The decentralized social media protocol, FriendTech, has responded to the recent surge in SIM-swap attacks and security breaches targeting its users by implementing enhanced security measures.

In an Oct. 4 post on X (formerly Twitter), the protocol’s team announced a significant improvement, allowing users to add and remove various login methods from their accounts.

Previously, the protocol required users to register with a mobile phone number, a Gmail email address, or an Apple account. However, several stakeholders, including SlowMist founder Cos, pointed out that these requirements exposed users to substantial security risks due to the platform’s setup.

Earlier in the week, CryptoSlate reported concerns from the crypto community about the protocol’s security, as several user accounts fell victim to SIM-swap attacks. Manifold Trading, a crypto trading firm, estimated approximately $20 million worth of assets belonging to FriendTech’s users were at risk of these attacks.

On Oct. 4, on-chain investigator ZachXBT highlighted the ongoing wave of SIM-swap attacks. One hacker stole 234 ETH, equivalent to approximately $385,000, from four FriendTech users.

However, with these new security measures, users can now eliminate less secure login methods, thereby strengthening the protection of their accounts.

No 2FA yet

Meanwhile, the protocol explained why it has yet to implement a two-factor authentication (2FA) feature on its platform.

According to FriendTech, the inability of Privy’s UX to request passcode confirmation from users may lock them out permanently if they mistype it.

It added:

“In its current state, the feature would likely lead to many users permanently locking themselves out of their accounts. We made recommendations for a safer UX. Privy is working diligently to implement this and we will integrate the feature when they have finished.”