// TONWISE PARTNERS

Real-Time Fraud
Prevention for TON

Stop scams before users sign. One API call. Sub-2-second latency. Integrate into your wallet, DEX, launchpad, or Mini App in under a day.

// The Case That Made This Real

How TonWise stopped a reputation-laundering rug recruitment

In May 2026, @RAGPULLIN — a TON community researcher with public Telegram and X channels — was approached by a token creator with an unusual proposition: take over the public-facing "CTO" role for a recently launched token, in exchange for control of its TG and X channels. Social proof was supplied. Urgency was supplied.

This was not an investment ask. It was a reputation-laundering recruitment — a coordinated attempt to install a respected community figure as the public face while the original insiders quietly held supply, ready to exit on the next pump.

Before accepting, RAGPULLIN scanned the contract through TonWise. The response, in under two seconds:

CRITICAL

40/100

Balance · Token TON

⚠Collusion Map: 3 Sybils controlled by 1 Master(s).

🤖Insider Alert: Token supply is heavily concentrated within Sybil clusters.

Scanned contract: EQAc2DO-7EOnVAv985EL-RhpW_9l5DmhYLjCrd02IsyNvDzb
Original community post: t.me/RAGPULLINCHAT/3349

Armed with this, RAGPULLIN confronted the would-be partner and demanded their wallet for verification. The partner refused, dropped the CTO framing, and pivoted to pleading for a "send it back to 10k MC" — an explicit ask to help pump the price so existing insiders could exit again.

RAGPULLIN walked away. He then published the entire exchange — chat screenshots, TonWise verdict, holder graph — on his public channel as a community warning. The Sybil cluster never got their public face. His audience was never promoted into a coordinated rug.

This is not a hypothetical. It ran in production, on a public scan endpoint, against a freely chosen target. The detection logic is identical to what is available via API today.

// The Problem

Coordinated reputation laundering is the dominant 2026 attack vector on TON

The TON ecosystem now does $1.75 billion in daily trading volume with 48.5 million cumulative wallets and over 2 million daily transactions. Telegram operates the largest validator on the network. This scale carries a scale of attack surface.

Across the broader memecoin landscape, more than $500 million was lost to rug pulls and coordinated scams in 2024 alone (Merkle Science). The dominant attack vector in 2026 is no longer the simple honeypot. It is coordinated reputation laundering: sybil-controlled token supply paired with active recruitment of unsuspecting KOLs, researchers, and community figures to serve as the public face — while the insiders retain the ability to exit at will.

This class of attack defeats:

Static address blocklists — the sybil wallets are fresh and uninvolved in prior scams
Honeypot detectors — the contract is technically tradeable
Community reporting — by the time a community figure is publicly tied to a token, it is too late to back out without reputation damage

It does not defeat real-time holder-cluster graph analysis paired with master-wallet attribution. That is what TonWise provides.

// What TonWise Provides

Three primitives, one API surface

// 01 SCAN

Real-Time Scan API

GET /api/v1/shield

Trust score (0–100), risk symbols, taint exposure, holder topology. Sub-2s response. Sub-200ms cached. 22,000+ indexed addresses, 100+ confirmed bad actors, growing.

// 02 AGENT

AI Agent Guard

POST /api/v1/agent-guard

ALLOW / REVIEW / BLOCK decisions for autonomous agents. Per-agent anomaly scoring. HMAC-signed audit receipts. Idempotent.

// 03 GRAPH

Collusion Map

Embedded in scan response

Graph-based cluster detection. Sybil holder clusters, layered rug prep, multi-hop laundering. The detection that powered the RAGPULLIN case.

// Partner Integration Shapes

Five ways to plug in

Wallets

Pre-send confirmation hook. Before a user signs, query the destination, surface a branded inline warning if risk crosses threshold. One HTTP call, <100ms added.

DEXes / Launchpads

Pre-trade and listing-time scan. Block scam contracts at the pool level. Surface warnings at swap. Webhook delivery for retroactive notification of existing positions.

Mini Apps with payments

Wallet pattern embedded inside the Wallet Pay confirmation step. Native to TON, native to Telegram.

KOL / Agency tools

Scan-before-promote check inside the workflows that source paid partnerships. The RAGPULLIN case is exactly this class of attack.

Custody / Insurance

Risk score as underwriting input. Real-time exposure as pricing signal. Claim validation via threat-intel lookup. Audit receipts as evidence trail.

All integrations are read-only from the partner side. TonWise never holds credentials, never moves funds, never custodies.

// Commercial Shape

Three tiers, flexible terms for first partners

Pilot

30 days, fixed fee, full API access, integration support, branded inline warnings.

Integrated

Monthly recurring, volume-based, SLA, dedicated Telegram support channel.

White-label / OEM

Revenue share or annual contract. Custom domain, custom UI, threat-intel pool sync, exportable receipts.

We are flexible on first-customer terms. The priority right now is integration depth and signal quality, not unit economics.

What we are asking

A 30-minute call. We walk through your current fraud-loss exposure on TON, show the integration shape relevant to your stack, discuss whether a 30-day pilot makes sense. If a pilot does not fit, we also offer threat-intel data feeds (CSV / webhook) at a fixed annual rate as a lighter-weight alternative.

DM on Telegram Send Email

// Contact

Reach us directly

Founder

@Andger1975

Dev Support

@TonWiseDev

support@tonguard.app

Try the Bot

@TonWise_Bot

Intel Channel

@tonwise_intel

Website

tonguard.app

Real-Time FraudPrevention for TON