The team behind decentralized social media platform Friend.tech has added a new security feature amid attempts to stop a Avalanche of SIM swapping attacks targeting your users.
"You can now add a 2FA password to your Friend.tech account for additional protection if your cell phone carrier or email service is compromised," the team explained in an October 9 post on X (formerly Twitter).
Friend.tech users will be asked to add another password when signing in on new devices.
"Neither the friendtech nor Privy teams can reset these passwords, so be careful when using this feature," Friend.tech added.
You can now add a 2FA password to your https://t.co/YOHabcBL3H account for additional protection if your cell phone carrier or email service is compromised.
Neither the friendtech nor Privy teams can reset these passwords, so be careful when using this feature. pic.twitter.com/g0m2E4att2
โ friend.tech (@friendtech) October 9, 2023
The latest change follows several SIM-swapping attacks targeting Friend.tech users since September.
On September 30, froggie.eth was among the first of a series of Friend.tech users to be compromised by a SIM swapping attack, urging others to remain vigilant.
They exchanged my swimming for more than 20 ETH (they exhausted me https://t.co/xb5o31p3Yy)... stay alert, brothers.
set a PIN on your SIM even if you don't think it's necessary
โ froggie.eth (@brypto_) September 30, 2023
Further Friend.tech users made themselves known with similar stories in the following days with an estimated 109 Ether (ETH), valued at about $172,000, stolen from four users in one week. Four other users were attacked over a 24-hour period just a few days later, and another $385,000 worth of Ether was stolen.
Friend.tech had already updated its security once on October 4 to allow users add or remove multiple login methods in an attempt to mitigate the risk of SIM swapping vulnerabilities.
Several observers criticized Friend.tech for not implementing the fix sooner.
"Finally", one user said, while another saying: "it took you a long time."
However, a prominent Friend.tech creator, 0xCaptainLevi, was more optimistic, emphasizing that 2FA is a "big deal" and can help propel the social media platform to never-before-seen heights:
2FA is a big problem. The road to $100 million in TVL never looked brighterโค๏ธโ https://t.co/bxd3V3M3mx
- Levi โก๏ธ (@0xCaptainLevi) October 10, 2023
In an X thread on October 8, Blockworks founder Jason Yanowitz revealed one of the ways SIM swapping attacks are being orchestrated. The process involves a text message prompting the user for a number change request, where users can respond with "YES" to approve the change or "NO" to reject it.
If the user answers "NO", they are sent a real verification code from Friend.tech and asked to send the code to the scammer's number.
"If we don't hear a response within 2 hours, the change will be made as requested," a follow-up message shows.
"Actually, if I sent the code, my account would be deleted," he said.
Someone is trying to hack my @amigotech
1) Text sent saying they are changing my number
2) I answer no
3) They say to confirm no, send the verification code.
4) Receive real verification code from a friendly technician
5) When they don't receive a response, they send text messages again saying they will automatically send... pic.twitter.com/j76vI969jP
-Yano (@JasonYanowitz) October 8, 2023
Related: Friendโ.tech copycat Stars Arena patches explode after some funds ran out
The total value locked in Friend.tech currently stands at $43.9 million, down 15.5% from its all-time high of $52 million on October 2. according to DefiLlama.
Cointelegraph contacted Friend.tech for comment but did not receive an immediate response.
Magazine: Blockchain Detectives: The Mt. Gox Collapse Birthed Chainalysis