Telegram Faces One-Click IP Leak Risk From Malicious t.me Proxy Links

Telegram built its reputation on privacy and anonymity, but a newly highlighted behavior shows how clicking certain t.me links can leak a user’s real IP address.

As reported by Neowin, attackers can craft malicious Telegram proxy URLs that look like ordinary t.me links. These links point to servers fully controlled by the attacker.

How the one-click IP leak works

When a user clicks a proxy-style Telegram link, the app automatically tests the proxy connection. Telegram sends this test request directly from the user’s device using the default network connection.

This process bypasses VPNs and other anonymity tools. The attacker’s server can then log the victim’s real IP address, approximate location, and network details. Telegram shows no warning, prompt, or confirmation during this check.

Security researchers demonstrate the issue

Security researchers publicly demonstrated the flaw and described it as a “one-click IP leak.” The test occurs instantly after the link click, which gives users no chance to stop the request or verify the destination.

The risk increases for users who depend on Telegram for anonymity, especially in restrictive or hostile environments.

Telegram plans mitigation steps

Telegram reportedly plans to introduce warnings for proxy links to reduce the risk. Until those changes roll out broadly, security experts recommend avoiding unknown or proxy-style Telegram links entirely.

Telegram also runs on Copilot+ PCs, which expands its reach to more Windows users and makes this issue relevant on desktop platforms as well.

Outside Telegram, other messaging apps continue to adjust their platforms. WhatsApp is developing parental control features, while Facebook Messenger has retired its desktop app.

These shifts highlight how privacy, safety, and platform changes continue to shape the messaging app landscape.