Telegram bots are a popular way to trade cryptocurrencies on decentralized exchanges, even for beginners. However, there may be danger in the use of these bots in crypto trading.
According to experts, Telegram bots have hidden security vulnerabilities that make them risky to use. Of particular interest is how the bots handle user assets. Telegram bots do all the work for users – they create wallets where users are expected to deposit funds, they also generate private keys for those wallets.
While this seems very easy and enticing, security experts believe that Telegram bots are among the least secure to use for crypto trading. One of such experts and former Microsoft security lead, Christian Seifert has this to say.
“I think the rise of Telegram bots is a terrible development — closed source and you are handing over your private keys. This is even worse than back in the day when you sent some funds to an unknown exchange website,” Seifert stated..
“The bots might even be riskier than interacting with an unknown smart contract where you can specify and limit the approval. With bots, you essentially hand over everything and hope they don’t take your funds.” he added.
Telegram bots lack security audits
Although Telegram bots make trading easier, they are not properly audited to ensure they are safe enough to keep users’ funds secure. This places their assets at risk, especially with errors in the codes used to build those bots, and can lead to major security breaches and losses.
“These bots lack a proper security audit, provide no insights into the storage methods for private keys, and there’s an utter void of security documentation on their websites,” said Dave Schwed, COO of the security firm Halborn.
For those not familiar with it, security audits are done by third-party specialists to evaluate a system’s risk of security breach. This ensures that systems maintain the best security standards to ensure security of both data and assets of users.
Another major problem pointed out was a lack of end-to-end encryption on Telegram itself. Other messaging apps such as Whatsapp have this feature, ensuring that only the two parties communicating can know the content of their messages. A lack of such encryption opens the door to several security vulnerabilities
“While Telegram chats are encrypted, they lack end-to-end encryption. This means Telegram has the ability to decode messages, except when users choose ‘secret chats.’ Unfortunately, these secret chats don’t support bot interactions,” Schewd said.
“Given that bots function within Telegram’s non-end-to-end encrypted domain, any instructions reflecting a user’s financial actions might be at risk,” he added.
Prioritizing security
Experts have given several reasons why the use of Telegram bots to trade presents a major risk. The first is that they generate wallets and private keys which should be private and only known to the wallet user.
Also because Telegram lacks the end-to-end encryption that characterizes messaging apps, it could also be a potential death trap that can let fraudsters drain users’ wallets. With this in mind, while crypto traders can use the bots for easy trading, utmost caution should be applied while using these bots.
Other precautions like not investing more than you can afford to lose are even more important in this situation as anything can go wrong.
