In a remarkably brief span, four users of friend.tech found themselves in a distressing predicament as hackers gained control of their mobile numbers, resulting in the compromise and depletion of their accounts.
Concerns are mounting among the friend.tech community about the potential vulnerability to SIM-swap attacks, triggered by a recent spate of purported breaches. In a disconcerting sequence of events, almost 109 Ether, valued at approximately $178,000, were siphoned from the accounts of four users in less than a week.
On the last day of September, “froggie.eth,” a user formerly known on Twitter, raised the alarm, reporting a SIM-swap attack on their friend.tech account. This sophisticated breach allowed the perpetrators to seize control of their mobile number, intercept two-factor authentication codes, and subsequently drain over 20 ETH from the account.
A few days later, on October 3rd, a series of friend.tech users shared similar harrowing experiences. Musician Daren Broxmeyer disclosed that he, too, fell victim to a SIM-swap attack, resulting in the loss of 22 ETH. His phone had previously been inundated with an unusual barrage of phone calls, which he now suspects was an orchestrated effort to distract him from receiving a warning message from his service provider, alerting him to unauthorized access attempts on his account.
On the same fateful day, another user known as “dipper” reported the compromise of their account. Perplexingly, they claimed to have employed robust passwords, leaving them baffled about how the culprits managed to infiltrate their account’s defenses.
The fourth victim, “digging4doge,” found themselves bereft of approximately 60 ETH, falling prey to a cunning phishing scam that coerced them into divulging a login code.
Crypto investment firm Manifold Trading has issued a stark warning, asserting that any hacker gaining access to a friend.tech account wields the power to “rug” the entire account, posing a substantial risk. Given that a significant portion of friend.tech accounts is linked to phone numbers, an estimated $20 million hangs in the balance, vulnerable to exploits targeting friend.tech users.
Manifold further emphasized that the platform’s security framework places the entirety of friend.tech at risk, underscoring the urgency of addressing these vulnerabilities as the top priority.
In response to the looming threat, Manifold has proposed several security enhancements for friend.tech. These include allowing users to implement two-factor authentication for logins, enhancing key encryptions, and securing transactions. Users should also be granted the option to switch from phone number-based logins to email-based ones and to integrate third-party wallets.
Notably, prominent figures in the cryptocurrency realm have previously fallen victim to SIM-swap attacks, with their compromised accounts being exploited to orchestrate phishing attacks. Ethereum co-founder Vitalik Buterin’s experience with a compromised account in September serves as a poignant example.
In pursuit of clarity on these concerning developments, Cointelegraph reached out to friend.tech for comment, though as of now, no response has been received.
