In a remarkably short period of time, four friend.tech users found themselves in a distressing situation when hackers gained control of their mobile numbers, leading to the compromise and depletion of their accounts.
The friend.tech community is growing increasingly concerned about the potential vulnerability to SIM-swap attacks, which have been triggered by a recent series of reported breaches. In a disconcerting chain of events, nearly 109 Ether, valued at approximately $178,000, were drained from the accounts of four users in less than a week.
On the last day of September, a user named “froggie.eth,” previously known on Twitter, raised the alarm by reporting a SIM-swap attack on their friend.tech account. This sophisticated breach allowed the attackers to take control of their mobile number, intercept two-factor authentication codes, and subsequently drain over 20 ETH from the account.
A few days later, on October 3rd
several other friend.tech users shared similar distressing experiences. Musician Daren Broxmeyer revealed that he also fell victim to a SIM-swap attack, resulting in the loss of 22 ETH. His phone had previously received an unusual barrage of phone calls, which he now suspects was an orchestrated effort to distract him from receiving a warning message from his service provider, alerting him to unauthorized access attempts on his account.
On the same unfortunate day, another user known as “dipper” reported the compromise of their account. Surprisingly, they claimed to have used strong passwords, leaving them puzzled about how the attackers managed to breach their account’s defenses.
The fourth victim, “digging4doge,” lost approximately 60 ETH after falling for a clever phishing scam that coerced them into sharing a login code.
Crypto investment firm Manifold Trading has issued a strong warning, stating that any hacker gaining access to a friend.tech account has the ability to manipulate the entire account, posing a significant risk. Considering that a substantial number of friend.tech accounts are linked to phone numbers, an estimated $20 million is at stake and vulnerable to exploits targeting friend.tech users.
Manifold further emphasized that the security framework of the platform puts the entire friend.tech community at risk, highlighting the urgency of addressing these vulnerabilities as the highest priority.
Manifold has proposed several security enhancements for friend.tech
These include enabling users to implement two-factor authentication for logins, improving key encryption, and securing transactions. Users should also have the option to switch from phone number-based logins to email-based logins and integrate third-party wallets.
It is worth noting that prominent figures in the cryptocurrency industry have previously fallen victim to SIM-swap attacks, with their compromised accounts being exploited to carry out phishing attacks. The experience of Ethereum co-founder Vitalik Buterin, who had his account compromised in September, serves as a poignant example.
Cointelegraph reached out to friend.tech for comment on these concerning developments, but as of now, no response has been received.
