Blockchain security startup CertiK said Telegram’s desktop application poses risks to use due to its media auto-download feature, but the social network disputed the claim.
CertiK has warned the cryptocurrency community about high-risk vulnerabilities in images and videos sent on Telegram’s private messaging app.
Users were advised to turn off automatic download settings to mitigate the attack, but the security provider did not explain how it reached this conclusion.
Telegram responds to CertiK’s claims
Shortly after CertiK announced X, Telegram debunked claims that turning on automatic media downloads could compromise its more than 800 million users worldwide. The platform added that participants have not reported any instances of remote code execution (RCE) leading to cryptocurrency wallet hacks.
We cannot confirm whether such a vulnerability exists. This video is most likely a scam. Anyone can report potential vulnerabilities in our apps.
Telegram Team
Evaluated by experts.
Following this news, crypto.news contacted Polyzoa founder Kirill Tiufanov about the possibility of the RCE attack vector highlighted by CertiK. Tiufanov, a web3 security veteran, surmised that this vulnerability was highly unlikely.
This is a very abstract assumption since it does not provide any technical details. Technically everyone can tell you not to download unknown files as they can be risky.
Kirill Tiufanov, founder of Polyzoa
While the claims are still disputed, CertiK advised users to turn off automatic media downloads to ensure maximum safety of desktop applications.
Several social media platforms allow users to download files without clicking, but Telegram is one of the few messaging providers that enables encryption features. The app’s design allows blockchain builders to integrate tools like BonkBot and wallets while maintaining security.
Although Telegram does not support cryptocurrencies, it can be used as a gateway for users and merchants to send and receive payments in digital assets.
Solutions like Grindery, backed by Binance Labs, have leveraged account abstraction smart contracts to unlock one-click trading in social media apps. Telegram has also launched a revenue-sharing system for users, backed by parent company The Open Network’s Toncoin, which rewards users for placing ads on their channels.