A 90,000-member tech channel. Five admins, all vetted. One evening, the owner gets a notification: TGuard has been removed. Twenty minutes later, the channel is gone — transferred to an account registered three days earlier. The attack came from inside.
This scenario isn't rare. A significant share of Telegram channel thefts don't involve phishing or hacked sessions. They happen because the owner gave the wrong admin the wrong permissions and didn't notice until it was too late.
What Telegram admin rights actually do
When you add someone as an admin in Telegram, you choose from a list of permissions. Most of them are fine to give. A few of them hand over the channel.
The safe ones: delete messages, ban users, pin messages, manage video chats, invite users via direct invite. A moderator with only these rights can handle day-to-day operations without touching anything structural.
The dangerous ones are two: Add new admins and Change channel info combined with link management. "Add new admins" is the obvious one — whoever has it can promote anyone, including accounts they control, to admin with full rights. Once a second admin is in place with this permission, the original owner is just one more step away from losing everything.
Never grant "Add new admins" to anyone unless you genuinely can't avoid it. That single checkbox is how most insider takeovers start.
How the attack actually plays out
The typical insider takeover takes 30 days minimum, because Telegram requires an account to hold admin status for 30 days before ownership can be transferred to it. A motivated attacker who already has "Add new admins" permission simply waits.
Day 1: they promote a second account to admin. Day 30: that account is now eligible to receive ownership. The transfer happens in under a minute through Telegram's own settings menu. By the time the original owner notices — usually because posts they didn't write start appearing — the channel is gone.
A faster variant skips the ownership transfer entirely. The rogue admin uses their ban rights to kick real users, or removes protection bots to leave the channel exposed to a bot raid. The channel survives but the community is destroyed within hours.
The problem with Telegram's native rights system
Telegram's permissions are binary. You either add someone as an admin with a chosen set of rights, or they're a regular member. There's no middle layer — no way to say "this person can ban spam accounts but cannot touch the invite link or add other admins" while keeping them completely off the admin list.
In practice, owners end up doing one of two things. They give too many rights to avoid constant "I can't do X, give me access" messages from moderators. Or they give too few and become a bottleneck for every moderation decision. Neither works well past a certain channel size.
How TGuard's Trusted Management changes this
TGuard's Trusted Management feature adds a moderation layer that sits between "regular member" and "Telegram admin." You designate trusted users through TGuard, and they get specific moderation capabilities — ban members, remove spam, approve join requests — without appearing in Telegram's admin list at all.
Since they're not Telegram admins, they have no ability to add new admins, change channel settings, manage the invite link, or remove TGuard itself. The owner keeps full structural control while delegating the day-to-day work.
There's also a separate alert that runs independently: if anyone removes TGuard from the channel — whether a rogue admin or an accidental settings change — the channel owner gets an immediate notification. This catches the first step of most insider attacks before the 30-day clock can start ticking. Combined with the broader account security checklist, it closes most of the insider threat surface.
The setup in practice
The practical approach for most channels is a split setup. Add TGuard as an admin with the specific rights it needs to function (ban users, manage invite links if you want antispam on joins). Add human moderators through TGuard's Trusted Management instead of as Telegram admins. Keep the number of actual Telegram admins — people who appear in the admin list — as small as possible.
For channels above 10,000 members, running one or two genuine Telegram admins (trusted co-founders or co-owners) plus a larger team of TGuard-managed moderators is the setup that's hardest to attack from the inside. The attack surface shrinks from "anyone on the admin list" to "the two people who actually have structural rights."
If you're running a large community and currently have five or more Telegram admins with overlapping rights, it's worth auditing the list. Any admin who doesn't genuinely need "Add new admins" or "Change channel info" should have those permissions removed. Most moderation work doesn't require them.
Frequently Asked Questions
"Add new admins" is the most dangerous — it lets a moderator promote anyone, including accounts they control. "Change channel info" combined with link management is the second concern. All other moderation rights (delete messages, ban users, pin posts) are generally safe.
Yes, if they have "Add new admins." They promote a second account to admin, wait 30 days (Telegram's requirement for ownership transfer eligibility), then transfer ownership. The attack takes a month but requires zero hacking skill.
It lets you give moderators specific capabilities — ban users, manage join requests — without adding them as Telegram admins. They have no access to admin settings, can't add other admins, and can't remove TGuard. If anyone does remove the bot, the channel owner is notified immediately.