Tonkeeper DApp Browser - Blind Signing PoC
H10: showFailedEmulate() bypasses scroll protection, hides totals, enables direct confirmation
Phase 1: Bridge Detection
Checking for JS Bridge...
Phase 2: TON Connect
Connect Wallet
Connected Address:
Public Key:
Phase 3: Balance Query (via tonapi.fetch)
Query Balance
Phase 4: Transaction Vectors
Target Address (attacker's receiving address):
Amount (TON):
Attack Strategy:
Baseline: Normal Transfer (emulation succeeds)
Vector F: Overdraft (999999 TON, trigger emulation failure)
Vector B: Multi-message Hidden Transfer (scroll attack)
Vector G: StateInit Deploy Conflict (real code)
Vector H: Transfer to uninit address (bounce fail)
Vector A: Disguised Comment (social engineering)
Vector C: Fake Jetton Transfer
Vector D: Complex Payload
Vector E: StateInit Conflict (empty)
Send Transaction
Send Normal Transfer (baseline)
Event Log