone—blockchain transfers are irreversible.
{% endstep %}
{% endstepper %}

{% hint style="info" %}
Deposits to a CEX should only be made using the address provided on the official website or app.
{% endhint %}

### 🕵️ How to protect yourself?

1. **Check the address**

Before sending funds, make sure the recipient’s address exactly matches the official deposit address on the exchange. Even a single altered character means it’s a different wallet, and the funds will be lost.

2. **Use** [**Tonviewer**](https://tonviewer.com/) **or** [**Tonscan**](https://tonviewer.com/)

Enter the domain into a blockchain explorer to see which address it’s actually linked to—this helps detect substitutions or masking.

3. **Avoid third-party addresses**

For deposits, copy the address and MEMO only from the official exchange website or app. On some exchanges, MEMO is important—without it, the funds may not be credited.

{% hint style="warning" %}
If an offer sounds too good to be true, it probably is. Stick to basic [**security rules**](https://help.mytonwallet.io/intro/scams/how-to-protect-yourself-from-fraud) to protect your funds.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.mytonwallet.io/intro/scams/.ton-domain-scams.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.