Friend.tech blames SIM swap after users lose more than 100 ETH in a week
Friends.Tech users are being warned of possible SIM-swap attacks following the latest hack, which saw 109 Ether (ETH) worth nearly $178,000 withdrawn from four users in less than a week.
On September 30, an X (formerly Twitter) user known as “froggie.eth” warned that a friend.tech account had had its SIM swapped – exploits had taken control of the user's mobile phone number and then used two-factor authentication codes. Access accounts – and subsequently poured more than 20 ETH.
Days later, on October 3rd, a string of Friend.tech users reported similar incidents, with musician Daren Broxmeyer claiming to have had his SIM swapped and withdraw 22 ETH.
He believed his phone had previously been “spamed with phone calls,” which would have forced him to miss a text from his carrier saying someone was trying to access his account.
I changed sim through @friendtech and got robbed of 22 ETH
All 34 of my own keys were sold, dragging everything that held my keys, my other keys were sold, and the rest of my ETH poured into my wallet.
If your Twitter account is linked to the real thing… pic.twitter.com/5wA86mjYEG
— Darn (friend, friend) (@darengb) October 3, 2023
On the same day, another user, “Diaper,” also said their account had been compromised, saying that because they use strong passwords, the exploiters “have no idea” how to hack their account.
A fourth user, “digging4doge”, fell for a phishing scam and tricked them into sharing an access code, draining around 60 ETH.
Friendtech user @digging4doge finished a tune up with ~60 eth worth of keys.
An hour ago he received a text stating that he had requested a number change for his account.
He had two hours to respond or the request would be automatically approved. This was the… pic.twitter.com/L21Hr041kP
— Quit (@0xQuit) October 4, 2023
As crypto investment firm Manifold Trading explains, any hacker who can gain access to a Friend.tech account can then “compromise the entire account.”
Considering that one-third of Friend.tech accounts are linked to phone numbers, nearly $20 million is at risk of exploits targeting Friend.tech users, he said.
Related: Friend.tech look-alike ‘Alpha' pops up on Bitcoin network
Technically, Manifold suggested that how the entire Friend.tech platform is designed, security should be “really the number one priority.”
If any hacker gets hold of FredenTech account through simswap/email hack, they can compromise the entire account.
If you consider that 1/3 of FriendTech accounts are linked to phone numbers, that's $20M at risk from SIM-swaps.
FredenTech's current setup also technically allows rogue dev… https://t.co/XgodMNSh2l
— Manifold (@ManifoldTrading) October 2, 2023
Manifold Suggested Friend.tech allows users to add 2FA to logins, key decryptions and transactions.
Users should be given the option to change the login method from number to email and allow them to use third party wallets.
High-profile cryptocurrencies have been successfully compromised in the past, with their accounts compromised to carry out phishing attacks, such as the account of Ethereum founder Vitalik Buterin X in September.
Cointelegraph reached out to Friend.tech for comment but did not immediately receive a response.
Magazine: Blockchain Investigators – Matt Gox's failure saw the birth of Chinalysis