Leaked mobile phone numbers have given scammers an easy way to drain Friend.tech user accounts.
A single scammer has reportedly managed to steal around $385,000 worth of Ether
$1,637 in less than 24 hours amid a scourge of SIM-swap hacks seemingly targeting Friend.tech users.
On Oct. 5, blockchain sleuth ZachXBT reported the same scammer had pilfered 234 ETH over the past 24 hours by SIM-swapping four different Friend.tech users.
The on-chain movement of crypto assets was traced back to the same hacker who drained the accounts of the four victims.
One of the reported victims of the most recent chain of SIM-swap attacks posted to X (Twitter) following the attack:
“Got sim swapped. Apparently, dude was able to do it from an Apple store and switched it to an iPhone SE. Don’t buy my keys, that wallet is compromised.”
X user “KingMgugga” reported an attack targeting them happening in real time, posting to X that they were “getting f—ing sim swapped watching it happen” and asking for help. Meanwhile, another X user, “holycryptoroni,” confirmed they were similarly attacked, lamenting, “I got swapped sorry.”
Earlier this week, a further four Friend.tech users claimed to have their accounts drained as a result of a SIM-swap or phishing attack, totaling around 109 ETH stolen.
Friend.tech allows users to purchase “keys” of individuals, which grants access to private chat rooms with them.
The SIM-swap scam occurs when scammers gain access to the victim’s phone number and use it to acquire authentication, which enables them to access their social media and crypto accounts.
Manifold Trading, a firm building tools for the ecosystem, estimated that $20 million of Friend.tech’s $50 million of total value locked could be at risk. It called for the platform to beef up its account security measures by enabling two-factor authentication (2FA).
Related: How easy is a SIM swap attack? Here’s how to prevent one
There have also been calls for X to implement 2FA security measures to prevent mobile phone numbers from getting leaked following the high-profile hack of Vitalik Buterin’s account in September, which was also due to a SIM swap attack.
“0xfoobar,” founder and CEO of wallet security firm Delegate, advised removing phone numbers from social media accounts.
Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.