CertiK, a blockchain security platform, discovered a Telegram vulnerability on April 9 that allows hackers to execute a remote code execution (RCE) attack by sending specially crafted media files, such as images or videos. The RCE attack poses a high-risk threat as it allows attackers to run arbitrary code on a remote device, potentially causing significant damage. The security firm identified that the vulnerability was exclusive to Telegram’s desktop version and not present in its mobile applications, as the desktop version was not designed to run executable programs.
Following CertiK’s discovery, the official Telegram X account disputed the claim, arguing that there was no vulnerability in the system and suggesting that the issue may have been fabricated. Some users supported this argument, stating that the issue had been known for some time. This is not the first time CertiK has reported security threats concerning Telegram. In the past, CertiK warned users about Telegram bot tokens that could potentially lead to exit scams. Additionally, a security research report in 2021 revealed a similar remote media-related attack on the messaging app, which allowed hackers to access shared media files in various chat types.
The recent vulnerability discovered by CertiK comes at a crucial time for Telegram, as the platform has expressed intentions to debut on Wall Street with a possible IPO. With over 900 million users, a preliminary valuation of $90 billion, and increasing revenues, Telegram is seen as a lucrative investment opportunity. However, before pursuing a public listing, Telegram must address concerns about its reputation as a platform used by organized criminals on the dark web. Cybersecurity experts have criticized the app for enabling illicit transactions and spreading extremist content, potentially deterring investors.
Despite facing challenges related to its reputation, Telegram has initiated strategies to monetize its user base by incorporating cryptocurrency for in-app ad purchases. This move highlights Telegram’s efforts to diversify its revenue streams and attract potential investors for its IPO. While the platform’s expansion and growth are evident, its alleged ties to the Kremlin, a claim repeatedly denied by CEO Pavel Durov, remain a point of contention for investors. The intersection of cybersecurity threats, potential IPO plans, and efforts to shift towards cryptocurrency integration sets the stage for Telegram’s future trajectory in the tech and financial markets.