A wave of SIM swap attacks struck users of the new social crypto app Friend.tech over the weekend, allowing hackers to drain thousands in digital assets. At least two victims reported losing over $70,000 worth of ether (ETH) after SIM swaps granted access to linked wallets.
The incidents involved attackers porting victims’ phone numbers to SIM cards under the hackers’ control. Once SIMs were swapped, hackers could intercept authentication codes to breach accounts. No exploit of Friend’s actual code occurred, with the vulnerability stemming from users’ linked phone numbers.
Friend.tech victims lose several Ethereum
One victim said their “doxxed” Twitter account with a public phone number enabled looking up the number for SIM swap fraud. With control of the connected phone, the hackers drained the user’s Friend.tech wallet and remaining ETH holdings.
The individual blamed carrier Verizon for barely providing time to react before the swap was completed. They warned others with exposed social media ties to be vigilant against rapid account takeovers.
While not a direct breach, the Friend.tech SIM attacks underscore the security risks surrounding Web3 platforms and crypto wallets. Friend.tech’s core service escaped compromise, but peripheral vulnerabilities presented attack vectors.
SIM swapping remains a straightforward and common hacking technique, made more dangerous when crypto funds are accessible. Even cautious users can fall prey to exposed personal data. In response, some have suggested Friend.tech adopt added safeguards like two-factor authentication to mitigate fraud risks.