- A string of SIM swap attacks has rocked the Friend.Tech platform.
- Most of the stolen funds have yet to be cashed out.
- Friend.Tech accused of using outdated security systems.
The world of decentralized social media has been shaken up following the launch of Friend.Tech. The platform’s concept of tokenizing popularity has quickly gained ground, acquiring over 500,000 users since its rollout in August. However, with flourishing growth comes attention, and hackers are intensifying their focus on Friend.Tech’s burgeoning user base.
Friend.Tech users have been targeted in a spate of SIM swap attacks. These attacks involve socially engineering phone carrier employees to grant access to the victim’s mobile account, allowing the interception of login authentication codes. Online detective ZachXBT noted that four Friend.Tech users had fallen victim to SIM jacking in the last 24 hours.
Friend.Tech User on High Alert
Investigating on-chain activity, ZachXBT uncovered that the same attacker had SIM swapped four Friend.Tech users during the period stole 234 ETH (US$385k), with user MCwop23 suffering the most significant single loss at 83.75 ETH (US$137.8k).
Sponsored
According to ZachXBT, around 54.4 ETH has since been transferred to exchanges, with the remaining balance sitting in a network of seven wallets.
When asked how to avoid being SIM swapped, ZachXBT recommended Friend.Tech users remove their phone numbers from the platform, implying they also change their sign-in method to email from phones.
Incidentally, on October 4, Friend.Tech released an update enabling switching the login method set on initial sign-up. The tweet publicizing the new feature did not mention any recent hacks.
Sponsored
However, this comes too late for the four SIM swap victims, who have now lost tens of thousands of dollars each.
Outdated Security
One of the victims, “KingMgugga,” shared his account of what happened on Twitter, stating that his biggest mistake was choosing the phone option as his Friend.Tech login. Despite being proactive and taking action to lock down his mobile account by activating his photo ID to switch SIMs, he still fell victim to SIM swapping.
Signing off, KingMgugga apportioned a degree of blame on Friend.Tech, accusing the platform of using an “outdated security system” on launch. However, his parting words were more constructive as he called on Friend.Tech to put its bountiful fees earned to date to good use and upgrade its security.
Wading into the fallout, “sumfattytuna,” another of the four victims, disclosed that his SIM jacking originated from an in-person visit to an Apple store. The victim warned others not to buy his Friend.Tech keys.
On the Flipside
- The amount lost to SIM swap attacks increased to $72 million in 2022 from $68 million in 2021, per FBI estimates, indicating a growing trend.
- Investigations reveal that SIM swapping is an industrywide problem for phone carriers, but T Mobile has been singled out as particularly vulnerable to the practice.
Why This Matters
SIM swapping vulnerabilities exist with crypto platforms and phone carriers, with little done to tackle the problem. Such easily avoidable points of failure discourage crypto adoption.
Learn more about the criticism leveled at Friend.Tech’s approach to security here:
Friend.tech Security Model Under Fire as Users Report Hacks
Find out why Bitcoin’s stuttering start to October isn’t all bad news:
Here’s Bitcoin’s Silver Lining Despite Uptober False Start
