On October 5, 2023, a blockchain investigator by the name of ZachXBT stated that a single scammer had stolen 234 ETH, which is roughly comparable to $385,000, from four customers of Friend.tech over the course of a single day. A SIM-swap assault was carried out by the con artist in order to acquire unauthorised access to the accounts of the victims. It was determined that the same hacker who had drained the accounts of the four victims was responsible for the theft of the assets.
One of the victims, who goes by the Twitter handle “KingMgugga,” reported the incident while it was happening in real time, saying that they were “getting f—ing sim swapped watching it happen.” Another user who goes by the name “holycryptoroni” stated that they had a similar experience by adding, “I got swapped sorry.” In the early part of this week, four more customers of Friend.tech reported losing a combined total of around 109 ETH as a result of SIM-swap or phishing attempts.
It has been brought to people’s attention that the website Friend.tech, which is a platform that enables users to buy “keys” for access to private chat rooms, does not have very solid security measures. A company that specialises in ecosystem tools called Manifold Trading projected that twenty million dollars out of Friend.tech’s total worth of fifty million dollars locked might be at danger. The company strongly suggested that Friend.tech use two-factor authentication (2FA) in order to beef up the account’s level of protection.
The incident has also revived demands for Twitter to adopt two-factor authentication (2FA) security measures. This is particularly the case following the high-profile SIM-swap hack that occurred in September on the account of Ethereum co-founder Vitalik Buterin. Users are encouraged to delete their phone numbers from their social media profiles by “0xfoobar,” who is the founder and CEO of wallet security company Delegate. This is done in order to reduce potential hazards.
The Friend.tech incident comes amid growing concerns about the vulnerability of two-factor authentication (2FA) systems to SIM-swap attacks. On April 27, 2023, a report by Blockchain.News highlighted that a recent update to Google’s Authenticator app, which stores one-time codes in cloud storage, has raised security questions. The update makes users susceptible to SIM-swap attacks, where scammers can trick telecom operators into associating a victim’s phone number with their own SIM card. If a hacker gains access to the user’s Google password, they could compromise all authenticator-linked applications.
Image source: Shutterstock