Friend.tech users are expressing concern about the possibility of SIM-swap attacks after experiencing a string of suspected hacks. Four users reported that nearly 109 Ether (ETH) — equivalent to approximately $178,000 — was drained from their accounts within a week.
Users Warn of SIM-Swap Attacks
On September 30, a user known as "froggie.eth" took to X (formerly Twitter) to warn that their Friend.tech account had been SIM-swapped. This type of attack occurs when hackers gain control of a user's mobile number to intercept two-factor authentication codes, which are then used to access accounts. The user claimed to have lost over 20 ETH as a result.
A few days later, on October 3, several other Friend.tech users reported similar incidents. Musician Daren Broxmeyer said his account was SIM-swapped and drained of 22 ETH. Broxmeyer suspected that the barrage of phone calls he received earlier was an attempt to ensure he missed a text message from his service provider warning him that someone was trying to access his account.
Another user, "dipper," also reported that their account had been compromised. They stated that they were unsure how hackers could have gained access, as they use strong passwords.
The fourth user, "digging4doge," fell victim to a phishing scam and had around 60 ETH drained from their account. They were tricked into sharing a login code.
Concerns Over Friend.tech Security
Crypto investment firm Manifold Trading highlighted the risks associated with Friend.tech accounts. If hackers gain access to these accounts, they can "rug the whole account," meaning they can manipulate and control the entire balance.
According to Manifold, assuming that one-third of Friend.tech accounts are connected to phone numbers, there is a potential risk of approximately $20 million being exploited through SIM-swaps and other user-focused exploits.
Manifold also raised concerns about the platform's security setup. They argued that resolving these issues should be the top priority for Friend.tech. Suggestions included allowing users to add two-factor authentication to logins, key decryptions, and transactions. Additionally, users should have the option to change the login method from a phone number to email and be able to use third-party wallets.
Previous Cases of SIM-Swapping
This is not the first time high-profile figures in the crypto industry have fallen victim to SIM-swapping. In September, Ethereum co-founder Vitalik Buterin's X account was successfully hacked and used to carry out phishing attacks.
Cointelegraph reached out to Friend.tech for comment but did not receive an immediate response.
