Telegram's recent sweeping enforcement campaign, detailed in a newly published report by Check Point Software Technologies, reveals an ongoing battle against cybercriminal activity on the platform. Despite the removal of over 43.5 million channels and groups in 2025 alone, cybercriminal operations continue to proliferate, presenting a complex challenge for digital security worldwide.
The cybersecurity firm highlights the scale of Telegram's global crackdown on illicit activities with daily removals skyrocketing to as many as 140,000, and a peak day exceeding 500,000 removals. Such figures underscore Telegram’s aggressive stance against cybercrime. However, these measures have not significantly reduced the presence of cybercriminal communities, suggesting a resilience that complicates enforcement efforts.
The report indicates a shifting landscape where cybercriminals are increasingly sophisticated and resilient. These actors can weather disruptions by creating backup channels in anticipation of enforcement actions, allowing swift reconstruction of their networks. This robustness poses a significant challenge to eradication efforts, as cybercriminals continuously reorganize and evolve to stay ahead of platform interventions.
In Nigeria, where Telegram has become a predominant messaging platform with approximately eight million users, the implications are profound. The platform’s integration into cryptocurrency trading, online betting, and digital commerce makes it an attractive target for fraudsters who leverage its scale and anonymity. Nigerian financial ecosystems thus face heightened risks, necessitating stronger security and policy responses.
Cybercriminals are continuously refining their tactics to evade detection. Strategies include "request-to-join" access limitations, deceptive disclaimers, and parallel operations across multiple channels. These adaptive measures ensure minimal disruption from enforcement, as attackers build redundancy into their operations to sustain activities even amidst aggressive crackdown campaigns.
The Check Point report notes that even after channel removal, harmful content often survives. Spikes in forwarded messages, especially during enforcement peaks between February and April 2025, highlight how fraudulent content and strategies perpetuate beyond the lifespan of their original platforms. This continuity complicates cybersecurity efforts on large platforms like Telegram, which are favored for their combination of scale, user-friendliness, and discoverability.
The report sheds light on the growing volume of access points into cybercriminal networks. Check Point's systems tracked around three million Telegram invite links circulating within underground communities, dwarfing activity on other platforms such as Discord, Signal, and SimpleX. This extensive network activity underscores the inadequacy of enforcement actions focused solely on individual accounts or channels.
The report suggests that while platform enforcement is critical, it is not sufficient. A multidimensional approach focusing on dismantling broader cybercriminal ecosystems is needed. For markets like Nigeria, where digital platforms are ever more integral to financial activities, a coordinated response involving heightened awareness and targeted cybersecurity strategies is essential to counter emerging threats effectively.
