• Telegram auto-pings the proxy before adding it
• The request bypasses all configured proxies
• Your real IP is logged instantly
Silent and effective targeted attack.
(chekist42)
@durov
@0x6rss
ONE-CLICK TELEGRAM IP ADDRESS LEAK!
In this issue, the secret key is irrelevant. Just like NTLM hash leaks on Windows, Telegram automatically attempts to test the proxy. Here, the secret key does not matter and the IP address is exposed.
Example of a link hidden behind a https://t.co/NJLOD6aQiJ
⚠️Telegram 1-click vulnerability
A single click can reveal your real IP address — even if you use a proxy.
Affects both Android and iOS Telegram clients. 👇Important detail:
An internal proxy link can be disguised as a normal username, e.g. @durov.
Example of such link:
⚠️ Telegram shows no warning — it looks like a regular internal click.What happens next:
• Telegram auto-pings the proxy before adding it
• The request bypasses all configured proxies
• Your real IP is logged instantly
Silent and effective targeted attack.
(chekist42)@durov
yes
️Telegram 1-click vulnerability
A single click can reveal your real IP address — even if you use a proxy.
Affects both Android and iOS Telegram clients. ... Important detail:
An internal proxy link can be disguised as a normal username, e.g. @durov.
Example of such link:
️ Telegram shows no warning — it looks like a regular internal click. ... What happens next:
• Telegram auto-pings the proxy before adding it
• The request bypasses all configured proxies
• Your real IP is logged instantly
Silent and effective targeted attack.
(chekist42) ... @durov
Missing some Tweet in this thread? You can try to
Update
