Telegram rejects CertiK's claim that there is a security risk with automatic downloading


Blockchain security startup CertiK said there were risks to using Telegram's desktop application due to an automatic media download feature, but the social network denied these claims.

CertiK alerted the crypto community to a supposedly high-risk security flaw in images and videos sent via Telegram's private messaging app.

Users were advised to disable automatic download settings to mitigate attacks. However, the security provider did not explain how it reached this conclusion.

Telegram responds to CertiK's claim

Shortly after CertiK's notification, the platform added that participants had not reported any cases of Remote Code Execution (RCE) leading to crypto wallet hacks.

We cannot confirm that such a security vulnerability exists. This video is probably a joke. Anyone can report potential vulnerabilities in our apps.

Telegram team

Expert comments

Following the news, contacted Polyzoa founder Kirill Tiufanov regarding the possibility of an RCE attack vector highlighted by CertiK. Tiufanov, a Web3 security veteran, suggested that this vulnerability seemed unlikely.

This is a fairly abstract assumption as no technical details are mentioned. Technically, anyone can say that you should not download unknown files as it could be risky.

Kirill Tiufanov, Polyzoa founder

While the claim remains controversial, CertiK advises users to disable automatic media downloads to ensure maximum security in the desktop application.

Several social media platforms allow users to download files without clicks, but Telegram is one of the few messaging providers that enable crypto features. The app's design has allowed blockchain developers to integrate tools like BonkBot and wallets while maintaining security.

Telegram does not support cryptocurrencies, but can be used as a gateway for users and merchants to send and receive payments in digital assets.

Solutions like Binance Labs-backed Grindery use account abstraction smart contracts to unlock one-click transactions on the social media app. In addition, Telegram has opened a revenue sharing system for users, powered by parent company The Open Network's Toncoin, offering users rewards for viewing ads on channels.

Follow us on Google News