Friend.tech SIM-swap scourge continues as scammer nets $385K in Ether

7



A single scammer has reportedly managed to steal around $385,000 worth of Ether (ETH) in less than 24 hours amid a scourge of SIM-swap hacks seemingly targeting Friend.tech users.

On Oct. 5, blockchain sleuth ZachXBT reported the same scammer had pilfered 234 ETH over the past 24 hours by SIM-swapping four different Friend.tech users.

The on-chain movement of crypto assets was traced back to the same hacker who drained the accounts of the four victims.

One of the reported victims of the most recent chain of SIM-swap attacks posted to X (Twitter) following the attack:

“Got sim swapped. Apparently, dude was able to do it from an Apple store and switched it to an iPhone SE. Don’t buy my keys, that wallet is compromised.”

X user “KingMgugga” reported an attack targeting them happening in real time, posting to X that they were “getting f—ing sim swapped watching it happen” and asking for help. Meanwhile, another X user, “holycryptoroni,” confirmed they were similarly attacked, lamenting, “I got swapped sorry.”

Earlier this week, a further four Friend.tech users claimed to have their accounts drained as a result of a SIM-swap or phishing attack, totaling around 109 ETH stolen.

Friend.tech allows users to purchase “keys” of individuals, which grants access to private chat rooms with them.

The SIM-swap scam occurs when scammers gain access to the victim’s phone number and use it to acquire authentication, which enables them to access their social media and crypto accounts.

Manifold Trading, a firm building tools for the ecosystem, estimated that $20 million of Friend.tech’s $50 million of total value locked could be at risk. It called for the platform to beef up its account security measures by enabling two-factor authentication (2FA).

Related: How easy is a SIM swap attack? Here’s how to prevent one

There have also been calls for X to implement 2FA security measures to prevent mobile phone numbers from getting leaked following the high-profile hack of Vitalik Buterin’s account in September, which was also due to a SIM swap attack.

“0xfoobar,” founder and CEO of wallet security firm Delegate, advised removing phone numbers from social media accounts.

Magazine: Blockchain detectives — Mt. Gox collapse saw birth of Chainalysis