In a recent incident, the decentralized social network Friend.tech fell victim to a series of SIM swap attacks. Resulting in a collective loss of $385,000 in Ethereum for four affected users. Crypto investigator ZachXBT traced the on-chain transactions back to the hacker responsible for draining these users’ accounts.
SIM swapping is a fraudulent technique in which hackers deceive mobile carriers into transferring a user’s phone number to their own SIM card. Once in possession of the victim’s phone number, they gain access to online accounts associated with that number.
One affected user, Sumfattytuna, shared their experience. “Got sim swapped. The dude was able to do it from an Apple store and switched it to an iPhone SE. Don’t buy my keys, that wallet is compromised.” Another user, KingMgugga, reported in real-time as the hack occurred, expressing desperation and seeking guidance on what to do.
Earlier this week, four other Friend.tech users also reported having their accounts drained due to SIM swap attacks. Resulting in a combined loss of approximately 109 ETH.
Friend.tech’s action
In response to these attacks, Friend.tech has introduced a new feature. The feature enables users to log into their accounts without requiring their phone numbers, aiming to enhance security.
Following these incidents, crypto investment firm Manifold Trading issued a warning. The warning highlights the potential risks associated with Friend.tech accounts being vulnerable to SIM swaps. They estimated that if one-third of Friend.tech accounts are linked to phone numbers, approximately $20 million is at risk from these types of attacks.
SIM swap attacks have been increasingly prevalent in the cryptocurrency realm. Notably, Ethereum co-founder Vitalik Buterin fell victim to such an attack in September when hackers manipulated Twitter to reset his password, gaining unauthorized access to his account, which had 4.9 million followers.
