Security researchers have uncovered a subtle but dangerous flaw in Telegram that allows attackers to reveal a user’s real IP address with just a single click. By embedding malicious proxy configuration links behind seemingly harmless text, threat actors can silently force the Telegram app to connect to attacker‑controlled servers, exposing a user’s network identity before any warning or confirmation appears.
Privacy Expectations
Telegram is known for strong privacy and end-to-end encryption, so users naturally expect their messages and identities to stay private. This trust goes beyond everyday chats. Journalists, activists, and others rely on it for sensitive communication. Telegram is also commonly used for illicit trades, with darknet markets often operating bots on the platform. For many users, staying hidden is not just a preference, it’s a necessity and expect nothing less.
Telegram’s Proxy Feature
Telegram offers a built in proxy that can route your app traffic through a proxy server to protect your real IP address. It supports both MTProto (Telegram’s own protocol) and SOCKS5 proxies, but this feature is not enabled by default. When turned on, it only applies to your Telegram messages, media, and channels—meaning it doesn’t affect other apps or websites you open within Telegram. It’s a privacy tool for Telegram traffic, but you'll need to enable it manually for it to work. This exact feature is the one being discussed today, after failing to function as designed.
How Telegram’s Proxy Exposed Your IP
Security researchers discovered a serious flaw in Telegram’s proxy feature that could expose your real IP address with just one click. Here’s how it works: when you tap on a t.me/proxy link (used to set up Telegram proxies), the app automatically tries to connect to the proxy server to check if it’s working. This happens before you even confirm whether you want to use the proxy, and it happens silently in the background—no warning, no prompt. Because of this, if an attacker controls the proxy server, they can immediately capture your real IP address, bypassing any VPN or other privacy tools you might be using.
The issue is that this connection is made automatically as soon as you tap the link, before the proxy is actually activated. This means that even if you have nothing to do with the proxy yet, your real IP is exposed. What's worse, attackers can disguise these proxy links to look like harmless or trustworthy URLs—so you might not even realize you're falling into a trap. The flaw was discovered by security researchers who demonstrated how easy it is for an attacker to exploit it, leaving users vulnerable to tracking or being identified.
The Reality of This Flaw
Despite the attention it has received, this issue has very limited real‑world impact for most users. Exploiting it requires an attacker to run a malicious proxy server and trick someone into clicking a specially crafted proxy link, at which point Telegram briefly connects to that server and exposes the user’s public IP address. No messages, accounts, or encrypted data are compromised, and the proxy only sees minimal connection metadata. The practical risk to the average Telegram user is close to nonexistent, with meaningful implications mainly for high‑risk users who rely on strict anonymity.
Conclusion
Telegram’s one-click proxy flaw shows that even trusted privacy features can have unexpected risks. The vulnerability can expose a user’s IP if they tap a malicious link, but the actual impact on most users is minimal. No messages or account data are compromised and the leak only occurs under very specific conditions. This serves as a reminder that privacy depends not just on encryption but also on cautious use and awareness of links. For high-risk users vigilance remains important but for the average user the risk is largely theoretical.
0 Comments