Quick take:
- FriendTech users have lost 109 ETH in SIM swap and email attacks.
- X user “froggie.eth” was the first to warn FriendTech users that his phone number had been SIM-swapped and 20 ETH stolen.
- More reports emerged on Tuesday with musician Daren Broxmeyer saying he lost 22 ETH after he was SIM-swapped.
Friend.Tech the decentralised social network that has recently been gaining popularity in the crypto community may have hit its major setback since launching in August 2023. According to some of its users, attackers are targeting those using mobile phones for 2-factor authentication through SIM swaps.
The first person to notice this exploit was X user “froggie.eth”, who warned FriendTech users after his phone was SIM-swapped and 20 ETH lost to the hackers.
“Got swim swapped for 20+ ETH (they drained my http://friend.tech)… stay vigilant out there bros,” he wrote, urging users to set a pin on their SIM even if they don’t need to. But does a SIM PIN really guarantee security? As it turns out, hackers have found an easier way of overring PIN on SIM.
In 2019, a Verizon employee was accused of taking thousands of dollars in bribes to assist SIM swap criminals.
Since “froggie.eth’s” warning on September 30, more complaints have emerged with FriendTech user @digging4doge claiming to have lost nearly 60 ETH worth of keys. Musician Daren Broxmeyer also lost 22 ETH to hackers according to a post on X.
He claimed to have been spammed with a flurry of phone calls, which prevented him from seeing a text from Verizon warning him that someone was trying to access his account.
Another FriendTech user, going by the pseudonym “dipper” on X claimed to have lost 6.5 ETH after his wallet was compromised by a hacker.
“My FT account was just compromised, [the] hacker dumped all keys and moved everything to another address,” he wrote, adding the affected address.
According to crypto investment firm, Manifold Trading, if a Friend.Tech account is compromised through a SIM swap or an email hack, the hacker can drain the whole account, leaving the account holder with nothing.
Every account connected to a phone number is at risk of a SIM swap, states Manifold, which partly blames FriendTech’s currency technical setup.
“FriendTech’s current setup also technically allows a rogue dev to reconstruct private keys via Shamir-Secret-Sharing shares that they can recover from user data in their database – so in reality, the whole TVL is at risk,” Manifold wrote on X.
The investment firm went on to add details of how people can protect their accounts from such exploits.
****
Stay up to date:
Subscribe to our newsletter using this link – we won’t spam!
