Friend.tech users are warning of possible SIM swap attacks after a recent spate of supposed hacks drained nearly 109 Ethereum (ETH) worth about $178,000 from four users in less than a week.
On September 30, user X (formerly Twitter) was identified as “froggie.eth”. to caution Their Friend.tech account was SIM swapped – where exploiters take control of a user’s mobile phone number to intercept two-factor authentication codes, which are then used to access accounts – and then drained over 20 ETH.
Days later, on October 3, a series of Friend.tech users reported similar incidents, with musician Darren Proxmire saying a SIM card had been swapped and 22 ETH had been drained.
His phone had previously been hit with “phone call spam”, which he believed was to force him to miss a text message from his service provider warning him that someone was trying to access his account.
The SIM card was just swapped and 22 ETH was stolen @friendtech
The 34 keys I had were sold, annoying anyone who held my key, all the other keys I owned were sold, and the rest of the ETH in my wallet was drained.
If your Twitter account is linked to your real account… pic.twitter.com/5wA86mjYEG
— Darren (friend, friend) (@darengb) October 3, 2023
On the same day another user, “Dipper”, also posted He said Their accounts were hacked, adding that they had “no idea” how exploiters hacked into their accounts, as they used strong passwords.
A fourth user, “digging4doge,” was drained of about 60 ETH after falling for a phishing scam that tricked him into sharing his login code.
Your friend user @digging4doge You’ve just drained up 60 ETH worth of keys.
About an hour ago, he received a text message informing him that a request had been made to change the number for his account.
He had two hours to respond otherwise the application would be automatically approved. This was, from… pic.twitter.com/L21Hr041kP
– Terminate (,) (@0xQuit) October 4, 2023
Cryptocurrency investment firm Manifold Trading explained that any hacker who gains access to a Friend.tech account can then “manipulate the entire account.”
Assuming a third of Friend.tech accounts are linked to phone numbers, about $20 million is at risk of being exploited through Friend.tech user-focused exploits, they said.
Related: Friend.tech-like “Alpha” emerges on the Bitcoin network
Manifold also suggested that the entire Friend.tech site is technically at risk because of how the platform’s security is set up, and that resolving the issues “should frankly be the No. 1 priority.”
If any hacker gets access to FriendTech account via simswap/email hack, they can manipulate the entire account
If you assume a third of FriendTech accounts are connected to phone numbers, that’s a $20 million risk from SIM swaps
FriendTech’s current setup also technically allows a rogue developer… https://t.co/XgodMNSh2l
— Manifold (@ManifoldTrading) October 2, 2023
Manifold suggested that Friend.tech allows users to add two-factor authentication to logins and decrypt keys and transactions.
Users should also be given the option to change the login method from number to email and allow the use of third-party wallets.
High-profile crypto figures have previously successfully swapped SIM cards and had their accounts used to carry out phishing attacks, such as Ethereum co-founder Vitalik Buterin’s X account in September.
Cointelegraph contacted Friend.tech for comment but did not immediately receive a response.
magazine: Blockchain Investigators – The collapse of Mount Gox gave birth to Chainalysis