Around $20M at risk as Friend Tech's security comes under scrutiny with users reporting SIM-swap attacks
The security of Friend.Tech users’ funds are in question due to a wave of reported compromised accounts and the subsequent loss of funds through SIM-swap attacks and hacks.
Victims
In an Oct. 3 post on X (formerly Twitter), a victim, Daren, revealed how he was SIM swapped and robbed of 22 ETH.
“The 34 of my own keys that I owned were sold, rugging anyone who held my key, all the other keys I owned were sold, and the rest of the ETH in my wallet was drained.”
Daren mentioned that due to a series of spam calls, he enabled the silent mode on his phone. Unfortunately, this caused him to overlook a critical notification from Verizon regarding suspicious activity on his account. He added:
“If your Twitter account is doxxed to your real name, your phone number can be found, and this could happen to you.”
Another victim, Dipper, explained that their FT account was compromised despite their use of a strong password. However, that could not stop the attacker, who siphoned all the keys and funds in the wallet to another. Dipper claimed to have lost 6.5 ETH to the incident.
Friend.Tech’s platform security questioned.
Following the attacks, SlowMist founder Cos said Friend.Tech’s centralization risks information leakage because the platform requires users to register with a mobile phone number, a Gmail email address, or an Apple account. He added:
“There is not even a two-factor authentication (2FA). Of course, perpetrators are keeping an eye on these bad attack methods.”
This view was also shared by crypto trading firm Manifold Trading, which stated that “any hacker [that] gains access to a FriendTech account via simswap/email hack, can rug the whole account.”
“FriendTech’s current setup also technically allows a rogue dev to reconstruct private keys via Shamir-Secret-Sharing shares that they can recover from user data in their database – so in reality, the whole TVL is at risk.”
According to Dune Analytics data, Friend.Tech has enjoyed a viral growth that has seen the total value of assets locked on the platform balloon to over 30,000 ETH, around $50 million.
These security concerns pose a significant threat to Friend.Tech users’ funds. Manifold’s assessment indicates that a minimum of $20 million in the platform users’ assets may be vulnerable to sim-swap attacks.
