Decentralized social network Friend.tech was once again the target of SIM swap attacks that cost four users $385,000 in Ethereum.
Crypto sleuth ZachXBT tracked the activity on the chain to the same hacker that leaked the accounts of the four victims in less than 24 hours.
SIM swapping is a technique by which hackers trick mobile service providers into transferring a user's phone number to their SIM card. With a number, you can access online accounts linked to that number.
“Sim changed” posted user Sumfattytuna. “Apparently the dude managed to make it out of the Apple Store and switched it to an iPhone SE. Don't buy my keys, that wallet is messed up.”
KingMgugga also reported being hacked in real time. “And I'm switching sims looking at this!!! Does anyone know what I can do?!!!” He wrote.
https://x.com/KingMgugga/status/1709632413406826709?s=20
Earlier this week, four other Friends.tech users reported having their accounts withdrawn due to SIM swapping, with a total of 109 ETH stolen.
Friend.tech did not immediately respond when reached by Decrypt.
In response, Friend.Tech has announced the implementation of a new feature that allows users to log into their accounts without using their phone number.
After a series of attacks, crypto investment firm Manifold Trading issued a warning on X on Tuesday, explaining that if an attacker manages to gain access to a Friend.tech account, it “could compromise the entire account.”
“If you consider that 1/3 of Friend.tech accounts are linked to phone numbers, that's $20M from SIM swaps at risk,” he added.
The rise of SIM swap attacks
SIM swap attacks are on the rise, especially in crypto.
Last August, data from FTX, BlockFi and Genesis were exposed in attacks targeting Kroll, which is responsible for handling credit requests for bankrupt businesses.
Kroll noted that this sophisticated SIM swap attack targeted one of his employees' phones.
In September, Vitalik Buterin, the founder of Ethereum, was targeted in a SIM swap attack. At the decentralized social network Warpcast, hackers used Twitter to reset the password, allowing them to gain access to the account and its 4.9 million followers.
Symptoms of a SIM swap usually show up within 24-48 hours: victims don't receive calls or texts, or can't access online accounts.
A recommended precaution is to use authentication apps like Google Authenticator instead of SMS-based two-factor authentication.
Stay on top of crypto news, get daily updates in your inbox.
