This attack is part of a series of SIM-swapping hacks targeting users of the popular platform Friend.Tech.
Scammer's Rapid Theft
Prominent blockchain investigator reported on October 5 that an individual had successfully stolen 234 ETH within 24 hours. The hacker accomplished this by manipulating the SIM cards of four unsuspecting Friend.Tech users. What's even more concerning is that the transfer of these ill-gotten cryptocurrency assets can be traced back to the same hacker.One victim shared their experience, revealing that the scammer had managed to change the SIM card and switch it to an iPhone SE, effectively taking control of the victim's wallet.
Another user, reported in real-time that they were witnessing the attack unfold and asked for assistance. Meanwhile, another confirmed that they had also fallen victim to a similar attack, expressing their frustration.
Previous Attacks on Friend.Tech Users
This is not the first time that Friend.Tech users have faced such attacks. Earlier in the week, four users reported that their accounts had been drained due to SIM swaps or phishing attacks, resulting in approximately 109 ETH being stolen.Friend.Tech's Response
Friend.Tech, a platform that allows users to buy individual keys for private chat rooms, has been dealing with a severe security issue. SIM swap scams occur when attackers gain control of a person's phone number and use it to access their social media and cryptocurrency accounts.Manifold Trading has suggested that up to $20 million of Friend.Tech's total locked-up value of $50 million may be at risk. They have urged the platform to enhance its account security measures, particularly by adding two-factor authentication (2FA) for improved protection.
You can now add and remove log in methods for your https://t.co/YOHabcBL3H account. To access these settings, tap your wallet balance in the top right corner of the app pic.twitter.com/d37VWVk2Eb
— friend.tech (@friendtech) October 4, 2023
The recent breach has reignited calls for Friend.Tech to implement 2FA security measures to protect against the exposure of mobile phone numbers. In response to the security breaches, Friend.Tech has introduced a new feature that allows users to eliminate specific login options, specifically phone numbers.
The founder and CEO of wallet security company Delegate has also recommended removing phone numbers from social media accounts as a proactive measure against potential attacks.