80,000 subscribers. Then a notification. Then 3,000. No explanation, no warning — like the channel never existed. Not a glitch. A raid. Incidents like this have grown into an organized market over the past two years, with services openly selling channel destruction as a product.
What a raid actually is
Bot inflation pads numbers upward. A raid does the opposite — it wipes out a real audience in minutes. An attacker gets admin rights to a channel, runs a script that calls Telegram's kickChatMember API in a loop, and tens of thousands of subscribers disappear. Telegram rate-limits those calls, but even within those limits, 5–10 minutes is enough to gut a channel built over years.
And in the vast majority of cases, there's no technical exploit involved. Admin rights come through the human factor.
How it unfolds
Admin lists are public in Telegram — anyone can see who runs a channel. So the attacker starts there, picks a target from the team, then sends a message: maybe it's "Telegram Support," maybe a business partner with a proposal, maybe a collaboration offer that looks legitimate. There's a link inside. The admin clicks, enters an authorization code, and it's over — the account belongs to the attacker.
The script runs. Everything happens in minutes, usually late at night or on a weekend when nobody's watching the phone.
The slower variant is infiltration. Someone asks to join the team — as an editor, a technical specialist, an analytics helper. Weeks of building trust. Then, when the moment is right, they use those admin rights for the actual purpose.
The numbers
TGuard's monitoring recorded more than 200 confirmed raid attacks in Q1 2026 alone — all targeting channels with at least 10,000 subscribers. News aggregators, crypto communities, political channels, entertainment pages. No niche is exempt.
The average damage from a raid on a 50,000-subscriber channel equals 3–6 months of audience-building work and $1,500–$6,000 in lost advertising revenue.
How TGuard stops a raid in real time
TGuard watches the event stream from the Telegram Bot API continuously and compares what's happening against the channel's normal baseline. The moment member removals from a single admin account exceed the configured threshold — say, 3 kicks in 60 seconds — TGuard acts immediately: it strips that account of admin rights, sends an emergency alert to the channel owner, and logs the incident. The attacker loses their tool mid-raid.
The gap that makes this useful: a human who sees a notification and opens Telegram takes at minimum 5 to 10 minutes to respond. A raid is over by then. TGuard moves in seconds.
Setting it up
- Open @channel_guardian_bot and press Start.
- Select "Add channel" — the bot will ask to be added as an admin.
- Grant Restrict Members permission. Without it, blocking the attacker's account isn't possible.
- Open channel settings in TGuard and configure the anti-raid threshold.
- Save — alerts arrive automatically from that point on.
What else is worth doing
The anti-raid bot handles real-time response, but the attack surface starts long before the raid runs. A few things that meaningfully reduce risk:
Keep admin permissions minimal. A content author doesn't need member management rights. Give people exactly what their role requires, nothing more. And make 2FA non-negotiable for the whole team — hijacking an account without it is trivially easy.
Review the admin list periodically and remove anyone who's no longer active on the channel. Former collaborators with lingering admin access are a liability. And treat any requests to add new people to the team with healthy skepticism — even when they come with good references.
Frequently Asked Questions
A raid attack occurs when an attacker gains admin rights to a channel (through account hijacking, phishing, or social engineering) and uses those rights to mass-delete subscribers in seconds. A channel with 50,000 followers can lose everything in minutes.
TGuard monitors deletion speed in real time. If an abnormally large number of subscribers are removed from a single administrator account in a short time window, the system automatically strips that account of admin rights and immediately alerts the channel owner.
Telegram provides no tools for bulk-restoring deleted subscribers. This is exactly why proactive anti-raid protection matters far more than any after-the-fact measures.
Yes. TGuard must be added as an administrator with Restrict Members permission — this is required to restrict compromised accounts. Posting or channel editing rights are not needed.