Four users of the SocialFi platform friend. tech reported that hackers had hacked their accounts and stolen their funds in a short period. The hackers took control of the users’ mobile phone numbers and used this access to bypass security protocols.
Some users of friend. tech has raised concerns about possible SIM-swap attacks following a string of alleged hacks. Within a week, hackers reportedly drained almost 109 Ether (worth around $178,000) from the accounts of four users. On Sept. 30, the user “Froggie. eth” on X (formerly Twitter) reported that a SIM-swap attack compromised their Friend. tech account, resulting in the loss of over 20 ETH (worth approximately $33,000).
Within days of the first incident, several other Friends. tech users reported similar incidents involving SIM-swapping attacks and account losses. Musician Daren Broxmeyer was reportedly one of those affected, losing over 22 ETH (worth approximately $36,000). He believes his phone was “spammed with phone calls” in the days leading up to the SIM swap attack, which he thinks was a ploy to prevent him from receiving a text message from his service provider warning him about the fraudulent activity.
On the same day, another Friend. tech user, “dipper,” reported that a hacker had hacked their account as well, stating that they had no idea how the hacker could have bypassed their account security, as they used strong passwords and other security measures.
Another user, “digging4doge,” reported losing around 60 ETH in a phishing scam that tricked them into sharing a login code.
Crypto investment firm Manifold Trading states that if a hacker gains access to a Friend. tech account, they can steal all the assets in the account, a process referred to as “rug pulling.”
Manifold also raises concerns about the security of the entire Friend. tech platform, suggesting that it is vulnerable to further exploitation due to the way it is set up. They emphasize the importance of addressing these issues, stating that they “should be the number 1 priority.”
However, Manifold suggests that the platform should allow users to enable two-factor authentication (2FA) for their logins, key decryptions, and transactions. In addition, Manifold suggests that Friend. tech users should be able to choose their preferred login method, such as email instead of a phone number, while also proposing that third-party wallets should be used.
There have been several high-profile cases of SIM-swapping attacks on crypto figures, including Vitalik Buterin’s X account in September. Hackers take control of the target’s phone number and use it to access their accounts and carry out phishing attacks.
Read also: Centrifuge’s journey to becoming a multi-chain liquidity distribution protocol