Friend.Tech Faces SIM Swap Attack, Leading to Ether Losses for Users
Several users of Friend.Tech have recently become victims of SIM swap attacks, leading to the unauthorized depletion of significant amounts of cryptocurrency. These attacks primarily targeted individuals who had associated their Friend.Tech accounts with real-world profiles and phone numbers, making them more susceptible to such breaches.
Crucially, it should be noted that the Friend.Tech code itself remained uncompromised, and immediate risks to users are relatively low. The application functions by enabling users to acquire "shares" of individuals who possess accounts on the X platform, affording purchasers specific privileges.
SIM swap attacks constitute a recurring menace, wherein cybercriminals commandeer control of a mobile phone by manipulating service providers into linking that phone number with a SIM card controlled by the attacker. The commandeered phone can subsequently be utilized for deceitful activities.
At least two users have come forward, reporting instances of falling victim to SIM swap attacks, culminating in the theft of over 42 ether (ETH). At current market rates, this equates to nearly $70,000, with the incidents occurring separately.
This occurrence serves as a stark reminder, particularly for those who have divulged their actual names on their Twitter accounts, potentially exposing their phone numbers to malicious entities. Such attacks can materialize when sensitive information is readily accessible.
I was just SIM swapped and robbed of 22 ETH via @friendtech— daren (friend, friend) (@darengb) October 3, 2023Friend.Tech
The 34 of my own keys that I owned were sold, rugging anyone who held my key, all the other keys I owned were sold, and the rest of the ETH in my wallet was drained.
If your Twitter account is doxxed to your real… pic.twitter.com/5wA86mjYEG
Friend.Tech has emerged as a prominent crypto platform this year, amassing a substantial user base despite the ongoing bear market conditions. The application swiftly garnered over 100,000 users within a fortnight of its debut.
However, security vulnerabilities remain a paramount concern for any crypto platform. Threats may encompass tactics ranging from smart contract manipulation or flash loan attacks to more conventional methods targeting affluent users.
In response to this incident, certain Friend.Tech users have advocated for the introduction of supplementary security features, including two-factor authentication (2FA). This widely adopted method involves SMS or code-based verification and could serve as a deterrent against potential future attacks.
Eran Karpen, Co-Founder and CTO at Unplugged, underscored the criticality of robust security measures, especially for accounts holding valuable digital assets. He endorsed the adoption of 2FA through an authenticator app, underscoring its heightened security compared to SMS-based authentication.
Additionally, an alternative strategy involves the utilization of a secondary "secret" SIM for 2FA on a phone supporting dual SIM or e-SIM functionality. This tactic circumvents the use of the primary SIM linked to a publicly known phone number, thereby fortifying security measures.
Read more: Unleashing the Power of Decentralized Networking: Friend.tech's Rise, Bots, and Beyond