TON narrowly avoids blockchain crash: ‘Security remains highest priority’

2025/07/21 22:03

TON blockchain security firm TonBit announced that it averted a major vulnerability on the TON Virtual Machine.

TON blockchain (TON) averted a total crash after discovering a major bug. On Monday, July 21, TonBit announced that it identified a critical vulnerability in the TON Virtual Machine. According to TonBit, the bug could have led to denial-of-service attacks across the network, bringing its infrastructure down.

The bug in the INMSGPARAM instruction for the TVM included a null-pointer dereference that could have been used to inject false message parameters. Attackers could exploit this behavior to crash the virtual machine at runtime.

In the case of such an exploit, the network would halt its execution of smart contracts and disrupt dApps operating on TON. This would significantly affect the large miniapp ecosystem on Telegram, many of which rely on TON for their infrastructure.

TonBit discovered the vulnerability ahead of the rollout of Global Version 11. This enabled maintainers to quietly integrate the fix before the mainnet deployment of the update.

TonBit fixes third critical bug on blockchain

For its efforts, TonBit earned a bug bounty from the TON Core development team. This was the third time that the security firm obtained a similar reward, with formal recognition from the TON team. In both cases, the team delivered patches before bad actors were aware of the vulnerabilities.

Owned by BitsLab, TonBit is a security firm focusing on the TON ecosystem. The firm is a primary security assurance provider for the network, and specializes in comprehensive audits for TON-based projects.

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.