TON Wallet Safety: Which Wallets Are Safest?

Which Toncoin wallets are safest?

Last week we looked at some unfortunate cases of people having all their TONcoin stolen. After a quick update and recap of that story we’ll move on to explain which TON wallets are more safe, and which are less so.

Now we can now reveal the fake address that is or was being used by a thief to steal ALL the balances of a great many users, without mercy nor remorse. Unlike Robbin Hood who stole from the rich to give to the poor, this crook took it all.

This is also a lesson to the TON Foundation as to why the Web Wallet is not safe and that there must be many additional safety measures taken to make it so. Those who ended up by mistake on ton-wallet.org instead of ton.wallet.org were robbed blind and this is not the only possible way to rob web wallets.

Custodial or Non-Custodial?

For most people starting out on TON the safest wallet for them would be a custodial one such as TON Rocket on Telegram. A complete beginner wanting only the most basic of functionality would be best using the Telegram Wallet.

The reason for this is simple: people are far less likely to lose access to their Telegram account than to lose access to their 24 passwords, later forgetting where they backed them up: which piece of paper, was it a text file, photo?

Hot Wallet or Cold Wallet?

A hot wallet means that it is connected to the Internet. A cold wallet is not accessed on the Internet except at set up and when required to move coins.

Unless you are stacking a large amount of wealth which you only want to access on a rainy day in the future, most people will not want to use a cold wallet. As of now there is no very easy way to do so with TON but you can do some research.

A simple way would be to use one of the more secure methods listed below, e.g. MacOS TON Wallet to create the wallet, write down the passwords and etch them into something more permanent, and bury that in a safe place after copying down the deposit address so that more funds can be added to it at any time.

You can always check your cold wallet balance by using a TON Explorer.

For most people and even those who want to HODL TON for the longer term, a less hot wallet should suffice provided sufficient precautions are made. Here we will address which wallets are less and more hot, and which are less safe.

Avoid Very Hot Wallets

OK so we kind of made up this term about more and less hot. Any wallet that is connected to the internet is called a hot wallet. But some are hotter than others.

By this we mean that some are more risky than others not because the wallet creators are necessarily crooks but because they simply do not care for the ordinary user and edge-case scenarios that can easily arise among users.

We already addresses the dangers of using a “web wallet” through your web browser at the outset of this article. Now let us address the other non-custodial wallets and which ones should be avoided: unfortunately, the majority of them.

Are you on Windows or Android?

Then really we don’t recommend using any TON Wallet for ultimate security. Not unless you are an expert user who knows how to make your Windows or Android really secure although this has improved over the years.

If you must then don’t store all your savings in such wallets — see below which of them to absolutely avoid — and only so much as you need.

Mobile Wallets

The least safe of the mobile wallets (we have reviewed only those that are available in iOS but these 3 are also available on Google Android) is Tonhub.

Tonhub

Absolutely avoid Tonhub. There are many reasons NOT to use Tonhub:

Although open source, it has many serious use cases where people have lost all their TON because of poor safety features in the wallet interface

1. The lead developer Steve Korshakov has openly stated he does not care about customer service as the wallet is “free and open source”

2. Korshakov’s “TON Whales” set up a big bounty to be paid to anyone finding vulnerabilities, it goes to his personal mail, and he never replies

3. The “customer service email” is not replied to either.

4. It is a “version 4” blockchain wallet which is not yet fully tried and tested for vulnerabilities and wallet versions are released without adequate testing.

Tonkeeper

Avoid Tonkeeper. It looks more sexy for those who like dark night interfaces and snazzy features such as a graph showing the past 30 days of TON vs USD etc but again it is a version 4 wallet and does not adequately cater for safety of users either. It also creates many scenarios where users may get heart attacks thinking all their TON has been lost or stolen when in actual fact it is a very very poorly thought through implementation of a version 4 wallet that causes this to happen.

In most cases the coins are not lost, but the average user will think so, and may even never see them again, not knowing how to retrieve them.

Yes, we see many blockchain geeks and wallet devs sneering at us dismissively and in disbelief. The coming months will reveal just how big the problem is.

That said most people would be fine with it so long as they don’t lose their 24 passwords of course. But why subject newcomers to TON to a terrible experience and things that don’t work as they should? It is far from a finished product.

Moreover it is not open source, you cannot inspect the code for backdoors etc.

Toncoin Wallet

Although produced by the same young geeks who produce Tonkeeper, this wallet is at least the only current “version 3” mobile wallet, and thus much safer also in terms of user experience.

Some may find it bland and boring, but it is actually more functional, especially for business users or those taking payments in a stall or shop for example, with the invoice feature.

As the developers have not messed with it and perhaps forgotten about it for now, given all their headaches with trying to keep up with Tonkeeper, it is the safe haven among current mobile wallets.

However, it also means that issues that arise, such as the forever “updating” which renders the wallet unusable, on Androids at least, are unlikely to be fixed in a timely fashion. Indeed the Telegram support channel is also not responded to.

This can usually be fixed by clearing the cache by swiping it off the screen of currently active apps, otherwise clearing the cache within Apps settings.

Again it is not perfect for beginners but it passes more of our tests than the other two, when it works. We haven’t detected any major UI/UX issues, again provided that people don’t misplace their back up passwords in case of logging out etc.

TonSafe TON Wallet Review

What is v3 or v4?

This is a more technical question but in layman’s terms, when you a create wallet in the blockchain system, you take wallet smart contract code: v3, v3r2 etc - are versions of wallet smart contracts — and sign it with your private key and get an address. One address cannot be both versions, it is either v1, v2, v3, v4 etc.

This creates unnecessary complications for users, currently, which can be resolved in future, but which means that if you “upgrade” from v3 to v4 your wallet address changes. You now have two addresses, and your coins could be on either one or both of those addresses.

This creates a lot of confusion for even the more technically minded users, made worse by the understanding that a Tonkeeper upgrade from v3 to v4, for example, means the wallet app itself is being upgraded. No, and this causes confusion.

It is for this reason as well as the need to better improve potential security issues and a longer testing time that we don’t recommend using “v4” wallets, at present. Yes it means you cannot see your NFTs or join subscriptions.

Aside from this as mentioned earlier above all the “version 4 wallets” have additional really bad issues relating to usability and safety.

Conclusion

For absolute beginners who have a reliable phone number attached to their Telegram and won’t get locked out of their Telegram account, the earlier mentioned custodial wallets, Rocket or Wallet, will be safest.

For those wanting maximum safety and security together with convenience the Linux and MacOS TON Wallets will be best provided a written back up of the 24 passwords is preserved in a safe and not-to-be-forgotten location.

For those wanting convenience of a non-custodial mobile wallet, again with the above proviso, the Toncoin Wallet available in the Store is your safest bet.

We will be continuing this series on TON Wallet Safety with future updates, so to be sure not to miss them sign up to our free Email list below: