Leaked mobile phone numbers have given scammers an easy way to drain Friend.tech user accounts.
A single scammer has reportedly managed to steal around $385,000 worth of Ether (ETH) in less than 24 hours amid a scourge of SIM-swap hacks seemingly targeting Friend.tech users.
On Oct. 5, blockchain sleuth ZachXBT reported the same scammer had pilfered 234 ETH over the past 24 hours by SIM-swapping four different Friend.tech users.
The on-chain movement of crypto assets was traced back to the same hacker who drained the accounts of the four victims.
The same scammer profited $385K (234 ETH) in the past 24 hours off SIM swapping four different FriendTech users. pic.twitter.com/03BoBEqGax
— ZachXBT (@zachxbt) October 4, 2023
One of the reported victims of the most recent chain of SIM-swap attacks posted to X (Twitter) following the attack:
“Got sim swapped. Apparently, dude was able to do it from an Apple store and switched it to an iPhone SE. Don’t buy my keys, that wallet is compromised.”
X user “KingMgugga” reported an attack targeting them happening in real time, posting to X that they were “getting f—ing sim swapped watching it happen” and asking for help. Meanwhile, another X user, “holycryptoroni,” confirmed they were similarly attacked, lamenting, “I got swapped sorry.”
Earlier this week, a further four Friend.tech users claimed to have their accounts drained as a result of a SIM-swap or phishing attack, totaling around 109 ETH stolen.
I was just SIM swapped and robbed of 22 ETH via @friendtech
The 34 of my own keys that I owned were sold, rugging anyone who held my key, all the other keys I owned were sold, and the rest of the ETH in my wallet was drained.
If your Twitter account is doxxed to your real… pic.twitter.com/5wA86mjYEG
— daren (friend, friend) (@darengb) October 3, 2023
Friend.tech allows users to purchase “keys” of individuals, which grants access to private chat rooms with them.
The SIM-swap scam occurs when scammers gain access to the victim’s phone number and use it to acquire authentication, which enables them to access their social media and crypto accounts.
Manifold Trading, a firm building tools for the ecosystem, estimated that $20 million of Friend.tech’s $50 million of total value locked could be at risk. It called for the platform to beef up its account security measures by enabling two-factor authentication (2FA).
Related: How easy is a SIM swap attack? Here’s how to prevent one
There have also been calls for X to implement 2FA security measures to prevent mobile phone numbers from getting leaked following the high-profile hack of Vitalik Buterin’s account in September, which was also due to a SIM swap attack.
“0xfoobar,” founder and CEO of wallet security firm Delegate, advised removing phone numbers from social media accounts.
crypto twitter is like a neighborhood where once a day somebody leaves their front door open, gets robbed, and everybody comes together to lament the loss, leaving their own front doors open. instead of retweeting the 75th simswap of the week go remove your phone from everything
— foobar (@0xfoobar) October 5, 2023
Magazine: Blockchain detectives — Mt. Gox collapse saw birth of Chainalysis