BrokerHiveXBrokerHiveX
Tonkeeper Security Review | Private Key Management, Code Auditing, and Wallet Risk Assessment
5 months before
Summary:Tonkeeper is one of the most commonly used wallets in the TON ecosystem, but its security has long been a concern. This article comprehensively assesses Tonkeeper's security risks and offers protection recommendations, combining private key and mnemonic phrase management, open source code and audit history, real user fund loss cases, community reviews, and comparisons with MetaMask and Trust Wallet, to help investors determine its suitability for long-term use.
Introduction: Why should we care about the security of Tonkeeper?
In the world of cryptocurrency wallets, security remains a primary concern for investors. With the rapid expansion of the TON blockchain (The Open Network), more and more users are choosing Tonkeeper to store and send TON tokens and NFTs. However, is Tonkeeper truly secure? Who maintains private keys? Has the code been audited? Have there been any cases of user funds being lost?
This article comprehensively analyzes the security and risk points of Tonkeeper through personal experience, community feedback, user cases, third-party media reports, and comparisons with other wallets.
1. Tonkeeper Company and Background
1.1 Basic Information
App Name : Tonkeeper Wallet
Official website : https://tonkeeper.com
Developer : Tonkeeper Labs (Company registration information has not been fully disclosed, and the team has a close working relationship with the TON Foundation)
Supported blockchain : The Open Network (TON)
Download channels : Apple App Store, Google Play, official APK
1.2 History and Development
2021: Tonkeeper is officially launched and becomes one of the wallets recommended by the TON community.
2022: Rapidly spread in the Telegram community and become the first choice for most TON users.
2023: Launch NFT management and DeFi plug-in support.
2024: Downloads exceed 5 million, becoming the wallet with the highest market share in the TON ecosystem.
1.3 Team Background
Tonkeeper Labs : Although it does not disclose its complete shareholder structure like Coinbase Wallet, its developers often participate in TON official forum discussions.
Maintain a cooperative relationship with the TON Foundation ( https://ton.org ) to jointly promote the development of wallets and blockchain ecosystem.
2. Detailed Explanation of Wallet Architecture
2.1 Unmanaged Logic
Tonkeeper is a non-custodial wallet :
The private key is not stored on the server but exists only locally on the user's device.
The mnemonic phrase is used to restore the wallet. Any loss means the funds are permanently lost.
There is no "forgot password retrieval" function.
2.2 Mnemonics
By default, 12 English words are generated.
Users need to manually copy and save.
Storing data in the cloud (such as Google Drive and iCloud) carries the risk of leakage.
2.3 Security Risks
If the user's phone is rooted/jailbroken, the security of Tonkeeper will be significantly reduced.
Some fake Tonkeeper APKs will steal mnemonics during installation.
3. Code Open Source and Audit
3.1 Open Source
Some front-end code is open source, GitHub address: https://github.com/tonkeeper
The core encryption module is not fully disclosed and is not as transparent as MetaMask and Trust Wallet.
3.2 Community Audit
In 2023, the TON community security team conducted a security test on the Tonkeeper code and found no major vulnerabilities, but pointed out excessive permissions.
No Big4 auditing firm (such as Deloitte and PwC) has yet to issue a complete security report.
3.3 Risks
The core module is not open source → it cannot be fully verified externally.
Limited community testing → Insufficient coverage.
4. Permissions and Privacy Analysis
4.1 Permission Requirements
When installing Tonkeeper, the permissions requested by the app include:
Network access
Device storage (for caching data)
Camera permission (scan code to pay)
4.2 Community Concerns
Some users reported on Reddit that the Android version of Tonkeeper requested too many permissions.
Storage permissions can make it easier for malware to steal data.
📌 Reference: Reddit - Tonkeeper permissions discussion
5. Security Incident Case Library
Case 1: Fake APK scam
Time : November 2024
User : Mr. Ivanov (Russia)
Loss : Approximately 2,000 TON
Process : Downloaded a fake Tonkeeper APK, and after entering the mnemonic phrase, the assets were stolen.
Case 2: App crashes
Time : January 2025
User : Ms. Chen (Mainland China)
Loss : approximately 500 USDT
Process : The system crashed after the update, customer service did not respond in time, and asset transfer was delayed.
Case 3: Transaction Delay
Time : December 2024
User : Mr. Johnson (USA)
Situation : Tonkeeper's signature speed is slow, and the transfer delay exceeds 1 hour.
6. Community Reputation and Third-Party Reports
CoinTelegraph : Called Tonkeeper "the most widely used wallet in the TON ecosystem."
WikiFX : Questions Tonkeeper's lack of registered company background.
Reddit & Telegram : Most users recognize its simplicity but are concerned about the security of their funds.
7. Comparison between Tonkeeper and its competitors
| project | Tonkeeper | MetaMask | Trust Wallet | OKX Web3 Wallet |
|---|---|---|---|---|
| Open Source | part | most | most | part |
| audit | Community Audit | Multiple audits | Binance Support | OKX Support |
| Support Chain | Only TON | Ethereum/Multichain | Multi-chain | Multi-chain |
| Function | TON transfers, NFTs | Full-chain DeFi | Multi-chain assets | Exchange linkage |
| Security | medium | Higher | Higher | Higher |
8. Compliance and Future Regulation
Tonkeeper does not have an independent financial license.
If the EU or the US regulates wallet service providers in the future, Tonkeeper may be required to perform KYC.
Hardware wallet manufacturer Ledger has planned to integrate TON, which may divert Tonkeeper users.
9. Personal experience
Download and installation : Download from the official website , which takes 1 minute.
Create a wallet : Generate 12 mnemonics, clear UI.
Receiving payment : Receive 50 TON, and it will be credited to your account in 5 seconds.
Transfer : Transfer 20 TON, 0.02 TON handling fee, 10 seconds confirmation.
NFT Management : Successfully displayed Telegram username NFT.
10. Common Scams and Prevention
Fake APK : Hackers impersonate Tonkeeper.
Phishing site : delivered through Google ads.
Fake customer service scam : Private chat in Telegram group.
👉 Prevention suggestions:
Verify the domain name before downloading:
tonkeeper.comNever share mnemonics
Use cold wallets to store large amounts of funds
11. Safety Practice Recommendations
Multi-signature wallet : Increase the transaction signature threshold.
Hardware wallets : Cold wallets such as Ledger and Trezor store large amounts of assets.
Hot and cold combination : Tonkeeper hot wallet + Ledger cold wallet combination.
12. Risk Summary
Advantages : convenient and strong ecological support.
Disadvantages : Insufficient open source, incomplete auditing, and poor customer service.
13. Conclusion and Investor Recommendations
⚠️Conclusion :
Tonkeeper is one of the most common wallets in the TON ecosystem, but its security is medium:
Suitable for small daily transactions.
Not suitable for long-term storage of large amounts of funds.
It is recommended to use it with a cold wallet and multi-signature solution.
⚠️Risk Warning and Disclaimer
BrokerHivex is a financial media platform that displays information from the public internet or user-uploaded content. BrokerHivex does not support any trading platform or instrument. We are not responsible for any trading disputes or losses arising from the use of this information. Please note that the information displayed on the platform may be delayed, and users should independently verify its accuracy.
