Users of the web3 social earnings platform Friend.tech are reporting multiple attacks involving phishing and SIM swapping. The recently launched crypto social media platform appears to be following its Web2 counterparts in becoming a magnet for scammers.
On October 3, Friend.tech users started reporting incidents of crypto thefts resulting from SIM swap attacks.
Social Media SIM Swap Scourge
“I was just SIM-swapped and robbed of 22 ETH via Friend.tech,” reported one victim.
Additionally, they admitted that they sold 34 of their own keys, which led to the rugging of anyone who held the key. They added,
“All the other keys I owned were sold, and the rest of the ETH in my wallet was drained.”
They reported that scammers accessed personal information, including the phone number from their X (Twitter) account. Spam calls inundated their phone, prompting them to activate silent mode. Furthermore, this resulted in the victim missing a message from Verizon alerting them about spurious account activity.
“If your FT/Twitter is tied to a doxxed name, and you start getting rapidly spammed with phone calls, make sure you don’t get any texts from your carrier that you’re being distracted from!”
On September 30, another victim posted “got SIM swapped for 20+ ETH (they drained my friend.tech) … stay vigilant out there bros.”
On October 3, another user posted,
“My FT account was just compromised, hacker dumped all keys and moved everything to another address. Was about 6.5 ETH total.”
If attackers gain access to a Friend.tech account via a SIM swap or email phishing attack, they can drain the entire account.
Moreover, Manifold Trading observed:
“If you assume 1/3 of Friend.tech accounts are connected to phone numbers, that’s $20 million at risk from SIM swaps.”
They suggested implementing two-factor authentication (2FA) but that does not appear to be an option with the crypto social media platform yet.
Friend.tech UAW, Volume, Transaction. Source: DappRadar
X (Twitter) Users Targeted
Recent phishing and SIM-swapping attacks have targeted X users. Industry experts have urged X to implement 2FA security measures to prevent the leaking of phone details. Furthermore, a SIM swap attack caused the high-profile hack of Vitalik Buterin’s account.
In August, co-founder of Blockchain Capita Bart Stephens sued a hacker for stealing $6.3 million via a similar attack.
Additionally, billionaire Mark Cuban fell victim to a wallet hack resulting in the theft of approximately $870,000 in crypto last month.
Scammers use a SIM swap attack as a technique to gain control of a victim’s mobile phone number. With control of the number, scammers can use two-factor authentication (2FA) to access social media and crypto accounts.
