In the cryptocurrency world, security breaches are an unfortunate but common occurrence. Recently, users of the famous platform Friend.Tech found themselves in the crosshairs of a determined hacker, leading to the loss of a staggering 234 ETH (Ethereum) in under 24 hours. This incident has once again highlighted the vulnerability of digital assets and the pressing need for enhanced security measures.
The Lone Scammer Strikes Again
Update: They just SIM swapped @0x0BRIEN FT for 27.71 ETH one hour ago
Funny enough the same scammer also SIM swapped the Twitter/X account for his project @rabbithole_gg back in July.
The tale began when blockchain investigator ZachXBT reported on October 5th that a single individual had successfully stolen 234 ETH in just one day. This audacious feat was accomplished by manipulating SIM cards belonging to four unsuspecting Friends.Tech users. What’s more concerning is that all traces return to the same cunning hacker.
One of the victims shared their harrowing experience, explaining, “We changed the SIM card. The person could do it at the Apple store and switch to an iPhone SE. Don’t buy my keys, and this wallet has been hacked.” Another user, @KingMgugga, live-tweeted their ordeal, desperately seeking help. Meanwhile, @holycryptoroni confirmed they had also fallen victim to a similar attack, lamenting, “I’ve been changed, sorry.”
This wave of attacks was not the first time Friend.Tech users have faced such threats. Earlier that week, four more users reported the draining of their accounts, resulting in approximately 109 ETH being stolen through SIM swaps or phishing attacks.
Friend.Tech’s response and the Call for 2FA
Friend.Tech, a platform enabling users to purchase individual keys for private chat rooms, found itself grappling with a severe security crisis. SIM swap scams occur when attackers gain control of a person’s phone number and use it to access their social media and cryptocurrency accounts. The consequences of such attacks can be financially devastating.
Manifold Trading has estimated that up to $20 million of Friend.Tech’s total locked-up value of $50 million may be at risk. Consequently, there have been urgent calls for the platform to bolster its account security. One proposed solution is the implementation of two-factor authentication (2FA) to provide users with enhanced protection.
In response to the recent security breaches, Friend.Tech has introduced a new feature that allows users to eliminate specific login options, particularly phone numbers. This move aims to prevent attackers from exploiting SIM swaps to gain unauthorized account access.
Additionally, the founder and CEO of wallet security company Delegate has recommended the removal of phone numbers from social media accounts as a proactive measure against potential attacks.
The Ongoing Saga of SIM Swaps
The situation at Friend.Tech is emblematic of a broader issue facing the cryptocurrency industry. Despite the bear market, Friend.Tech has seen remarkable growth, amassing over 100,000 users within two weeks of its launch. However, security risks remain a significant concern for any crypto platform.
Hackers employ various techniques, from smart contract manipulation to flash loan attacks, to exploit wealthy users. While SIM swap-based risks persist, there is a brief window during which potential exploits can be mitigated. When a hacker attempts a SIM swap, defending against it can be straightforward: initiating full re-authentication, encompassing email and ID, as if it were a new account setup. However, complications arise when a number port is involved, allowing attackers to intercept two-factor mobile-based authentications.
A robust defence mechanism includes using dual authentication methods, such as email and phone numbers, for any new device or implementing two-factor app-based authentication.
In the ever-evolving landscape of digital security, Friend.Tech’s recent security breach is a stark reminder of the need for constant vigilance. As cryptocurrency platforms continue to grow, enhancing security measures is an option and a necessity to protect users and their valuable assets from determined hackers.
