Friend.Tech Targeted SIM Swaps Worsen as Users Lose More Ether

CoinDesk reported earlier this week that Friend.Tech users were starting to seemingly get targeted in SIM swap exploits.

AccessTimeIconOct 5, 2023 at 12:19 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Even more Friend.Tech users are claiming that they have fallen victim to SIM swap attacks with an estimated $385,000 worth of ether lost to such exploits since the start of this week.

The Friend.Tech code itself was not exploited. No users are at immediate risk. The application lets holders buy "shares" of people who hold an account on X which grants buyers certain privileges.

CoinDesk reported earlier this week that Friend.Tech users were starting to seemingly get targeted in SIM swap exploits.

The attacks have since continued and worsened: In the past 24 hours, three influential accounts from social app X, formerly Twitter, claimed they had been exploited, with the attacker making away with ether held by those accounts.

SIM Swap attacks are a common occurrence and happen when criminals take over control of a mobile phone by tricking service providers to connect that phone number to a SIM card in the hacker’s possession. Swapped phones can then be used for fraudulent activity.

“Been trying to debug and tried every possible email I could've used, can not recover the account anyhow,” X user @SalsaTekila said. “Lost all the ETH there, then on top people trading my worthless keys. Support doesn't help, regurgitates the same automated response.”

Friend.Tech developers today seemed to take steps to mitigate attack vectors by introducing a feature that lets users change their login methods – which could help prevent attackers from gaining access to accounts merely by SIM swapping.

Security experts speak

Social application Friend.Tech has become one of the most popular crypto platforms this year, despite the bear market, generating steady revenues and profits for its creators. The application amassed over 100,000 users in under two weeks after going live.

However, security risks remain a large cause of concern for any crypto platform. Hackers may employ techniques from smart contract manipulation or flash loan attacks, to using a traditional method to exploit wealthy users.

Players of the mobile industry-focused crypto project told CoinDesk in a message that while such SIM swap-based risks remain, there is a small window wherein a potential exploit can be mitigated.

"When a hacker attempts a SIM swap, defending against it can be straightforward: initiate full re-authentication, encompassing both email and ID, as though it were a new account setup," shared Micky Watkins, founder of World Mobile Group, in a message to CoinDesk. "A challenge arises when a number port is involved. An attacker could visit a mobile store, impersonate the account holder using a business card, and then request to port in their mobile number."

"The porting process has a tight window, and during this period, the genuine user might miss crucial warning signs. Once the attacker successfully ports the number, they can intercept two-factor mobile-based authentications. Hence, a robust defence mechanism involves using dual –BOTH– authentication methods: email and phone number for any new device, or better yet, implementing two-factor APP-based authentication," Watkins added.

Edited by Stephen Alpher.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk offers all employees above a certain salary threshold, including journalists, stock options in Bullish Group as part of their compensation.

Shaurya Malwa

Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


Read more about