Several users of the Friend.tech platform are expressing concerns about potential SIM-swap attacks following a series of apparent hacks, which resulted in the loss of nearly 109 Ether (ETH), valued at around $178,000. One user, “froggie.eth,” took to Twitter on September 30 to warn about their SIM-swapped Friend.tech account, which led to the theft of more than 20 ETH. This type of attack occurs when hackers gain control of a user’s mobile number in order to intercept two-factor authentication codes and subsequently gain access to the user’s accounts.
In the following days, multiple Friend.tech users reported similar incidents. Musician Daren Broxmeyer stated on October 3 that he had fallen victim to a SIM-swap attack, resulting in the loss of 22 ETH. Broxmeyer claimed that his phone had been bombarded with phone calls, which he believes was a deliberate tactic to distract him from receiving a warning message from his service provider about someone attempting to access his account.
Another user, “dipper,” also reported their Friend.tech account being compromised on the same day. Despite using strong passwords, they were left puzzled about how the hackers gained access. Additionally, a user known as “digging4doge” fell victim to a phishing scam, which led to them inadvertently sharing a login code and subsequently losing around 60 ETH.
Crypto investment firm Manifold Trading warned that hackers who gain access to a Friend.tech account have the capability to “rug the whole account.” The firm estimated that around $20 million is at risk of being exploited through targeted attacks on Friend.tech users. Manifold also highlighted concerns about the overall security of the Friend.tech platform and suggested that addressing these issues should be the platform’s top priority.
To mitigate the risk, Manifold proposed several solutions. They recommended providing users with the option to add two-factor authentication (2FA) to logins, key decryptions, and transactions. Additionally, users should be allowed to change their login method from a phone number to an email and have the flexibility to use third-party wallets.
It is worth noting that high-profile individuals in the crypto industry have previously fallen victim to SIM-swap attacks. For instance, Ethereum co-founder Vitalik Buterin’s X account was hacked in September, with the attackers using his account for phishing attacks.
Cointelegraph reached out to Friend.tech for comment but did not receive an immediate response. As the platform continues to face security concerns, it is crucial for the company to take proactive steps in enhancing the security measures to safeguard its users’ funds and personal information.
Magazine: Blockchain detectives — Mt. Gox collapse saw birth of Chainalysis.
Source link