, 7 tweets, 5 min read
1/ If you haven’t done so already, make sure your @telegram has a password. It’s not a default requirement.

If you don’t, you’re vulnerable to an account compromise, a growing trend that’s in its early days but likely to become an epidemic in crypto (similar to SIM swapping).
@telegram 2/ I learned this the hard way. I also learned SIM swapping the hard way in 2016, and then watched it sweep like a digital plague through crypto in the following years.
@telegram 3/ @ohmstone helped me immeasurably through this process and also pointed out @telegram’s lack of a “compromised account recovery process” is an embarrassment, as is its lack of default requiring a password.
@telegram @ohmstone 4/ I appreciate the help @telegram gave me, but sit in a privileged position in crypto, and fear others will not be able to pull the same strings when they need it.
@telegram @ohmstone 5/ I implore @durov and his @telegram team to get on top of 1) protecting users from these attacks 2) helping users recover compromised accounts.

*Especially* if there are to be #cryptoassets with irrevocable transactions tied to these accounts (e.g., $TON)
@telegram @ohmstone @durov 6/ Things got weird on my end as the hacker called me numerous times, and confessed he performed the attack through session hijacking: owasp.org/index.php/Sess…

But my understanding is there are a variety of ways to compromise TG accounts if there’s no password.
@telegram @ohmstone @durov 7/ Sure, some of you will call me an idiot user, and that’s fair. But a platform should protect its users against their idiocy. Right now, @telegram is not doing a great job of protecting its users.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Chris Burniske

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!