Pavel Durov said a Distributed Denial of Service (DDoS) attack, which struck the company on Wednesday, originated from “mostly Chinese IP addresses”.
Hundreds of thousands of activists have taken to the streets of Hong Kong to protest against a proposed extradition bill which would allow people from the territory to be sent to mainland China to stand trial.
Communication apps such as Telegram, which use encryption to secure messages, are often used by activists to organise protests. Telegram is blocked in mainland China.
Mr Durov said Telegram had seen disruption attempts during protests in the city in the past because protesters use the service to organise themselves.
DDoS attacks are designed to flood a service with traffic to disrupt it or take it offline, rather than attempting to steal data.
“IP addresses coming mostly from China. Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception,” Mr Durov tweeted.
On Wednesday, the messaging app confirmed it was having issues because of an attack, and provided a colourful explanation on how the attack works.
“We’re currently experiencing a powerful DDoS attack, Telegram users in the Americas and some users from other countries may experience connection issues,” the company said on Twitter.
“A DDoS is a ‘Distributed Denial of Service attack’: your servers get GADZILLIONS of garbage requests which stop them from processing legitimate requests. Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a whopper.”
Shortly afterwards, the platform confirmed its systems had stabilised and user data was safe.