TON’s first native Restaking platform UTONIC Protocol joins forces with TonBit, an early supporter of TON and security expert, to form Security Alliance for strengthening and securing TON and Telegram’s ecosystems.

The Vulnerabilities of TON & Telegram ecosystems

On Nov 16, a popular Telegram Trading Bot for memecoins named DEXX.ai encountered a severe attack on its data server, causing leaks of users’ custodial wallets and several million of fund losses.

Based on this incident, UTONIC Protocol found the most adopted method for storing private keys by the Telegram Trading Bot applications is centralized and vulnerable to single-point failure.

In partnership with TonBit, UTONIC Protocol proposes a safer solution for private key storage that combines MPC and AVS for the Telegram Trading Bot applications.

MPC & AVS combined to decentralize private key storage

UTONIC introduces a hybrid MPC + AVS (Actively Validated Services) approach, combining the best of decentralization and security for Trading Bots.

In such design, users’ private keys with Distributed Key Generation will be divided into three shards, held by:

  • User's Device
  • The Trading Platform
  • UTONIC’s AVS Network

Each transaction requires a 2-of-3 multi-signature, making it impossible for any single party to access user funds.

UTONIC Protocol also implements AVS as the Trusted Layer in partnerships with credible validators to offer trust and security. The AVS mechanism operates by establishing a shared security model, where restaked assets are reserved to provide insurance. This approach not only aligns the economic incentives of the validators with protocols’ stability and reliability, but also significantly enhances the overall security framework, fostering a robust ecosystem.

The approach ensures that private keys are non-exportable and decentralized. In addition, Telegram Trading Bots can deposit funds into UTONIC’s Restaking pools to provide insurance for compensating users, if any loss is related to AVS.

A comprehensive security strategy

UTONIC Protocol offers a comprehensive security solution centered around the concepts of periodic asset snapshots, which ensure secure asset verification at regular intervals. Here’s how it works:

  1. Periodic Asset Snapshots: AVS takes regular snapshots of assets, ensuring that holdings are accurately and transparently reported, enhancing security without requiring assets to be moved.
  2. API Access for Scanning: Through UTONIC AVS API, projects within TON and Telegram’s ecosystems can selectively scan and verify modules critical to their operations, preventing attacks and enhancing protection against potential vulnerabilities.

Gaming and finance are two typical examples that can benefit from AVS Service.

  1. Gaming: Through Random Number Generator and Decentralized Storage for In-Game Points, AVS service can minimize risks related to centralized control.
  2. Finance: AVS provides decentralized MPC wallet custody, oracle pricing, decentralized order storage, and ZK-based storage and verification for user relationships (rebates), ensuring secure, transparent, and privacy-preserving operations within TON and Telegram’s ecosystems.

The security alliance with TonBit to Safeguard TON and Telegram Apps

TonBit considers that, although the TON Blockchain is designed to be open and decentralized, it has inherent security limitations, including the centralized elements within Telegram's infrastructure and TON's core design. Additionally, TON Blockchain’s native randomness mechanism presents security vulnerabilities and high operational costs, which can affect reliability and overall security.

Both UTONIC Protocol and TonBit are working to establish a robust security alliance for TON and Telegram. Applications such as sidechains, data availability layers, keeper networks, oracle networks, bridges, etc., face significant security risks, and addressing safety issues is essential for their stability and credibility.

The Security Alliance hereby provides a complete solution, leveraging the bests of UTONIC and TonBit:

  1. Security Audit: Projects conduct a preliminary security audit to identify vulnerabilities and assess the current security status.
  2. AVS Protection: After the initial audit, UTONIC implements AVS to provide continuous validation and regular asset snapshot reporting, ensuring ongoing security.

Members of the security alliance

UTONIC Protocol

UTONIC is the first revenue-sharing restaking layer for one billion users on TON and Telegram, which allows users to restake their Native TON tokens and LST TON tokens by depositing the assets, and receive uTON as the liquid restaking tokens.

TonBit

TonBit is a sub-brand of BitsLab, an early builder and security expert in TON and Telegram’s ecosystem which provides smart contract audits for TACT and FunC. TonBit is also a proud builder of TonScanner, a universal browser for the TON Blockchain.

Particle Network

Particle Network debuted in the Web3 scene by accelerating dApps’ user onboarding through social login-powered MPC smart wallets. Being an industry leader in chain abstraction, Particle Network has also endorsed UTONIC’s security approach.

“We are glad to witness the adoption of MPC custodial and non-custodial solutions by all ecosystem participants, including trading bots. Centralized custody carries massive risks, such as private key loss and fund theft, and as such, it is imperative for our ecosystem to leverage the best technologies available to produce secure solutions as soon as possible.”

– Pengyu Wang, Particle’s CEO

PinkPunk

PinkPunk is an all-in-one smart trading bot running on Telegram. The PinkPunk team is dedicated to implementing MPC, restaking, and more advanced security solutions, continuously strengthening the safety of users' funds.