Friend.tech users are warning of possible SIM-swap attacks after a recent spate of supposed hacks resulting in nearly 109 Ether (ETH) worth around $178,000 being drained from four users in under a week.
On Sept. 30, the X (formerly Twitter) user known as “froggie.eth” warned their Friend.tech account was SIM-swapped — where exploiters gain control of a user’s mobile number to intercept two-factor authentication codes, then used to access accounts — and subsequently drained of over 20 ETH.
Days later, on Oct. 3, a string of Friend.tech users reported similar incidents, with musician Daren Broxmeyer saying he was SIM-swapped and drained of 22 ETH.
His phone was earlier “spammed with phone calls,” which he believed was to force him to miss a text from his service provider warning him that someone was trying to access his account.
I was just SIM swapped and robbed of 22 ETH via @friendtech— daren (friend, friend) (@darengb) October 3, 2023
The 34 of my own keys that I owned were sold, rugging anyone who held my key, all the other keys I owned were sold, and the rest of the ETH in my wallet was drained.
If your Twitter account is doxxed to your real… pic.twitter.com/5wA86mjYEG
The same day another user, “dipper,” also said their account was compromised, adding they have “no idea” how exploiters could hack their account, as they use strong passwords.
The fourth user, “digging4doge,” was drained of around 60 ETH after falling for a phishing scam that tricked them into sharing a login code.
Friendtech user @digging4doge just got drained to the tune of ~60 eth worth of keys.— quit (,) (@0xQuit) October 4, 2023
About an hour ago, he received a text informing him that a number change had been requested for his account.
He had two hours to respond or the request would be auto approved. This was, of… pic.twitter.com/L21Hr041kP
Crypto investment firm Manifold Trading explained that any hacker gaining access to a Friend.tech account is then able to “rug the whole account.”
Assuming that a third of Friend.tech accounts are connected to phone numbers, around $20 million is at risk of being exploited through Friend.tech user-focused exploits, they said.
Related: Friend.tech look-alike ‘Alpha’ emerges on Bitcoin network
Manifold also suggested that, technically, all of Friend.tech is at risk due to how the platform’s security is set up, and solving the issues “should honestly be the number 1 priority.”
If any hacker gains access to a FriendTech account via simswap/email hack, they can rug the whole account— Manifold (@ManifoldTrading) October 2, 2023
If you assume 1/3 of FriendTech accounts are connected to phone numbers, that's $20M at risk from sim-swaps
FriendTech's current setup also technically allows a rogue dev… https://t.co/XgodMNSh2l
Manifold suggested Friend.tech allow users to add 2FA to logins, key decryptions and transactions.
Users should also be given the option to change the login method from a number to email and allow for third-party wallets to be used.
High-profile crypto figures have previously been successfully SIM-swapped, with their accounts used to carry out phishing attacks, such as Ethereum co-founder Vitalik Buterin’s X account in September.
Cointelegraph contacted Friend.tech for comment but did not immediately receive a response.
Magazine: Blockchain detectives — Mt. Gox collapse saw birth of Chainalysis