24/7 Support𝕏Download

.ton Domain Scams

In the TON network, a domain can be linked to any wallet and used instead of a long, complex address. This is convenient—but the lack of moderation also makes domains a perfect tool for scammers.

In this article, we’ll break down one of the most common schemes and explain how to avoid it.

What’s the scheme?

A .ton domain is created through TON DNS. The address can contain any text—from a personal name to the name of a well-known service or brand. There’s no content review, and scammers take advantage of this by registering lookalike or misleading domains.

They then send contact people in messengers to trick the user into sending funds to their address.

How it works

1

Fake address registration

The scammer takes a real deposit address from a centralized exchange (like Binance or Bybit) and registers a similar-looking domain in the .ton zone.

2

False promises

The victim is told that depositing via this domain will “increase the deposit” or “unlock a bonus.”

For example, they might be asked to send funds to bybitusdt.ton or 0x742d35Cc6634C0532925a3b844Bc454e4438f44.ton.

When sent, the funds go directly to the scammer—not to the exchange.

3

Building trust

At first, scammers return part of the transferred funds with a small “profit” to appear trustworthy. They do this quickly and visibly to reinforce the illusion of reliability.

4

Disappearing with a large sum

Once the victim sends a substantial amount, the scammer disappears. The funds are gone—blockchain transfers are irreversible.

Deposits to a CEX should only be made using the address provided on the official website or app.

How to protect yourself?

  1. Check the address

Before sending funds, make sure the recipient’s address exactly matches the official deposit address on the exchange. Even a single altered character means it’s a different wallet, and the funds will be lost.

  1. Use Tonviewer or Tonscan

Enter the domain into a blockchain explorer to see which address it’s actually linked to—this helps detect substitutions or masking.

  1. Avoid third-party addresses

For deposits, copy the address and MEMO only from the official exchange website or app. On some exchanges, MEMO is important—without it, the funds may not be credited.

If an offer sounds too good to be true, it probably is. Stick to basic security rules to protect your funds.

PreviousFake Decentralized ApplicationsNextClipboard Hijacking

Last updated