Pavel Durov’s criminal syndicate: bot farms, data leaks, and financial manipulation as Telegram’s business model

23:03, 02 ноября 2025 г.

Просмотры: 1060 Комментарии: 0

TON: How a Once-Promising Venture Became an Online Parody.

This is according to an investigation by the publication rucriminal.info.

Previously, TON promised to become a technological revolution. It had everything that no other blockchain project possessed:

its own world-class messenger — Telegram;
iconic figures — Pavel and Nikolai Durov, embodying freedom and progress;
a team of brilliant engineers, winners of Olympiads and mathematical competitions;
and the most devoted community, ready to believe in and support any idea.

It seemed that failure was simply impossible here. Yet, TON managed to prove the opposite. From a project capable of changing the rules of the game, it turned into a textbook example of how power, ambition, and secrecy can destroy even a brilliant idea.

Instead of transparency — backroom deals. Instead of decentralization — control and dependency. Instead of innovation — scam projects, bot farms, and superficial activity masked by catchy slogans. TON became a reflection of everything the cypherpunks once stood against: replacing freedom with an illusion and technology with marketing.

This investigation is based on materials from the Ghost In The Block channel and open sources. It reveals how, under the slogans of «decentralization» and «security,» a new digital hierarchy emerged, where decisions are made by a few, and everyone pays the price.

The Creation of Telegram

The project was created by Pavel Durov, the founder of the Russian social network «VKontakte» («VK»). A few years before Pavel and Nikolai Durov left «VK» in 2014, they began developing a messenger. The development of Telegram was cited as one of the reasons for the shareholder conflict at «VK.» In an interview with The New York Times, Pavel Durov recounted that the initial idea for the app came to him in 2011 when special forces showed up at his door. This likely happened in December 2011, when the FSB demanded that Durov block five communities (four of which included the phrase «against „United Russia“» in their names) and two groups for organizing user meetups.

Читайте на эту же тему:Преступный синдикат Павла Дурова: ботофермы, сливы данных и финансовые махинации как бизнес-модель Telegram

When they left, Durov wrote to his brother Nikolai. At that moment, he realized he had no secure way to communicate with his brother. The service was built on the MTProto encryption technology developed by Nikolai Durov. Telegram was initially an experiment by Pavel’s company, Digital Fortress, to test MTProto under heavy loads.

On August 14, 2013, the first Telegram client for iOS devices was released.

On August 22, 2013, one of the participants in Durov’s Android Challenge wrote and released the first open-source application for Android compatible with Telegram (using the same MTProto protocol).

The start of work on Telegram — January 2012.

Launch of Telegram — August 2013.

Maintaining a project like Telegram is expensive, and for many years, Pavel Durov funded it out of his own pocket. This couldn’t go on indefinitely.

In April 2016, it became known that in May 2015, Google had considered purchasing the messenger for over $1 billion USD.

December 2017 — public information emerged that Pavel Durov was moving to Dubai, and Telegram’s office was located on the 23rd floor of a skyscraper in Dubai Media City.

In 2018, notifications were filed with the U.S. Securities and Exchange Commission regarding the fundraising of TON Issuer Inc. and Telegram Group Inc. in two ICO rounds of $850 million each.

Gram — a cryptocurrency based on the Telegram Open Network (TON) blockchain platform being developed by Telegram. According to the developers’ vision, Gram was intended to become a crypto-analog of Visa and Mastercard.

Читайте на эту же тему:Павел Дуров под угрозой: юридические проблемы могут поставить крест на его проектах

On May 12, 2020, Telegram issued a statement declaring that the TON blockchain platform, as well as the Gram cryptocurrency, would not be released. In his Telegram blog, Pavel Durov blamed the closure of the project on a U.S. court.

On February 6, 2021, Pavel Durov met with Dubai’s Crown Prince Hamdan bin Mohammed Al Maktoum, where he discussed the success story of Telegram’s development.

In February 2021, Durov received citizenship of the United Arab Emirates.

On June 11, 2021, Pavel Durov and his team deleted nearly all virtual SIM and E-SIM accounts, along with associated accounts, users, IDs, and bot farms — tens of millions of accounts.

In early August 2021, the Telegram team transferred the original repository on GitHub, as well as the domain ton.org, to the open developer community TON Foundation.

In August 2021, Durov received French citizenship.

tidttiqzqiqkdvls dzqeyrzzzyqzyzyzhqxyezzzyzzezyerkzinv qhiukiqrihurmf

March 6, 2022 — «hack» of Crosser Bot

In May 2022, a hint at paid features was discovered in the messenger’s description, as the phrase «Telegram is free forever. No ads. No subscription fees» was replaced with «Telegram provides free unlimited cloud storage for chats and media.»

On November 10, 2023, Telegram launched the cryptocurrency bot Wallet.

On June 6, 2024, Telegram STARS was launched.

On July 3, 2024, Major was launched.

On August 24, 2024, Pavel Durov was detained upon arrival from Azerbaijan at Le Bourget Airport in France.

On December 28, 2024, the Open League bot was hacked.

Dubai-ing

Having moved to Dubai, Pavel, undoubtedly a talented developer and businessman, set a new standard for success. While the rich, beautiful, and successful had long decided on vacation spots, the question of a working location remained open. London, Zurich, Bangkok, New York, Moscow, Beijing — everyone anchored based on connections and needs. In 2018, Durov relocated the core team to Dubai, with a few remaining remote for various reasons. As we remember, 2018 was a period of intense work on the TON blockchain and the GRAM cryptocurrency, which ambitiously aimed to rival Visa and Mastercard and could have, if not soared to the stars, at least not sunk, given the unique resource of a popular messenger and a loyal audience. Back then, blockchain projects were still seen as having useful applications, though crypto topics remained niche. Do it well or don’t do it at all — at that time, there were few opportunists in large-scale projects. The TON blockchain was developed by Pavel’s brother Nikolai and a few other developers who transitioned to the Telegram team from VK.

2020. Such a potentially powerful and uncontrollable player on the financial board did not suit the U.S. government, and GRAM was not allowed to launch, being classified as a security rather than a cryptocurrency. Thus, Pavel Durov lost investment money and the opportunity to monetize Telegram as he had intended.

Nevertheless, the project was not shut down, and according to official statements, in early August 2021, more than a year after the closure of the TON project, the Telegram team transferred the original repository on GitHub, as well as the domain ton.org, to the open developer community TON Foundation, where information about the unrealized blockchain project of Pavel and Nikolai Durov had previously been hosted. Overall, generosity to friends has always been characteristic of Pavel, but from this period, it began to reach a new level.

The second half of 2021 — the popularization of a new standard of success. Developers of various levels, their girlfriends, friends, acquaintances, the rich, and the successful began arriving in Dubai not for shopping, but for «work.» And there was indeed a lot of work — their own blockchain on which any projects could be launched. Meme tokens, NFTs.

Despite the listing of the TON cryptocurrency on exchanges, Pavel was in no hurry to integrate it directly into Telegram, limiting its presence to the @wallet bot. The creators of this bot, by the way, are friends of Pavel and also received generous gifts. @wallet was added to the app’s side menu and essentially became a semi-official Telegram wallet. And the fact of owning the @wallet username speaks for itself.

Big and easy money was still far off, so one of the applications for the TON blockchain became... tickets to Dubai crypto parties. At such events, «those close to the sacred cow» shared insights, talked about their grand plans, boasted success stories, and generally made money from those who wanted to get closer to it. Tickets to such events were minted as NFTs on the TON blockchain, and to obtain an NFT, one had to link their personal WEB3.0 wallet. These NFTs were even gifted to friends of friends (NFTs have no real-life value, but why not).

For those not trading crypto and unfamiliar with the market, it’s worth understanding that various meme coins soon emerged — essentially empty assets with their own Telegram groups, a large number of subscribers, significant advertising mentions, and which, upon listing on exchanges, skyrocketed in price by 4-5-10x before instantly crashing. The classic «shaving of hamsters» repeated itself over and over; such projects appeared, became popular momentarily, soared, and then fell.

But don’t confuse scam coins with meme coins. Although both formats lack seriousness, meme coins can live for months, even years. They can be used in various charity projects, growing or falling in price based on popularity. Scam coins are literally scams; only the creators can profit by selling at the peak, leaving naive «investors» with nothing.

For those who have been on Telegram for a long time — and by long time, I mean at least since 2017 — the changes in Telegram over the past year and a half are quite obvious. And these changes are far from positive. From a convenient messenger that simply crushed WhatsApp with its functionality, from discussions about a unified workspace within the app environment, Telegram has increasingly veered toward kitsch — empty but pretty, unnecessary but popular. The useful aspect of Premium is the absence of ads. Major updates focus on reactions, stories, stickers, mini-apps... and STARS. Of course, STARS, the long-awaited monetization of Telegram. But we’ll talk about that later.

For now, the next chapter.

Beginning

The Open League (TOL) — a competition for projects and users within the TON ecosystem. Projects attract new users to TON, and users are rewarded for their activity. It is designed to increase user engagement in the ecosystem, help projects expand their user base, and develop more attractive and functional products ready for Telegram’s broad audience.

December 28, 2024

The main Open League bot was hacked. On TON, of course. All data was leaked.

Despite the seriousness of the event, it went unnoticed. Whether due to the New Year or an unwillingness to stir the hornet’s nest, the fact remains. Flaws in the development and implementation of so-called "Web 3.0 projects," especially those originating from TON developers in Dubai, pose a serious threat. Many of these projects use internal transactions that are often poorly implemented. For instance, there is a risk that users’ Telegram IDs could be embedded directly into transaction comments. This creates additional opportunities for mass de-anonymization, which could lead to serious consequences for users. Though, why call it a risk? That’s exactly what happened.

Literally everyone was leaked. All organizers of crypto parties, all participants. The entire top echelon of TON, all NFT ticket holders.

For credibility, I’ll attach a de-anonymization:

UQAr-QR7y8oFw8arzftfkuiVYEwrtazLsGumQAPR7op8Vqeg

1. id: 191832936

2. @mironpuzanov
3. Miron Puzanov

4. Ecosystem Manager - TON Foundation

If something like this happened at the team level in the Bitcoin or Ethereum networks, the outcry would be immense. People involved in crypto are well aware of the site Bitcoin Obituaries which ironically collects and counts all news «predicting Bitcoin’s death» after various events (it has died 477 times, if anyone’s curious). Perhaps such an incident in the Bitcoin team could indeed bury it. But apparently, we’re no longer talking about blockchains and cypherpunk when it comes to TON.

Cypherpunk — a movement formed in the early 1990s that advocates for the use of cryptographic technologies to protect privacy and human rights.

Summary

Linking Identifiers and Wallets

One of the basic principles of cypherpunk is the absence of linking identity to assets. But here, we see a direct connection: usernames (clearly from Telegram), IDs, and wallets. This puts an end to user anonymity and makes them potential targets. What’s stopping someone from digging up the rest of the data or linking it to real identities? Nothing.

Centralized Control Over Data

The cardinal sin of decentralization — storing sensitive data in centralized databases. This is what happens when someone decides it’s «more convenient» this way. One leak — and all «security» collapses, along with reputation. Cypherpunk is nervously smoking on the sidelines here.

Unjustified Data Collection

Why store such information at all? Especially in a format where a username is tied to an identifier and a wallet. If we’re talking about decentralized systems, such data collection fundamentally contradicts the very idea.

No Protection Against Failures

Where’s the hashing? Where’s the data masking? Even if this database is for internal use, at the very least, the data could have been masked to prevent direct correlation.

Consequences

De-anonymization of Users

If a person linked their crypto wallet to an account tied to real data (e.g., a Telegram username), all their financial activity becomes public information. From there, it’s a matter of technique: a bit of OSINT, and you can even find a person’s address.

OSINT (Open Source Intelligence) — the process of collecting and analyzing information from open sources to extract intelligence data.

Target for Attacks

Users whose data ended up in this database become potential victims. Phishing, social engineering, account hacking — the scenarios are numerous.

And since such a leak has occurred, and the data is now publicly accessible, it becomes the direct duty of OSINT researchers to analyze and systematize this data.

@Roxman

I didn’t notice the well-known Roxman for a long time. But I followed, read, and analyzed. Roxman — the founder of Major and several other "projects."

July 2019

Roxman created a Telegram account. Later, he «bought» Ruslan Odzoev’s account with ID 25.

March 2022

Munich it is, then.

It seems that the account @Soon previously belonged to his spouse.

A reader, a reaper, and a piper. And even @major_supp. Truly a one-man orchestra.

Let’s check his interests. I think he’s a dissident.

Abdurakhman doesn’t like Kadyrov. What does he read from his personal account?

Found 1ADAT.

1ADAT — a Chechen opposition movement led by Ibrahim Yangulbaev. It gained fame through a Telegram channel whose authors criticize the head of the Chechen Republic, Ramzan Kadyrov.

Overall, it’s after 2022 that Roxman finds himself on the run in Ukraine.

And he doesn’t even lose ties with Ukraine in 2024. Need to figure out how to cash out hryvnias.

June 2023

In June 2023, on the @Roxman channel, you had to pass a small test.

But first, you needed to subscribe to a channel. Some kind of RAM.

Ram is Ramzan. Brothers from the diaspora don’t abandon their own. Blood is what binds them.

Ramzan has been in high tech and Telegram for quite a while. Writes his own bots.

Ramzan and Abdurakhman are connected. Their paths crossed in July 2023.

Perhaps even earlier, but traces are already evident in July.

July 2023

August 2023

Ramzan was in high-tech, and generally in Telegram, long before Abdurakhman.

Ram and Pavel Durov definitely know each other. I think that’s how Abdurakhman got involved through his dear brother.

Ramzan was everywhere.

Telegram records bugs based on Ramzan’s tips.

Managed to catch all the trends, so to speak.

Ramzan and Abdurakhman play games. August 2023.

September 2023

A similar question arises not only for me. Why, Pavel?

This is September 2023, long before the launch and integration of MAJOR.

Perhaps Pavel Durov is in a dependent position. Like under Chechen protection. Or some kind of gay blackmail.

It’s hard to imagine that our St. Petersburg intellectual, raised in the best traditions by Valery Durov, would be friends with such types.

Or characters. Schemers looking for a victim and a source of income to improve their financial situation. And to buy themselves a Rolls like Asxab Tamaev.

And do you know what the biggest joke is?

The fact that now these hack job creators from MAJOR are the official verifiers of all of Telegram. And Pavel Durov personally gave them such authority. It’s not hard to guess what will happen to your data.

Why does this appear here? In the top-3 insider channels of Telegram?

November 2023

An insider organizes a joint giveaway with Roxman.

January 2024

Here Abdurakhman mentions a business meeting with Pavel, at which he will also be present. January 19, 2024.

April 2024

Of course, Ramzan is everywhere. In TON. And even on OKEX. Sending transactions of 1000 TON.

Didn’t have to search long. Almost no shitcoins or money.

And this, in principle, is confirmed by leaks from Abdurakhman from the MAJOR app. Here are the top-50 wallets for you. And only the top-30 and above (out of a million) hold a balance in TONs above 5,000 USD. Just a bumchain.

Let’s pay attention to the technical wallet. Which is linked in the app to 3 Telegram IDs at once. The second on the list with a balance of 15,676 TONs. This is Abdurakhman.

On it lie major tokens worth 90k USD and 90k USD in TONs as of today.

May 2024

What does “Durov played it and gifted us a nickname for 250k USD” mean? How does that work?

Expensive usernames in Telegram these days. Although, okay, for their own, everything. For others - by the law.

Ramzan participates in all of Pavel’s movements.

June 2024

Abdurakhman is gifted a nice anonymous number for 20k$. Who could it be...?

August 2024

On August 20, 2024, Abdurakhman posts stories from Azerbaijan. At the same time, Pavel is there, and likely Yulia. Then, they synchronously fly to Europe.

September 2024

Strange actions by Pavel for the sake of DEAR BROTHER.

November 2024

In all this mess, of course, Andrey Grachev and DWF Labs are obviously involved. Who handles listings, advises on tokenomics, and on principles to follow to scam the maximum number of CIS audiences.

What money has Abdurakhman been traveling with for 15 years? If he’s really 27, minus 15 means he’s been traveling since he was 12.

Judging by everything, Ramzan was an early insider in all of Pavel Durov’s topics. Everywhere, of course, ahead of everyone. Naturally, he earned quite a bit. And it must be understood that this is Ramzan’s open profile, where he posts his thoughts, cars, landscapes. And there should be other personas and sub-personas.

What can be learned from the leak?

We have a database of all Telegram IDs of MAJOR users on the TON blockchain.

Attention, question:

How do we find a user and match everything? Correct, by using the API of MAJOR itself.

And voila, we have the wallet address of the Head of APAC

@k0xinga

EQCt9nvwnGKQhiFFT2ShQ4RgH95i-oneQAUvXyy-pqLc9x0E

UQCt9nvwnGKQhiFFT2ShQ4RgH95i-oneQAUvXyy-pqLc90DB

On the balance 5 thousand USDT

And if you’re asking who constantly pours into the order book, you should have absolutely no doubts. Dubai penthouses, luxury, Hermes saddles don’t buy themselves.

2.7 million records have already been leaked from numerous tap games.

All of them, with absolutely complete, 100% detailed and de-anonymized data, are lying in a number of Telegram chats and channels.

1. The wallet number is linked to an ID or @username.

2. Then this same wallet number will lead us, through databases leaked by Ukrainian hackers from delivery services, directly to the individuals.

3. Meeting places, passwords, addresses, full names, passports, SNILS, TIN. Relatives, phones, cars, real estate, flights.

Thus, not only the top scammers in TON have been de-anonymized, but I would say, generally all active users of this Dubai blockchain. Connect a wallet, write a secret word, and get an NFT for participation. That’s where it all started. They also hold events like Ton Dubai. Same principle: fill out a form, pay, get a ticket. Lyrically digressing, I inform you that out of the leaked 2.7 million wallets and usernames, there will, of course, be duplicates, since some claimed multiple times. So please don’t think there are that many people in the TON blockchain.

I assume there are far fewer. Blockchain analytics in tap games looks roughly like this.

This is Abdurakhman’s wallet. And all his actions.

UQBZ1Lzyfx81Vph2EL2jsQk9pzqo3SC5wit6OyS23ZrUO_xH

Let’s attach a second secret wallet of Abdurakhman. Based on connections obtained from his own app. Oh, where are these major tokens flying to? Doesn’t the CEO believe in his own token?

Abdurakhman’s dump of his own token was at the bottom, apparently to create yet another bottom.

@major_supp

As we already know, this is one of Abdurakhman’s accounts - from which he confirmed transactions. I emphasize, in his own app, there was a self-leak. Few understand the trick with anonymous numbers, which are so anonymous thanks to Abdurakhman that as soon as you rent them out in Major, you immediately link your Telegram ID / @username and TON wallet, and this data is publicly visible - for everyone.

And here’s a friend of Abdurakhman selling his coins before they even got listed.

Wallet:

UQApIZ9MgeLvwHkwKEKnBQXbMvfXoZ00PqbYyU6bT8B0IHv9

Received coins:

https://tonviewer.com/transaction/74acd682ba4e8ed4be808920adadc551cb96a17f1aa45c19590eb7fa1bef5ab0

Sold coins:

https://tonviewer.com/transaction/8650e9c20726769c8fdfa98a7c53c3e4855a9ede29826f59d61cd2c14c67b990

Roxman’s friend @unixtux pumps into the order book when the coin hasn’t even been listed yet.

And at this moment, we need to figure out who @unixtux is, who is also an admin in memhash. Yes, yes, the very same memhash that “in two days and without advertising”.

@UNIXTUX

Judging by the interests, @unixtux is quite a skilled developer.

Interests are quite diverse, and I think they say a lot about a person. There was also information that he uses the nickname /dev/null.

Let’s remember the nickname - Chakrovyryvatel. Quite rare.

It is precisely the Chakrovyryvatel / @unixtux / @id2xx, who is also the best friend of Roxman and now of Pavel Durov, that is the developer of MAJOR and MEMHASH.

And it is precisely @unixtux who adds our second secret friend to the Ukrainian cybergroup C.A.S. Do you know why he adds our friend there? Because he works there.

What is C.A.S.?
- Article 1
- Article 2

Chakrovyryvatel buys the username @kvant for whom? For our second very important secret friend.

A beautiful coincidence in nicknames. Don’t you think?

1. @id2xx is Chakrovyryvatel. @unixtux. Roxman’s right-hand man. A Ukrainian hacker involved in all major hacks and data leaks in Russia in recent years. A member of the C.A.S. group. Admin of MEMHASH. Developer of MAJOR.

2. @id9xx is his friend. Kvant. Whom Chakra invited to C.A.S. And with whom they worked together for some time. Naturally - targeting Russia and Belarus.

Please explain why Roxman, Ramzan, and combat cyborgs from Ukraine are parsing 11 thousand open Telegram groups, hoping to find more Russian-speaking users?

«Hack» of the Crosser bot

These are events from three years ago that occurred right after the start of the SVO, with the well-known crosser_bot.

Of course, the bot wasn’t hacked. One of its admins, apparently overwhelmed by the news, started posting in hundreds and thousands of channels where he was an administrator. He posted various pro-Ukrainian, anti-war, and anti-Russian calls.

I believe that Chakrovyryvatel was likely already involved with this bot back then, and I’ll explain why now.

Back then, every channel bought advertising almost manually and often received bots. The practice was such that it was nearly impossible to gain traction on Telegram in 2017+ without budgets of around 300,000 USD. Half of the budget would be spent on bots, depending on agreements, guarantors, situations, topics, and authors. I think many of these bot farms likely belonged to Chakra.

What does @crosser_bot have to do with this?

I think it belonged to him as well. As a talented developer and early Telegrammer.

What was the point?

Every channel was «spun up». Sometimes with quick bot floods of 10-200-500 thousand. Sometimes slowly, with 50-100-1000 per day. Removing them was impossible. Telegram didn’t even let you see the list of subscribers.

The salvation was Crosser. All it took was a small fee to get a magic shield. And the bot would «deflect» the floods, or they would stop altogether. «We don’t touch those who pay». I think that was the tactic. Meanwhile, all other admins—of hundreds, thousands, tens of thousands of Telegram channels—suffered daily and fought against spam attacks. At the same time, Telegram support believed that the channel owners themselves were inflating their bot numbers and could easily delete or ban the inflated channel. Where do you go? Correct. To Crosser.

This is a very professional, well-thought-out, logically sound, and high-quality bot. There are only a couple of people in the world capable of something like this today. Of course, with a focus on Russia. As soon as an author or admin stopped paying—renewing their subscription—they would immediately be attacked by tens and hundreds of thousands of bots. Sometimes high-quality ones—with avatars, usernames, full names, bios. Sometimes obviously Iranian, Indian, or poor Asian traffic. Pay up.

Most likely, this practice was stopped right here, on June 11, 2021, by someone from the Telegram team, when Telegram deleted tens of millions of accounts with virtual numbers. I don’t know with what intentions.

But the fact remains that Pavel Durov today—with the assistance of @Roxman and @unixtux—has done something similar, only for many millions of dollars. And managing this entire operation is none other than @unixtux himself.

My opinion is that he is extraordinarily talented. And likely not for the first year. It’s obvious that he is from Ukraine. And, to put it mildly, has an anti-Russian stance.

I think he was the admin of @crosser_bot, who formulated it, came up with it, described it, wrote it, and released it into production. And later, realized it was time to start extorting Telegram admins with bot farms. After which, either he or his bot operator lost their nerve and sent out corresponding messages to all chats and channels where @crosser_bot was an admin.

And if I’m right—then the combat cyborg has done the same thing today. Only now with the assistance of @Roxman. Who, apparently through Ramzan, reached out to Pavel Durov and proposed creating the largest bot farm named after Pavel. Selling advertising, traffic, STARS, reactions, views. And even simulating Telegram’s performance by inflating its metrics—likely for successful IPOs, raising funds through bonds, and, of course, selling TON to sectarians who need to see activity in hundreds and thousands of inflated Ton channels. In various tap games, apps, and even news channels. So everyone can see that Pavel is very big, very strong, powerful, popular. You definitely need to give him money.

Meeting of @roxman and unixtux

Most likely, this happened in Ukraine. Where Rox was in transit to Munich.

Judging by everything, this is some kind of joint blog. Lots of discussions.

July 28. Aktau, Kazakhstan.

Roxman asks a question from his second account.

I think @roxman and @unixtux run this blog together. The first one posts about neural networks and technology. The second—ayat and news from Palestine.

Judging by everything, our genius is non grata. Possibly due to recent places of work.

Or political positions. He is the foundation of MAJOR. Or rather, the logical brain behind the project(s). The driving creative force seems to be @Roxman, a Chechen passionate figure.

No need to comment further here.

STARS

June 6, Pavel launches Stars.

A month later, Abdurakhman launches #MAJOR

I think the scheme looks like this.

Across the world, STARS are bought en masse with cards at a 30% commission. In Appstore and Google Play. Everywhere where Visa and Mastercard are valid. After that, the task is quite simple—to bypass this 30% and effectively earn it. Pavel has repeatedly written that he compensates for this 30%—if it was spent on advertising in Telegram. At the same time, Apple and Google (read: NATO) lose nothing. Pavel pays out of his own pocket—offering a kind of discount.

Thus, we have an unlimited supply of non-cash funds worldwide, which are used to buy STARS. After that, presumably, advertising is bought with them. It’s a kind of market. An exchange.

1. You need to find those who need to cash out cards.

2. You need to find those who need to get advertising on Telegram.

The delta is very large—30%. At the same time, it’s obvious that another 5-10-15% can be written off from those who want to convert to crypto or cash. And for those who want to get advertising, presumably, a discount can be given from the official price of advertising from providers. Durov, of course, is (not) involved in such matters—all of this is done by some third-party companies who understand how to make money.

1. Attracting money for Pavel worldwide to his accounts and acting de facto as his exclusive managers with huge discounts.
2. Establishing a supply channel and providing services for gray conversion of non-cash with minimal losses into crypto, through advertising, numbers, TON, or somehow else, where it’s permissible.

The grayer or blacker this non-cash is—carding, for example, gray payment systems, drugs—the more the consumers of the service will be willing to pay for cashing out. In fact, I think the price can reach up to 20%. So, we have 30% from Pavel. And 20% from carders. Can you earn 50%?

Main elements of the scheme

Mass purchase of STARS through non-cash

STARS are bought with cards through App Store and Google Play with a 30% commission. This is done in countries where the banking system works stably and cards are valid.

Compensation of 30% from Telegram

Telegram claims to compensate the 30% commission if STARS were used for advertising in the Telegram Ads system. Thus, part of the costs is covered by Telegram itself.

Cashing out or converting STARS

STARS can be exchanged for advertising, cryptocurrency, or other digital assets. For example, advertising on Telegram, bought with STARS, can be used to promote third-party services, creating a new cash flow.

Conversion to crypto or cash

Through Telegram Ads (advertising services), numbers (virtual or SIM), or directly through TON, STARS are converted into cryptocurrency (for example, through OTC deals).

OTC deals (from English over-the-counter — «over-the-counter») — these are transactions with financial instruments (stocks, bonds, depositary receipts) concluded directly by the parties, not through an exchange

Potential involvement of Roxman, his team of bandits, and the MAJOR project?

Major actively sells advertising and traffic for STARS. This creates a convenient "bridge" for those who want to legitimize STARS bought with non-cash.
Major effectively acts as an intermediary in the scheme, providing a platform for using STARS and their further monetization.

Bandits:

The role of such structures — organizing mass purchases of STARS with non-cash and cashing them out through advertising, cryptocurrency, and other channels.

Thus, our dear brother Abdurakhman — Pavel’s left hand, almost crowned CEO of Telegram, for a very large amount of money from various advertisers and ad buyers, latched onto the bot farm named after Pavel. And something that costs literally nothing — was sold for millions of dollars.

The owner of FadeWallet confirms the relevance of the incident.

Meet — @major.

2 advertising options:

a folder alongside dozens of other projects (subscription with 1 click and complete ignore by the average user)
a separate task (I quote) «with a guarantee of 3-5 million users for the app» (a huge range, by the way)

It was enough to simply find guys willing to pay with crypto for advertising. After that:

- in a simple way, find carders and card material of this or that color or suit

- buy STARS with them

- deliver STARS to Pavel for advertising

- appropriate the 30% delta

- additionally take 10-20% for cashing out (here, for example, is a completely unknown project StarsGram in which there are already 22k MAU).

- receive crypto from bloggers across Telegram. The advertising market is quite wide.

EUROCARDS -> STARS -> CRYPTO

In theory, with a small sum turned over once, say a million, the margin is no less than 30%. 300 grand. For a single turnover of 1 million. Do the math from there.

Moreover, STARS have some kind of internal hashes. Apparently, in some closed format.

In the TON blockchain, they don’t match at all.

Just imagine that there’s no explorer for all this mess. It’s floating somewhere, somehow. From whom to where? Somewhere on Telegram’s servers.

STARS — is not a cryptocurrency, but a closed ecosystem fully controlled by Telegram. Forget about blockchain, transparency, and control over your assets. Here, everything is decided by Pavel and his team. You have no private key, no anonymity — just pretty interfaces and dependence on internal bureaucracy. Telegram itself decides who can use STARS and who can’t. This gives them full control over participants and limits competition. Monetization depends on Pavel’s goodwill — if he doesn’t like you, you’ll simply be kicked out of the system.

I think Pavel has deployed some clever closed blockchain to process STARS. Judging by TON, it’s likely a fork of Ethereum. Telegram knows everything: from sender to recipient and all amounts. All of this is tied to IP, geography, metadata, emails, logins, passwords, devices. All operations depend on Telegram’s system. They can cancel, freeze, or change the rules. Your STARS belong to the system, not to you.

About how STARS are made in Telegram:

1. The user entered a Transaction ID to initiate a refund request from the @Roxman app.

2. BotFather asks:

Did the user request a refund directly through the seller bot using the /paysupport command?

This is the standard first step for payment issues.

3. The user confirmed: they already tried to do this, but the seller refused to refund the STARS.

4. After the transaction, they were immediately blocked in the app (likely related to the bot).

5. When trying to log into the app related to the service, an error is returned:

I think you’ve already figured out which combat cyborg wrote the error codes for refunds to Russians from @Roxman’s apps. It turns out that @Roxman takes European non-cash. Then buys Stars with it. Takes 10-20% from those who need to cash out. These aren’t necessarily old-school carders who have 5-10 minutes to withdraw money from a card before it’s blocked. They can and are willing to wait 21 or more days for cancellation. Call banks, go through authentications. After that, takes another 30% from Pavel. Then, takes money from guys like "Give Ton," who want advertising or promotion. In cash or crypto. And connects all of this into a single scheme.

With a profit of presumably 50% or more—per cycle. With the assistance of all the top figures of Telegram—including Pavel and his team.

Telegram with STARS did what other crypto projects lacked — gave the masses a wide application for the «token».

Pathetic attempts to monetize through NFTs failed for Ethereum and BNB years ago, but Dubai schemers didn’t let this topic slip. The old don’t remember, the young don’t know — nothing to lose.

In summary:

Retail and small wholesale go to Telegram for STARS and in the right places can exchange them for cryptocurrency or payout to the desired card minus 10-15%.

Large wholesale brings talented managers a suitcase of cash and waits for a deposit of clean non-cash into the account. The Telegram team gladly provides this non-cash, offering services for various channels in the form of advertising through TG Ads, inflating «subscribers», monetizing various apps. Sells anonymous numbers, rents them out, mints NFTs, trades them on marketplaces, gives gifts. Look at how many cool uses for STARS.

Created a currency. Created goods. Created a market. Everything is closed, everything is for insiders. This isn’t even a «money» button. Not a money printer. It’s cooler. And the scale is so vast that either you break this colossus, and Telegram along with it. Or you squeeze these businessmen by a sensitive spot and take a good share. Whose intelligence services will be faster? Or were?

P.S.

You created a bot doing illegal things. Creating abusive bots can lead to your removal. You are prohibited from creating bots for a month. And here’s an offer you can’t refuse: in a month, be a good boy and create only useful bots (or don’t create any), - or you’ll be permanently blocked on Telegram.

Bot Farm in Action

Look how beautifully Mark @pyrouser flooded my Telegram. With device loads reaching 100% CPU usage.

And you know what?

2000 messages from each bot. And there were over 100 bots. Not a single one of them got banned for spam. They’re all still active. No rate limits. They’re working and continue to spam across Telegram. And as he himself called this process — it was just a teaser. Which once again proves that the entire bot farm named after Pavel exists under direct patronage, by order, with permission, and with the support of all Telegram’s top brass.

A brief note on the quality of channels that bought bot traffic in the Major app.

All these channels were sold for scams after the flood, or were created for this purpose from the start.

And by the way, this is a national business of the Ukrainians.

I decided to check out the mutual groups with Mark @pyrouser.

Pay attention:

C.A.S. Ukrainians. GladOS. Tginfo. Crosserbot. Antipov and Eye of God.

Thousands of messages per minute - and not a single rate limit. Think about it, for those who understand what I’m talking about. And this bot farm of very active accounts - of which Mark apparently has a lot.

How did he get them?

- through session hijacking from honest users — those who didn’t have 2FA enabled

- luring accounts through various giveaways, gifts, invites, possibly sent documents

In short, quite classic fraud.

And you know, I’m afraid to imagine - how many real users were in projects like Hamster or Notcoin. Because the scale of bot farms is simply staggering. It’s literally tens of millions of accounts. Probably 50. Maybe even 100 million. 200-300? I wouldn’t be surprised anymore. It seems Pavel Durov was preparing Telegram for sale and really wanted to inflate the stats — to boost numbers he simply didn’t have and still doesn’t.

A surprise about Pavel’s favorite app — MAJOR. Dirt, Ukrainians, SBU, farms, bot operators, millions of leaked lines. Incompetence, flaws. Deception. Everyone who dumped Major on OKEX under different wallets - but with the same MEMO is now collected in this file.

okx9_summary_major_light.json

Take a look at MEMO 8655112 in the database.

We find withdrawals from 1000 accounts to a single wallet, which is simply impossible since Major airdrops were given exclusively for donations and referrals who donated. It turns out they not only operated bot farms but also inflated balances on these bots. Meanwhile, they scammed users who didn’t donate.

This is a typical bot farm @unixtux — thousands of wallets that were ultimately withdrawn to the same OKEX account.

Want me to tell you another funny joke?

No, Telegram no longer provides IP addresses in GDPR export and does not display them in the session list.

«Telegram no longer provides IP addresses in GDPR data exports and does not show them in the session list.»

This is nothing but an attempt to avoid lawsuits for GDPR violations. Pavel, who allowed hundreds of clicker apps to parse and leak data, especially to his friend, the STARS scammer @Roxman from the MAJOR project, not only leaked millions of lines of @username <=> TON wallet connections but also all other metadata. Though this is unlikely to help, and Pavel will soon face a couple dozen or hundred lawsuits with fines of 20 million euros and 4% of turnover from the billions - which he himself announced and declared.

Fintopio

Fintopio — I didn’t even know what kind of scam this was in TON. But I’ve been sent info about it since around May 2024. Not as an ad, no, just to take a look.

Why does a billionaire and owner of @Fintopio buy Durov’s one-day scams? Expensive, without haggling. They are bought by a citizen @deluxe.

He buys openly, without hiding. Similarly, he does the same with two other phenomena of Pavel’s air empire: numbers and usernames on the Fragment platform. He literally outbids almost any offer over the past year and stockpiles as if preparing for a nuclear winter.

He stands at the distribution of Tons from his endless wallet. And this happens every day - for many months.

Can’t do without MAJOR. @Deluxe is a close friend of @Roxman.

Pavel — he’s le Du Rov. @Roxman — became De Anon.

And Roman Novak modestly — De Luxe. @Deluxe.

No one hides, all profiles, full names, photos - everything is honest and clear.

Let’s look at Roman’s ambitious plans.

In reality, Roman De Luxe has more users. And not all of them are of high quality.

They don’t hire employees from Russia due to the «geopolitical situation»...

Roman Novak @Deluxe calls our friend Abdurakhman @borz — Brother.

Even before he launches MAJOR with combat cyborgs. In May 2024.

Of course, he also leaks all the data of his spouse. Along with the surname.

Eroshenko.

I think the money to Anna and Roman Novak is provided by none other than this harmless grandfather.

Simple shorts. Ordinary T-shirt. No Luxe or De Luxe.

The grandfather has taste, unlike the younger generation. I might be wrong - I’m in the process of checking. But Roman turned out to be a close friend of @Roxman. And therefore, through a handshake, connected to Ukrainian combat cyborgs and the entire Telegram team.

Suddenly, the grandfather might want to play with a spare 200-300 million and invest in some of his son-in-law’s startups. Let’s say in @Fintopio. After all, he’s family.

Roman is an investor. He invests in Pavel Durov. In numbers, in usernames, in STARS, in TON. In Telegram.

90% have never heard of this scam and don’t know about it. But in the Fintopio News channel, of course, there are already 7 million subscribers. And in the bot, 1.5 million users in the last month.

I think Roxman poured the entire bot network named after Pavel here, as he is listed as co-owner of Fintopio. And he took 100k USD in cash or crypto from Roman, that is, from Anna, that is, from the grandfather for it. At the same time, @Roxman receives STARS for non-cash and buys ads from Pavel with them. He makes 40-50% on the cycle.

For comparison, the godfather of all bots in Telegram @Botfather has a little over 2M users per month. And these are figures from around the world, including India, Iran, etc. Which is much closer to reality:

By the way, it was Roman who gifted @Roxman that number for 20K$.

The Fintopio wallet appears somewhere in spring 2024. Of course, no one knows about it yet.

Some Roman Novak, born in 1987, for some reason is wanted in Russia

With document number 11901400038001080.

Probably some coincidence. Or a fluke.

Rumor has it, though I’m inclined to believe it’s quite true, that Novak collected over 10M$ in Moscow, St. Petersburg, Sochi for Fintopio. He fled to Dubai, developed and developed, then needed to show metrics — and the influx of "visitors" to the app from the bot farm named after Pavel began. Investors aren’t fools, and they started asking what revenue comes from monetization in swaps (the only source of income).

Swap — an exchange of tokens between two counterparties or a transfer of crypto from one blockchain to another.

All swaps were previously done through Changelly. Novak told his investors that they broke the threshold of a hundred thousand swaps per day with an average check of 1000$, which is, of course, nonsense. Investors rejoice, but the CEO of Changelly turns out to be a friend of the mother, who is the sister of the brother of the grandmother’s investor. And at this moment, Novak @Deluxe gets burned, as the numbers are all fake, and swaps are unexpectedly turned off.

But Novak manages to find a new investor in Dubai for 30M$.

My speculation is that this was the Swiss grandfather of his spouse @Eroshenko. Showing him fake numbers - he managed to sign the old man. Again, thanks to the bot farm named after Pavel - under the control of @unixtux, @Roxman, Mark, and others.

In the gifts of @Deluxe, meanwhile, a certain Abuda was found.

Who, in her stories, leads us to that very Ramzan. A close friend of @Roxman and Pavel Durov personally.

Take a close look at the Instagram of Roman Novak, CEO of the Fintopio app. Who spends his spouse’s money on his amusements. Money she presumably gets from the grandfather.

@Vipclub

What else to call it? Luxe, VIP. Scroll back to the first post.

Behind the wheel, of course, is our dear @Deluxe. Question. Who’s on the right?

After which we accidentally stumble upon Violetta Antipova’s channel. The spouse of Evgeny Antipov. A public channel. And we find the corresponding angle in the video. Left hand. Triceps from behind.

Accidentally find an interview:

And I think this is it.

Everyone Loves Cats

What kind of cat is this? Do you think it’s just an ordinary cat?

The cat belongs (according to rumors) to a former colleague @id2xx. With whom, apparently, they used to work together.

Where can we find this cat? We’ll find it in Lenka’s stories. A wonderful name.

And username. @lenka

But what interests us most is where and for whom @lenka works.

And you know what’s the funniest thing in this absolutely surreal situation? That the current boss of @lenka, Evgeny Antipov @antipov, also hangs out in a private chat with @Roxman. It’s called RR. But what are gentlemen @dmitry and @vihor - Telegram developers - doing there? That raises some questions for me.

A funny chat. Literally everyone is there. Mark, Elena, Quant, and even the pro-Ukrainian Mifuru. Apparently, @lenka moonlights for all Telegram bots at once. For both the FSB and the SBU.

Want another joke?

The cat’s name is Chak. See the paw in the hat there. Chak. From “chakravyrivater” (chakra-ripper). Maybe it’s not just a coincidence of colleagues in the same field - and joint work. Admins of Eye of God and the Ukrainian cybergroup C.A.S. Maybe it’s love.

According to @lenka, it’s simple:

However, it’s not entirely clear how the top of the Ukrainian cybergroup C.A.S. freely gives the top of Eye of God, who collects billions of tons of personal data of Russian citizens, their personal username for a cat?

@CHAKROVIRIVATEL

Let’s carefully look at the gifts received by Chakravyrivater, the brilliant combat cyborg of Ukraine hunted by the FSB and Kaspersky.

The first gift, of course, from dear Brother @Roxman.

The second gift comes from Mifuru.

The third gift to our C.A.S. hacker is, of course, given by Elena from Eye of God. @Elenka. Who, a little earlier, is gifted a personal username by the chakra-ripper to post photos of their cat there.

A little gift flies in from Ram. That is, Ramzan. That is, he and @unixtux are acquainted and communicate.

Couldn’t do without @Vihor. A top-5 Telegram developer gifts a STARS present to @Unixtux.

@dmitry

Why and for what reason does an important Telegram developer @dmitry receive a "Durov cap" as a gift from @Roxman?

@dmitry received gifts from @Roxman with numbers 1, i.e., he minted cool numbers for himself, his entire profile is filled with first-series numbers. I also think that @Dmitry is the real owner of MAJOR, who hid behind @Roxman, who pretended to be a mega-developer. While everything was actually done by @Unixtux.

In development in general, not just in TON, there is a rule — developers test first.

I became curious — who made the flawed product called STARS for Pavel. We will try to find the first STARS transactions in the Ton blockchain.

Pavel announces STARS on June 6. We see demo tests from March 2024. But it’s good that Telegram developers aren’t so dumb as to do everything from their personal wallets.

https://tonviewer.com/EQBnZpO4Yv1FkClrmIiNepD1MbI_t7-fEa3wlLUsLBGkbfYq

Of course, I was joking about "not so dumb."

A certain Artem Kolnogorov tests the flawed STARS for Telegram four months before the announcement.

Sports programming at UrFU. Nizhny Tagil, later moving to St. Petersburg.

Birth dates are quite familiar to us.

The second nickname @Asmico turns out to be @Kolar. But Artem isn’t that careless. Although, wait.

I was joking.

Judging by everything, @Kolar has been in TON since about 2022.

Let’s see where the @Asmico wallet was uploaded from and what it was generally doing there.

Some NFTs. And their second user. On a wallet signed as Telegram Team.

Artem keeps money only on v3r2. At first, I didn’t understand how TONs are spent from this address https://tonviewer.com/UQAuz15H1ZHrZ_psVrAra7HealMIVeFq0wguqlmFno1f3B-m (Telegram Team) if there were no incoming transactions.

Turns out there are incoming transactions.

BUT IT’S HIDDEN IN THE EXPLORER https://tonviewer.com/ (there’s a "skipped" parameter). The explorer, of course, belongs to Rogozov’s team.

Appreciate the joke. One identical transaction. For 1 TON. But is it displayed?

https://tonviewer.com/UQAuz15H1ZHrZ_psVrAra7HealMIVeFq0wguqlmFno1f3B-m

Completely differently.

https://tonscan.org/address/UQAuz15H1ZHrZ_psVrAra7HealMIVeFq0wguqlmFno1f3B-m

Conclusion? Dubai scammers have become so brazen — they’ve started cleaning up the explorer.

Soon they’ll start releasing patches and deleting their shady transactions directly from the blockchain.

Who is financing all these tricks? The wallet is signed as Old TON Foundation.

https://tonscan.org/address/UQCD39VS5jcptHL8vMjEXrzGaRcCVYto7HUn4bpAOg8xqEBI

Judging by everything, the wallet is managed either by Pavel or Rogozov. No one else.

Withdrawals from the wallet go directly to OKEX. Hundreds of thousands of TONs.

UQCD39VS5jcptHL8vMjEXrzGaRcCVYto7HUn4bpAOg8xqEBI

I’m interested in the last two withdrawals.

We see TONs worth ~5 million USD. And the same birds we saw on @Asmico’s personal wallet. Maybe just a coincidence.

Who receives 66.666 TON? Having a custom username from the Dubai scam Get Gems on their balance? Who is @oleganza?

Judging by everything, this is the very same Oleg Andreev. Who receives a salary of 66.666 TON from the Old Ton Foundation wallet.

The second (https://t.me/Ghost_In_The_Block/30916) wallet apparently belongs to Rogozov.

I would just like to clarify from which bot, and for what, the unofficial CEO of MAJOR and part-time Telegram developer @Dmitry receives 84.125 TON? This transaction. ~462,000 USD

And there are dozens of such transactions. Let’s calculate the total TON now.

What’s funniest is that @Dmitry starts testing MAJOR even before the official announcement. And right at the start of MAJOR, he receives 33.582 TON — directly from Telegram through their subsidiary Fragment. Apparently, this is a reward for deep integration of bot farms named after Pavel.

https://tonviewer.com/UQClmjq6eYc7tXilbNJizg_Vg7-Wpi0KpSO_rvP9MAg_gqPC

August 5 +33.585 TON

August 6 +4.745 TON

August 8 +2.044 TON

August 9 +3.536 TON

August 11 +6.426 TON

August 13 +3.129 TON

August 14 +2.256 TON

August 17 +3.145 TON

August 19 +3.342 TON

August 24 +5.880 TON

August 30 +3.604 TON

September 5 +4.620 TON

September 9 +3.354 TON

September 24 +5.896 TON

October 1 +6.099 TON

October 17 +6.763 TON

October 19 +16.930 TON

December 7 +45.329 TON

December 9 +84.125 TON

December 30 +1.246 TON

In total, @Dmitry received — who, judging by everything, is just warming up Pavel along with Rogozov. Using Roxman and Unix. While directly owning the bot — and withdrawing money from Telegram for ad views or activity that essentially doesn’t exist. Because it’s all Unix’s bots.

https://tonviewer.com/UQClmjq6eYc7tXilbNJizg_Vg7-Wpi0KpSO_rvP9MAg_gqPC

In total, Dmitry Moskovsky @Dmitry received 246.054 TON ~1,353,297 USD.

Of course, everything was simply divided among their own and dumped on OKEX with direct transactions to MEMO 8648477.

Few people know, but Tonscan https://tonscan.org can show other versions of the same wallet. And, of course, no one ever goes there or finds anything. Except me.

Let’s see what @Dmitry is doing on the second wallet. UQBUUkHPNWgpC6eNqXrxj5r_grMSOJhMFzhtHZCqUTkOqKT2

@Dmitry receives tens, hundreds of thousands of TON tokens on the second wallet as part of a reward program, not for bots, but for channels, all of which go straight to the OKEX glass.

https://tonscan.org/address/UQBUUkHPNWgpC6eNqXrxj5r_grMSOJhMFzhtHZCqUTkOqKT2

MAJOR tokens, of course, are sent to the glass. To Bybit this time. Let’s remember the MEMO — 18937517. Might come in handy.

At the same time, @Dmitry additionally stockpiles MAJOR tokens in a third stash.

https://tonscan.org/address/UQD9D1eml0lx1KeJPd6tYNx28qkscfdybqX5IdvJ-oyHawpn#tokens

Where 1.3 million MAJOR tokens are currently stored ~540k USD.

I wonder what kind of channel @Dmitry runs while receiving hundreds of thousands of TON.

Conclusion. Pavel is being robbed by Telegram’s own developers — in the person of @Dmitry. Literally for millions of dollars, through cunning schemes of monetizing bots and channels, which they monetize with bot farms, inflating activity, likes, views. And Pavel pays for free bots from Unix and Roxman’s farm. Literally every day, hundreds of thousands of #TON.

We need to calculate how much TON @Dmitry scammed on the second wallet.

September 17 +9.026 TON.

September 19 +7.042 TON.

September 20 +4.490 TON.

September 22 +10.220 TON.

September 27 +7.276 TON.

September 29 +4.665 TON.

October 3 +4.951 TON.

October 5 +4.664 TON.

October 7 +11.117 TON.

October 9 +7.993 TON.

October 11 +6.758 TON.

October 12 +8.902 TON.

October 14 +19.441 TON

October 16 +13.608 TON.

October 21 +23.883 TON.

October 23 +15.781 TON.

October 27 +21.580 TON.

October 29 +28.131 TON.

October 30 +15.241 TON.

October 31 +18.289 TON.

November 1 +44.984 TON.

November 4 +12.049 TON.

November 7 +5.956 TON.

November 9 +14.975 TON.

November 10 +7.895 TON.

November 14 +13.929 TON.

November 15 +5.901 TON.

November 17 +10.398 TON.

November 22 +36.660 TON.

November 24 +50.217 TON.

November 28 +39.041 TON.

December 1 +16.785 TON.

December 2 +18.907 TON.

And every single TON ended up on OKEX with @Dmitry. MEMO 8648477. Let’s sum up the above on Dmitry’s second wallet.

https://tonviewer.com/EQBUUkHPNWgpC6eNqXrxj5r_grMSOJhMFzhtHZCqUTkOqPkz

The total volume of funds on the first wallet of @Dmitry — a reward for the MAJOR bot — is 246.054 TON ~1,353,297 USD

The total volume of funds on the second wallet of @Dmitry — a reward for "some channels" likely related to MAJOR — possibly even for the @Roxman channel — is 520.755 TON ~2,864,152 USD

This does not account for MAJOR tokens — worth hundreds of thousands of USD on Dmitry’s known wallets. It turns out that @Dmitry ripped off Pavel out of nowhere, in just a couple of months, for 4 million USD. Because it’s obvious — all of this is manipulated through a cashless-Stars-crypto-Ton-payment-impressions-advertising-bots scheme and is managed by Unix, who obligingly offered his services to Dmitry.

Of course, every single Ton was dumped on OKEX. Wallet10. With a personal MEMO @Dmitry 8648477. The tenth OKX wallet is the only one — which I didn’t manage to get to. But now the issue becomes a matter of principle.

Let’s start with USDt. On Ton, of course. ~464,300 USDt Ton was withdrawn by Dmitry. MEMO 8648477.

Tons. First wallet. We’ve already calculated them. 277,868 Ton ~1,528,274 USD

2 new technical wallets of Dmitry @Dmitry. In total, 4,078 + 17,999 + 13,639 TON. 35,716 TON ~196,438 USD.

EQALXHLikD-R5TBPZm7PFdyYvcWcMYlasm2EGsccq02N7PpE

EQCKv5iCJ1hpkXe8TY5gZZ8stDdlfsMjvxz6Y8crnYJWe_3X

Something new. Amounts in TON.

EQCXrZNESRUInoEiOP8Qq-kGbQsD6j26KoYw-5yfiKpFXPqY

I don’t know whose wallet this is yet. But it withdraws through the same exchange account with MEMO 8648477.

In total, the withdrawal amounts to 1,384,893 TON ~7,616,911 USD

Another small wallet of @Dmitry. Dumped on the order book 18,919 TON ~104,054 USD

EQD1GUKYXQnbbPJF8QOQ5ieJ-Uv8mH7i38_TQ-lSH5vNJIF

2 large MAJOR dumps on OKEX. In total, 1,302,818 tokens. I think at a rate of ~0.75 approximately. Which gives us ~977,113 USD

UQBUUkHPNWgpC6eNqXrxj5r_grMSOJhMFzhtHZCqUTkOqKT2

EQDV3FPAkxE-U97RrBilbxyzTd_Big1T7UTX9qoTcMrXnG_4

Well, that’s about it. The total amount of dumps by the developer #VKCO - Telegram - Ton - MAJOR — @Dmitry in dollars is:

13,853,866 USD

Only based on one — his personal, proven MEMO on OKEX 8648477.

Looks nice. @Dmitry, what do you think?

Now I need to look into Dmitry’s Bybit. Of course, I have that too. 18937517

Dumped Tons: 5,363 pieces. But MAJOR tokens dumped: 572,000 pieces. At the highs. Could have taken ~500,000 USD.

During the investigation, it turned out that the MEMO of @Dmitry and @Roxman match — when they dump shmokens and Tons. No one could have imagined. Let’s open the address of @Roxman borz.ton = 18937517

https://tonviewer.com/transaction/22f4f2e6e1b8950b995418ff0f57e8624bc862e027242745a22aaa50ed0b47a5

Either they share a common wallet, or a common exchange account, or @Dmitry services @Roxman. Or vice versa. As you wish.

Conclusions

Thus, it is proven that pro-Ukrainian hacktivists have infiltrated all command centers of Telegram. Including extensive connections with influencers, Swiss billionaires, Chechen dissidents, developers of all levels.

They communicate. Exchange gifts. Scam the CIS community on shitcoins. Scam on OKEX. Scam on dumps, leaks, big data. Work with admins and top figures of the "Eye of God" project. Scam on Ton.

And they are the main developers and active participants in almost all current projects — which Pavel Durov personally promotes and endorses. With the assistance of Mr. Roxman, whose right-hand man @unixtux is — according to numerous testimonies and evidence.

What does this say? It says that all Telegram developers, including @dmitry and @vihor, are under the thumb of @unixtux. And they are waiting for the next thing to happen — scamming investors, in one or another hyped-up bot farm project named after Pavel. Moreover, both large private investors, who look at 7 million subscribers and believe in Pavel and Telegram — that there can’t be 5-10-50 million bots there.

BUT THERE CAN BE!

As well as small retail investors. Who look at the activity and, for example, buy NOT on the OKEX exchange. This applies to all apps, tap games, bots, coins, crypto projects, Telegram’s own projects, channels of top figures and influencers of Telegram itself. And it remains to be understood and assessed — how the right hand of the FSB in Telegram — Antipov, is connected to the top figures of the Ukrainian cyber group C.A.S., who have targeted numerous companies, organizations, and state structures.

My question is as follows:

Why does Pavel cover for @Roxman?

Is someone behind @Roxman?
What does Antipov, the head of Eye of God, have to do with this?

Why hasn’t the scam app MAJOR been removed? Even after all the dirt and dumps.

Why are dozens of people, scammed on advertising for hundreds of thousands, possibly millions of dollars, who were fed bots, staying silent?

Why does the Telegram team actively participate everywhere, cover it up, shield it, and allow it? They understand everything, accept it, and do nothing.

Because such bot farms cannot exist without the assistance of Telegram and Durov personally.

Автор: Dmitriy Dagulis