Friend.tech users warn of possible SIM swapping attacks after a recent series of alleged attacks that resulted in nearly 109 Ether (ETH) worth approximately $178,000, which four users drained in less than a week.
On September 30, user X (formerly Twitter) known as โfroggie.ethโ warned your Friend.tech account was SIM swapped โ where exploiters gain control of a user's mobile number to intercept two-factor authentication codes, which are then used to access accounts and subsequently mine over 20 ETH.
Days later, on October 3, a number of Friend.tech users reported similar incidents, with musician Daren Broxmeyer saying his SIM card was changed and 22 ETH was taken from him.
Previously, his phone received โphone call spam,โ which he believed was to force him to miss a text message from his service provider warning him that someone was trying to access his account.
They just changed my SIM card and stole 22 ETH through @amigotech
34 of my own keys were sold, which upset anyone who had my key, all the other keys I owned were sold, and the rest of the ETH in my wallet was depleted.
If your Twitter account is connected to your real account... pic.twitter.com/5wA86mjYEG
โ daren (friend, friend) (@darengb) October 3, 2023
On the same day another user, โdipperโ, also saying their account was compromised and they added that they โhave no ideaโ how exploiters could hack their account since they use strong passwords.
The fourth user, โdigging4doge,โ lost around 60 ETH after falling for a phishing scam that tricked them into sharing a login code.
Friendtech user @digging4doge I just ran out to the tune of ~60 eth worth of keys.
About an hour ago, you received a text message informing you that a number change had been requested for your account.
I had two hours to respond or the request would be automatically approved. This was, ofโฆ pic.twitter.com/L21Hr041kP
- quit (,) (@0xQuit) October 4, 2023
Cryptocurrency investment firm Manifold Trading explained that any hacker who gains access to a Friend.tech account will be able to โsteal the entire account.โ
Assuming one-third of Friend.tech accounts are connected to phone numbers, around $20 million is at risk of being exploited through Friend.tech User-Centric Exploitsthey said.
Related: 'Alpha', similar to Friend.tech, emerges on the Bitcoin network
Manifold also suggested that technically all of Friend.tech is at risk because of how the platform's security is set up, and resolving the issues "should honestly be priority number one."
If any hacker gains access to a FriendTech account through a simswap or email hack, they can steal the entire account.
If you assume 1/3 of FriendTech accounts are connected to phone numbers, there is $20 million at risk from SIM swaps
FriendTech's current setup also technically allows an unauthorized developer... https://t.co/XgodMNSh2l
- Collector (@ManifoldTrading) October 2, 2023
Manifold suggested that Friend.tech allow users to add 2FA to logins, key decryptions, and transactions.
Users should also have the option to change the login method from a number to an email and allow the use of third-party wallets.
High-profile crypto figures have already been successfully SIM-traded, and their accounts have been used to carry out phishing attacks, such as that of Ethereum co-founder Vitalik Buterin. Account X in September.
Cointelegraph contacted Friend.tech for comment but did not immediately receive a response.
Magazine: Blockchain Detectives: The Mt. Gox Collapse Birthed Chainalysis