In a series of recent incidents, FriendTech (FT) users have reported instances of unauthorized access to their accounts, resulting in the theft of their valuable digital assets.
These security breaches have raised major concerns about vulnerabilities in the central service, prompting the founder of SlowMist to issue a warning about the inherent risks associated with using the platform.
Twitter user loses 22 ETH in FriendTech hack
The initial event was brought to public attention by a user using the handle @darengb on the X platform. They revealed that their FT account had been hacked, resulting in the loss of 22 ETH. The attacker not only drained their wallet, but also sold 34 of their keys, causing huge losses to those who kept them.
In his tweet, @darengb said: “Just SIM swapped and 22 ETH stolen via @friendtech. If your Twitter account is linked to your real name, it is possible to find your phone number, and this could happen to you.
The SIM card was just swapped and 22 ETH was stolen @friendtech
The 34 keys I had were sold, annoying anyone who held my key, all the other keys I owned were sold, and the rest of the ETH in my wallet was drained.
If your Twitter account is linked to your real account… pic.twitter.com/5wA86mjYEG
— Darren (friend, friend) (@darengb) October 3, 2023
@darengb also stressed the potential risks of linking a person’s Twitter account to their real name, which could expose their phone number and make them vulnerable to such attacks. They reported that they received so many unwanted calls that they missed an important text message from Verizon alerting them to a possible account breach.
@darengb was surprised by this revelation, as he initially suspected a flaw in the FriendTech platform. However, upon accessing the FT and finding an empty chat, they only realized the full extent of the breach after finding another user’s tweet about SIM swapping.
Slowmist founder exposes FriendTech’s weaknesses
In response to @darengb’s tweet, the SlowMist founder commented on the situation. They stressed the risks of using FriendTech, a centralized platform that requires mobile phone numbers, Gmail addresses or Apple accounts to register but lacks two-factor authentication, making it vulnerable to information leaks.
The founder also commented on Darren’s incident, stating that @darengb’s mobile phone number had been SIM swapped, leading to his FriendTech account being stolen. They also criticized Verizon’s security measures, saying, “I have to say, Verizon’s risk control is really bad.”
Another user, @d1pp3r__, also shared his experience on the platform. They reported that their account had been hacked, resulting in the hacker gaining access to all of their keys and moving their assets to another address.
My FT account has just been hacked, the hacker threw out all the keys and moved everything to another address. It was about 6.5e total. The wallet address is here: 0x8D8557e4A7512b81C74efD2874107a7C4e29fE26
– Dipper (@d1pp3r__) October 2, 2023
The SlowMist founder responded to this incident, noting that the user logged in via email and had a strong password. Despite using a complex password generated by a password manager, the user found his account compromised, further highlighting a vulnerability in FT.
The founder ended with a prediction, suggesting that FT accounts could be permanently compromised once compromised due to the unique correlation between wallet addresses assigned by FT and users’ phone numbers.
Free Binance $100 (Exclusive): Use this link to sign up and get free $100 and 10% off Binance Futures in your first month (conditions).
PrimeXBT Special Offer: Use this link to register and enter code CRYPTOPOTATO50 to receive up to $7,000 on your deposits.