Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Users of Friend.tech are expressing concerns about potential SIM-swap attacks following a recent series of alleged hacks that resulted in nearly 109 Ether (ETH), valued at approximately $178,000, being stolen from four individuals within a week.
On September 30, the X (formerly Twitter) user identified as “froggie.eth” alerted that their Friend.tech account had been SIM-swapped—where attackers gain control of a user’s mobile number to intercept two-factor authentication codes, which are then used to access accounts—and subsequently had over 20 ETH drained.
Shortly after, on October 3, multiple Friend.tech users reported similar occurrences, with musician Daren Broxmeyer stating he was SIM-swapped and lost 22 ETH.
He noted that his phone had been “spammed with phone calls,” which he suspected was an attempt to make him miss a text from his service provider alerting him that someone was trying to access his account.
I was just SIM swapped and robbed of 22 ETH via @friendtech
The 34 of my own keys that I owned were sold, rugging anyone who held my key, all the other keys I owned were sold, and the rest of the ETH in my wallet was drained.
If your Twitter account is doxxed to your real… pic.twitter.com/5wA86mjYEG— daren (friend, friend) (@darengb) October 3, 2023
On the same day, another user, “dipper,” reported that their account had been compromised, stating they had “no idea” how the attackers managed to hack their account, as they utilize strong passwords.
The fourth user, “digging4doge,” lost approximately 60 ETH after falling victim to a phishing scam that deceived them into providing a login code.
Friendtech user @digging4doge just got drained to the tune of ~60 eth worth of keys.
About an hour ago, he received a text informing him that a number change had been requested for his account.
He had two hours to respond or the request would be auto approved. This was, of… pic.twitter.com/L21Hr041kP— quit (,) (@0xQuit) October 4, 2023
Related Posts
The crypto investment firm Manifold Trading noted that any hacker who gains access to a Friend.tech account can effectively “rug the whole account.”
They estimated that if a third of Friend.tech accounts are linked to phone numbers, around $20 million could be at risk of being exploited through user-targeted attacks on Friend.tech.
Related: Friend.tech look-alike ‘Alpha’ emerges on Bitcoin network
Manifold also indicated that, from a technical standpoint, all of Friend.tech is vulnerable due to the platform’s security configuration, and addressing these issues “should honestly be the number 1 priority.”
If any hacker gains access to a FriendTech account via simswap/email hack, they can rug the whole account
If you assume 1/3 of FriendTech accounts are connected to phone numbers, that’s $20M at risk from sim-swaps
FriendTech’s current setup also technically allows a rogue dev… https://t.co/XgodMNSh2l— Manifold (@ManifoldTrading) October 2, 2023
Manifold recommended that Friend.tech implement options for users to add two-factor authentication for logins, key decryptions, and transactions.
Additionally, users should have the ability to switch their login method from a phone number to an email and be allowed to utilize third-party wallets.
Notable figures in the crypto space have previously been successfully SIM-swapped, with their accounts being used for phishing attacks, including Ethereum co-founder Vitalik Buterin’s X account in September.
Cointelegraph reached out to Friend.tech for a statement but did not receive an immediate reply.
Magazine: Blockchain detectives — Mt. Gox collapse saw birth of Chainalysis
