Recent Spate of Attacks
In a troubling series of events, Friend.tech users are ringing alarm bells over potential SIM-swap attacks, with nearly 109 Ether (ETH)—worth around $178,000—snatched from multiple accounts in less than a week. It all began on September 30, when a user known as froggie.eth reported their account was compromised through a SIM-swap, which allowed hackers to bypass two-factor authentication and access crucial accounts.
The Pattern Emerges
Just days later, the crypto musician Daren Broxmeyer took to social media on October 3 to lament the same fate. His phone, bombarded with unsolicited calls, seemed to be a prelude to his impending doom, alongside a warning text from his service provider that unfortunately came at the wrong moment.
“I was just SIM swapped and robbed of 22 ETH via @friendtech,” Broxmeyer tweeted. “The 34 of my own keys were sold, rugging anyone who held my key.”
The Gravy Train of Misfortune
Three more cases quickly followed suit, including a user named dipper, who expressed confusion over how this could happen despite employing robust security measures. Another account, digging4doge, met a similar fate of being deprived of around 60 ETH after falling victim to a phishing scam.
Phishing Scams and the Seriousness of SIM-Swap Attacks
Phishing scams are a staple in the hacker’s toolbox, often tricking users into divulging sensitive information. This brings us to the fourth user who received a text stating that a number change had been requested for their account, giving them a mere two-hour window to respond before automatic approval. Sounds stressful, right?
Widespread Risk to Friend.tech Users
Crypto investment firm Manifold Trading weighed in, explaining that any individual gaining access to a Friend.tech account could essentially “rug the whole account.” They estimated that if approximately a third of the accounts link to mobile numbers, an alarming $20 million is at risk of being exploited through user-focused hacks.
Recommended Security Measures
Manifold suggested that Friend.tech beef up their security protocols by:
- Implementing mandatory two-factor authentication for logins, key decryptions, and transactions.
- Allowing users to switch their login methods from a phone number to an email address.
- Permitting the use of third-party wallets for added security.
Lessons from the Past
This incident is reminiscent of past cases where high-profile crypto figures fell victim to similar SIM-swapping schemes. Just last month, Ethereum co-founder Vitalik Buterin faced an attack on his X account that led to phishing attacks against his followers.
A Call to Action
As the tale of theft and betrayal unfolds, the clock is ticking for Friend.tech to address these glaring vulnerabilities. Users, stay vigilant out there; the security landscape keeps getting riskier!
+ There are no comments
Add yours