The team behind decentralized social media platform Friend.tech has added a new security feature amid attempts to stop a torrent of SIM swap attacks targeting its users.
“You can now add a 2FA password to your Friend.tech account for extra protection if your carrier or email service is compromised,” the team to explain In an October 9 post on X (formerly Twitter).
Friend.tech users will be asked to add another password when logging in to new devices.
“Neither the friendstech nor Privy team can reset these passwords, so please be careful when using this feature,” Friend.tech added.
You can now add a 2FA password to your account https://t.co/YOHabcBL3H An account for extra protection in case your carrier or email service is compromised.
friendstech and Privy cannot reset these passwords, so please be careful when using this feature pic.twitter.com/g0m2E4att2
– friends.tech (@friendtech) October 9, 2023
The latest change comes on the heels of several SIM swap attacks targeting Friend.tech users since September.
On September 30, froggie.eth was among the first in a series of Friend.tech users to be compromised by a SIM swapping attack, urging others to remain vigilant.
Swim was exchanged for 20+ ETH (they drained my money https://t.co/xb5o31p3Yy)…stay alert out there, brothers
Set a PIN on your sim card even if you don’t think you need to
– froggie.eth (@brypto_) September 30, 2023
More Friend.tech users came forward with similar stories in the following days with an estimated 109 Ethereum (ETH), worth about $172,000, stolen from four users within a week. Four more users were targeted within a 24-hour period just days later, with another $385,000 worth of ether stolen.
Friend.tech has already updated its security once on October 4 to allow users to add or remove different login methods in an effort to mitigate the risks of SIM swap exploits.
Many observers criticized Friend.tech for not implementing the solution sooner.
However, one of the prominent creators on Friend.tech, 0xCaptainLevi, was more optimistic, stressing that two-factor authentication is a “big deal” and could help push the social media platform to unseen heights:
2FA is a big deal. The road to $100 million has never been brighter https://t.co/bxd3V3M3mx
– Levi (@0xCaptainLevi) October 10, 2023
On October 8, Blockworks founder Jason Yanowitz revealed one of the ways SIM swap attacks are organized. The process includes a text message asking the user to request a number change, to which users can respond with “yes” to agree to the change or “no” to reject it.
If the user answers “No” – the user will be sent a real verification code from Friend.tech and asked to send the code to the scammer’s number.
A follow-up message appears: “If we do not hear back within 2 hours, the change will be implemented as requested.”
“Actually, if I send the code, my account will be erased,” he said.
Someone is trying to hack my account @friendtech
1) A text message was sent saying they are changing my number
2) I answer no
3) They say to confirm no, send verification code
4) Get the actual verification code from your tech friend
5) After no response, they texted again saying they would automatically… pic.twitter.com/j76vI969jP
-Yano (@JasonYanowitz) October 8, 2023
Related: Friend.tech’s fake Stars Arena patches are being exploited after some money has been drained
The total value locked on Friend.tech currently stands at $43.9 million, down 15.5% from its all-time high of $52 million on October 2. According to To Devilama.
Cointelegraph reached out to Friend.tech for comment but did not receive an immediate response.
magazine: Blockchain Investigators – The collapse of Mount Gox gave birth to Chainalysis