
A Deep Dive into the 2024 TON Ecosystem: Technical Analysis and Major Security Incidents
TechFlow Selected TechFlow Selected

A Deep Dive into the 2024 TON Ecosystem: Technical Analysis and Major Security Incidents
This article provides a comprehensive analysis of TON ecosystem's basic architecture, flexible proof-of-stake mechanism, expanded use cases and advantages, as well as recent major security incidents and corresponding countermeasures.
With the rapid development of blockchain technology, various ecosystems have emerged one after another. Among them, TON (The Open Network), created by Telegram, has gradually become a focal point in the industry due to its unique architecture and powerful features. Another key reason is Telegram's massive user base, with over 700 million active users, providing TON with a broad foundation for promotion and adoption. In 2024, the TON ecosystem made significant progress in technological innovation, application expansion, and security protection. This article provides a comprehensive analysis of TON’s basic architecture, flexible Proof-of-Stake mechanism, expanded use cases and advantages, as well as recent major security incidents and corresponding countermeasures, aiming to present readers with a thorough and in-depth overview of the TON ecosystem.

Introduction and Architecture of TON
TON (The Open Network) is a blockchain and digital communication protocol developed by Telegram, designed to build a fast, secure, and scalable blockchain platform that delivers decentralized applications and services to users. By integrating blockchain technology with Telegram's communication capabilities, TON achieves high performance, strong security, and excellent scalability. It enables developers to build various decentralized applications and offers distributed storage solutions. Compared to traditional blockchain platforms, TON provides faster processing speeds and higher throughput, employing a Proof-of-Stake consensus mechanism.
Flexible and Shardable PoS Architecture
TON adopts a Proof-of-Stake consensus mechanism and achieves high performance and multifunctionality through Turing-complete smart contracts and an asynchronous blockchain design. The lightning-fast and low-cost transactions on TON are supported by its flexible, shardable architecture, which allows seamless scaling without sacrificing performance. Dynamic sharding involves initially developing separate shards with specific purposes that can run simultaneously, preventing large-scale transaction backlogs. TON has a block time of 5 seconds and finality within less than 6 seconds.
The existing infrastructure is divided into two main components:
● Masterchain: Responsible for handling all critical protocol data, including validator addresses and staked coin amounts.
● Workchains: Secondary chains connected to the masterchain, containing all transaction information and various smart contracts, each workchain capable of having different rules.
This layered architecture not only enhances network efficiency but also lays a solid foundation for future scalability.
Expanded Use Cases and Advantages
Supported by its robust technical architecture, the TON ecosystem achieved notable advancements across multiple fronts in 2024. The TON Foundation, a decentralized autonomous organization (DAO) operated by the core TON community, provided comprehensive support to various projects within the ecosystem, including developer assistance and liquidity incentive programs. Specifically, the TON community stood out in the following areas:
● Launch of TON Connect 2.0: Offers an intuitive way to connect wallets and applications, improving user experience.
● TON Verifier: A smart contract checker developed by the Orbs team, enhancing contract reliability.
● Blueprint Development Tools: Assist developers in writing, testing, and deploying smart contracts.
● Sandbox Developer Toolkit: Suitable for diverse use cases ranging from enterprises to government applications.
● Support for New Languages such as Tact, Func, and others: Foster a more powerful programming environment.
● Developer Support: The TON Foundation partnered with DoraHacks to launch a three-month online hackathon.
● International Expansion of TON Hubs: Launched global centers in multiple cities.
● DeFi Liquidity Incentive Program: Provides funding to projects to promote sustainability in the TON DeFi space.
These initiatives have not only driven ecosystem growth but also created a richer and safer environment for developers and users alike.
Security Incidents in the TON Ecosystem
Despite significant progress in technology and applications, security remains a critical concern for the TON ecosystem.
Recently, the official TON team formally acknowledged the contributions of TonBit, a subsidiary of BitsLab, for discovering a critical vulnerability in the TON Virtual Machine (TVM). If exploited maliciously, this vulnerability could lead to resource exhaustion and system crashes, thereby affecting the stability of the entire TON network. Leveraging deep technical expertise, the TonBit team quickly identified the issue and proposed an effective solution, establishing a more secure operating environment for the TON Virtual Machine and further strengthening the overall stability of the TON ecosystem.

The root cause of the vulnerability lies in the risky design of nested operations during contract continuation handling within the TON Virtual Machine. Malicious contracts could create deeply nested continuation structures, triggering recursive evaluation processes that exhaust the host stack space of the virtual machine. Such a resource exhaustion attack could cause the TON Virtual Machine to crash—meaning attackers could potentially bring down all Validators without spending a single TON—directly impacting system availability.
Through in-depth analysis and collaboration with Ton Core, the TonBit team proposed an innovative solution that adjusts the internal jump mechanism of the virtual machine, replacing recursive calls with iterative ones, effectively preventing such attacks. This fix has already been implemented in the latest version of TON, delivering a safer and more stable user experience.
Following this major security incident, the TON team recognized the importance of continuously reinforcing security measures. To ensure long-term stability and safety of the ecosystem, the team not only promptly patched the vulnerability but also actively summarized lessons learned and formulated more comprehensive security strategies. Based on these experiences, we will now explore how the TON ecosystem can further enhance security to effectively address potential threats while maintaining rapid development.
In addition, on May 22, 2024, shortly after a staking campaign celebrating the prosperity of the TON ecosystem, a protocol’s staking contract was hacked due to incorrect configuration of protocol parameters, resulting in the theft of a large number of tokens from the contract. Upon detection, the project immediately suspended the staking reward withdrawal function and allocated substantial $USDT to repurchase the lost 307,264 tokens.
After the attack, the project team quickly engaged TonBit for an audit. TonBit demonstrated professionalism by rapidly mobilizing a team of security experts to conduct a comprehensive and meticulous security review of the project’s core code. TonBit’s security specialists identified six low-risk issues and communicated detailed findings to the project team. With extensive experience and advanced technical capabilities, TonBit not only provided concrete solutions but also assisted the team in swiftly completing all necessary fixes, ensuring the contract’s security and stability.
Moreover, on May 10, 2024, TonBit, under BitsLab, discovered that although comments could be added when processing transfer messages in TON, certain wallet interfaces had UI designs prone to mislead users. This design flaw was exploited by hackers who manipulated the comment content in transfer messages to display false information during transactions, deceiving users into unintended actions and causing financial losses.
To address this issue, TonBit recommended that wallet applications add prominent warnings when displaying such information, reminding users that the content may not be trustworthy. Additionally, wallet development teams should improve UI design to ensure transparency and reliability in transaction information display. Users must also enhance their ability to discern suspicious transaction details.
TonBit suggested wallet developers implement multi-layered verification mechanisms when displaying transaction comment information—for example, verifying the source of the comment to ensure authenticity. Furthermore, regular user education campaigns and security alerts should be conducted to help users identify and guard against potential fraud. Combining technical improvements with user awareness can significantly reduce the occurrence of such security incidents.
Incidents like BookPad using backdoored contracts to collect funds and then fleeing are also worth highlighting for preventive measures. On April 15, 2024, BookPad released a closed-source smart contract containing a backdoor and initiated a presale. After collecting sufficient funds, they used the backdoor to withdraw the money and quickly disappeared.
To prevent similar incidents, users should gather as much information as possible about project teams before participating in any investment activities and prioritize open-source projects that have undergone rigorous security audits.
In summary, although the TON ecosystem has made remarkable progress in technology and applications, security concerns remain paramount. The TonBit team, under BitsLab, has effectively enhanced system security and stability by promptly identifying and assisting in fixing critical vulnerabilities, demonstrating professional auditing and resolution capabilities across multiple security incidents. Going forward, the TON ecosystem will continue to strengthen its security defenses, refine security policies, and ensure it can effectively respond to potential challenges while growing rapidly, safeguarding both users and the network in the long term.
Next, we will delve deeper into how the TON ecosystem can further improve security during its ongoing expansion and development to ensure stable operation and maintain user trust. To this end, the TonBit team conducted a detailed analysis of current security challenges facing the TON ecosystem and proposed adopting advanced protective technologies, recommending strict security audits to build a more secure and reliable environment. Through these measures, the stability of the TON network and user confidence will be significantly strengthened, driving the sustainable and healthy development of the TON ecosystem.
Security Outlook for the TON Ecosystem
The TON ecosystem is rapidly expanding in decentralized applications (dApps) and infrastructure; however, due to its unique architecture and functionalities, it faces distinct security challenges. Below are security recommendations and best practices for developers in the TON ecosystem:
Node Distribution and Protection: TON uses sharding and Distributed Hash Table (DHT) technologies to improve network scalability. However, if node distribution is uneven or insufficiently protected, malicious nodes may dominate the network, leading to routing table poisoning or network partitioning attacks. Developers should strengthen node validation mechanisms and enhance network defense through increased node monitoring and blacklisting systems.
Smart Contract Security: Smart contract programming on TON differs from other public chains and tends to involve more complex logic. Developers should strictly follow secure coding best practices, pay close attention to resource management and boundary checks, and avoid common contract vulnerabilities. Conducting code audits, periodic reviews, and using contract testing tools can improve code reliability.
Data Integrity and Tamper Resistance: While TON’s distributed storage increases convenience in data sharing and access, it also introduces risks of tampering. Developers can introduce multi-layered data encryption and authentication mechanisms and incorporate data consistency checks among nodes to ensure integrity during data transmission.
By implementing these measures, the TON ecosystem can maintain high levels of security and stability while continuing to scale, offering more reliable services to users and developers.
Conclusion
In 2024, the TON ecosystem made significant strides in technical architecture, application expansion, and security protection. Its flexible and shardable PoS architecture, high-performance transaction processing, and rich set of developer tools laid a solid foundation for ecosystem growth. At the same time, in response to security challenges, the close collaboration between the official TON team and security experts led to timely patching of critical vulnerabilities, further enhancing system stability and security. Looking ahead, continuous focus on and improvement of security defenses will be crucial for the TON ecosystem’s long-term sustainable development. The ongoing advancement of TON not only offers new insights into blockchain technology but also creates a safer and more efficient digital world for users and developers.
Click here to read our full report: https://bitslab.xyz/reports-page
About TonBit
TonBit, a core sub-brand of BitsLab, is a security expert and early builder within the TON ecosystem. As a primary security provider for the TON blockchain, TonBit specializes in comprehensive security audits, including those for Tact and FunC languages, ensuring integrity and security for TON-based projects. To date, TonBit has successfully audited several well-known projects such as Catizen, Algebra, and UTonic, uncovering multiple critical vulnerabilities and showcasing its excellence in blockchain security. Additionally, TonBit successfully hosted the TON CTF competition, attracting widespread participation and attention, further solidifying its position as a leading security authority in the TON ecosystem. Moving forward, TonBit will continue to safeguard blockchain security and drive technological and ecological progress.
About BitsLab
BitsLab is an organization dedicated to Web3 ecosystem security, striving to become a trusted security institution for both the industry and users. It operates three sub-brands: MoveBit, ScaleBit, and TonBit. Focused on infrastructure development and security audits across multiple ecosystems—including Sui, Aptos, TON, BNB Chain, Starknet, and Solana—it excels in auditing various programming languages such as Circom, Halo2, Move, and Cairo.
As a leader in blockchain security, BitsLab has delivered security audit services to numerous projects including Movement, Aptos, Tether, UniSat, and Nervos CKB, completing over 400 security solutions, auditing more than 400,000 lines of code, protecting $8 billion in assets, and serving over 2 million users. The team brings together top-tier vulnerability researchers who have previously uncovered critical flaws in major projects. BitsLab is committed to advancing Web3 security and fostering the healthy growth of emerging ecosystems.
Visit the BitsLab official website: https://bitslab.xyz/
BitsLab Official Twitter: https://x.com/0xbitslab
Join the official Telegram community: https://t.me/BitsLabHQ
Official websites of BitsLab sub-brands:
TonBit: https://www.tonbit.xyz/
MoveBit: https://www.movebit.xyz/
ScaleBit: https://www.scalebit.xyz/
Contact via Telegram for audit inquiries: @starchou
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News














