Scammer Attack Friend.tech Users in Latest SIM Swap Scourge, Stealing $385K in ETH
Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
Amidst the recent surge in SIM swap hacks, a scammer has made off with roughly $385,000 worth of ETH in under 24 hours. The victims of this cyber theft were users of Friend.tech, a decentralized social network for crypto enthusiasts.
Friend.tech Community Exploit Leaves Victims Compromised
Reports of drained funds affecting users on Friend.tech began surfacing early last week, and unfortunately, the attacker shows no sign of relenting.
In the late hours of October 4, blockchain investigator ZachXBT revealed that the same scammer had successfully pilfered 234 ETH worth $385,000 within a day.
The same scammer profited $385K (234 ETH) in the past 24 hours off SIM swapping four different FriendTech users. pic.twitter.com/03BoBEqGax
— ZachXBT (@zachxbt) October 4, 2023
According to ZackXBT blockchain transaction data, the on-chain movement of crypto assets was traced back to the same scammers who exploited the accounts of four victims from Friend.tech.
The victims of these attacks were left in shock as their ETH holdings were swiftly plundered.
One victim, identified as “KingMgugga” on the decentralized social network, shared his experience as horrific while desperately seeking assistance, which was futile.
And I'm getting fucking sim swapped watching it happen!!! Anything anyone know that I can do?!!
— KingMgugga📊 | Slice Analytics (@KingMgugga) October 4, 2023
Another victim, “sumfattytuna,” confirmed his unfortunate encounter with a SIM swap attack on the platform.
Got sim swapped. Apparently dude was able to do it from an apple store and switched it to an iphone SE. Don't buy my keys, that wallet is compromised.@friendtech
— sumfattytuna 🪺⛓️ (@sumfattytuna) October 4, 2023
He explained how the scammer accessed his Friend.tech account from an Apple store and executed a SIM switch to an iPhone SE, ultimately compromising his wallet security.
The decentralized social network has long been tagged as a risky platform. On September 30, X user, “froggie.eth,” raised the alarm about his account on the social hub being compromised through a SIM swap attack.
got swim swapped for 20+ ETH (they drained my https://t.co/xb5o31p3Yy)… stay vigilant out there bros
set a PIN on your sim even if you don't think you need to
— froggie.eth 🐸🦉 (@brypto_) September 30, 2023
This incident resulted in the theft of 20+ ETH from his account, estimated to be $32,600.
ZackXBT: Over $13.3M Has Been Stolen Through 54 SIM Swaps
ZachXBT has previously warned crypto traders about the surge in SIM swap attacks targeting various platforms within the crypto space.
Over the past four months $13.3M+ has been stolen as a result of 54 SIM swaps targeting people in the crypto space.
When an account is compromised scammers attempt to create a sense of urgency with a fake claim to drain your assets.
Never use SMS 2FA and instead use an… pic.twitter.com/Fu1C3syQJE
— ZachXBT (@zachxbt) August 23, 2023
On August 23, the blockchain investigator reported that $13.3 million had been stolen through 54 SIM swaps.
Another six SIM swaps to add to the list
19-Aug-2023 Faraway
19-Aug-2023 Kroll employee
19-Aug-2023 Supreme Kongs founder
22-Aug-2023 Pixels Online
22-Aug-2023 Swaap Finance
23-Aug-2023 Strike— ZachXBT (@zachxbt) August 27, 2023
The affected platforms include Aptos Network, Metis DAO, PleasrDAO, Faraway, Supreme Kongs, Pixels Online, Swaap Finance, and more.
Manifold Trading’s Security Assessment
Manifold Trading, a platform designed to solve market inefficiencies through applied mathematics, has raised concerns that around $20 million of Friend.tech’s total locked value of $50 million might be at risk.
The platform stated that the firm’s current stricture allows scam developers to rebuild private keys through Shamir-Secret-Sharing shares to recover user data in their database.
To avert continuous account breaches, the platform proposed a series of security measures to fortify the integrity of the social ecosystem, with the initial step being the adoption of two-factor authentication (2FA).
If any hacker gains access to a FriendTech account via simswap/email hack, they can rug the whole account
If you assume 1/3 of FriendTech accounts are connected to phone numbers, that's $20M at risk from sim-swaps
FriendTech's current setup also technically allows a rogue dev… https://t.co/XgodMNSh2l
— Manifold (@ManifoldTrading) October 2, 2023
Other proposed security measures include the integration of 2FA on key descriptions and transactions and enabling users to connect hardware wallets during the onboarding process.
Nevertheless, experts in blockchain and security argue that the call for enhanced security measures extends beyond Friend.tech. They are urging platforms, including X, to implement 2FA as a safeguard against scammers trying to exploit phone numbers.
This concern arises following Vitalik Buterin’s Twitter account hack through an alleged SIM swap attack in September.
I hate to be the one to say it, but Vitalik should take accountability for his poor op-sec and compensate those affected.
I understand users have a responsibility to be wary of all links and that they ultimately connected their wallets irresponsibly; but can we blame them…
— ʞɔɐſ (@satoshi_767) September 10, 2023
In light of these spates of attacks, Oxfoobar,” the founder and CEO of Delegate, a reliable crypto wallet security platform, has instructed individuals to remove their phone numbers from all connected accounts.
crypto twitter is like a neighborhood where once a day somebody leaves their front door open, gets robbed, and everybody comes together to lament the loss, leaving their own front doors open. instead of retweeting the 75th simswap of the week go remove your phone from everything
— foobar (@0xfoobar) October 5, 2023
This proactive measure can significantly reduce the risk of falling prey to SIM swap attacks.
