Telegram denies CertiK’s claim of auto-download security risk

CertiK has alerted the crypto community to a high-risk vulnerability in images and videos sent within Telegram’s private messaging app. Users were advised to turn off automatic download settings to mitigate potential attacks.

However, CertiK did not provide an explanation for how it reached this conclusion. The platform also noted that there were no reported cases of remote code execution (RCE) leading to crypto wallet hacks.

As a result, it cannot be confirmed that such a vulnerability exists and it has been suggested that the video may be a hoax. Web3 security veteran Kirill Tiufanov expressed skepticism towards the vulnerability, stating that the assumption seemed abstract as no technical details were provided.

He pointed out that advising against the download of unknown files is a general precaution that can be applied to mitigate potential risks. While the claim about the vulnerability is still in dispute, CertiK advised users to turn off automatic media downloads on the desktop application as a precautionary measure to enhance safety.

While several social media platforms allow users to download files with zero clicks, Telegram stands out as one of the few messaging providers that enable crypto features. It’s worth noting that while Telegram itself does not support cryptocurrencies, it can serve as a gateway for users and merchants to send and receive payments in digital assets.