Friend.tech users blame SIM swaps after more than 100 ETH drained in a week

Friend.tech users are warning of possible SIM-swap attacks after a recent spate of supposed hacks resulting in nearly 109 Ether (ETH) worth around $178,000 being drained from four users in under a week.

On Sept. 30, the X (formerly Twitter) user known as “froggie.eth” warned their Friend.tech account was SIM-swapped — where exploiters gain control of a user’s mobile number to intercept two-factor authentication codes, then used to access accounts — and subsequently drained of over 20 ETH.

Days later, on Oct. 3, a string of Friend.tech users reported similar incidents, with musician Daren Broxmeyer saying he was SIM-swapped and drained of 22 ETH.

His phone was earlier “spammed with phone calls,” which he believed was to force him to miss a text from his service provider warning him that someone was trying to access his account.

The same day another user, “dipper,” also said their account was compromised, adding they have “no idea” how exploiters could hack their account, as they use strong passwords.

The fourth user, “digging4doge,” was drained of around 60 ETH after falling for a phishing scam that tricked them into sharing a login code.

Crypto investment firm Manifold Trading explained that any hacker gaining access to a Friend.tech account is then able to “rug the whole account.”

Assuming that a third of Friend.tech accounts are connected to phone numbers, around $20 million is at risk of being exploited through Friend.tech user-focused exploits, they said.

Related: Friend.tech look-alike ‘Alpha’ emerges on Bitcoin network

Manifold also suggested that, technically, all of Friend.tech is at risk due to how the platform’s security is set up, and solving the issues “should honestly be the number 1 priority.”

Manifold suggested Friend.tech allow users to add 2FA to logins, key decryptions and transactions.

Users should also be given the option to change the login method from a number to email and allow for third-party wallets to be used.

High-profile crypto figures have previously been successfully SIM-swapped, with their accounts used to carry out phishing attacks, such as Ethereum co-founder Vitalik Buterin’s X account in September.

Cointelegraph contacted Friend.tech for comment but did not immediately receive a response.

Magazine: Blockchain detectives — Mt. Gox collapse saw birth of Chainalysis