security

Friend.tech adds new security upgrade in wake of SIM-swap attacks – Cointelegraph


The team behind the decentralized social media platform Friend.tech has added a new security feature amid attempts to stem a flood of SIM-swap attacks targeting its users.

“You can now add a 2FA password to your Friend.tech account for additional protection if your cell carrier or email service becomes compromised,” the team explained in an Oct. 9 post on X (formerly Twitter).

Friend.tech users will be prompted to add another password in when signing onto new devices.

“Neither the friendtech nor Privy teams can reset these passwords, so please use care when using this feature,” Friend.tech added.

The latest change follows several SIM-swap attacks targeting Friend.tech users since September.

On Sept. 30, froggie.eth was among the first in a string of Friend.tech users to be compromised by a SIM-swap attack, urging others to stay vigilant.

More Friend.tech users came forward with similar stories in the following days with an estimated 109 Ether (ETH), worth around $172,000, stolen from four users within a week. Another four users were targeted over a 24-hour period just days later, with another $385,000 worth of Ether stolen.

Readers Also Like:  Thousands of Docker container images could be leaking security ... - TechRadar

Friend.tech had already updated its security once on Oct. 4 to allow users to add or remove various login methods in an attempt to mitigate the risk of SIM-swap exploits.

Several observers criticized Friend.tech for not implementing the solution sooner.

“Finally,” one user said, while another said: “took you long enough.”

However, a prominent creator on Friend.tech, 0xCaptainLevi, was more optimistic, stressing that 2FA is a “big deal” and can help push the social media platform to unseen heights:

In an Oct. 8 X thread, Blockworks founder Jason Yanowitz revealed one of the ways the SIM-swap attacks are being orchestrated. The process involves a text message that asks the user for a number change request, where users can reply with “YES” to approve the change or “NO” to decline it.

If the user responds with “NO” — the user is then sent a real verification code from Friend.tech and is prompted to send the code to the scammer’s number.

“If we do not hear a response within 2 hours, the change will proceed as requested,” a follow-up message shows.

“In reality, if I sent the code, my account would get wiped,” he said.

Related: Friend​.tech copycat Stars Arena patches exploit after some funds drained

The total value locked on Friend.tech currently sits at $43.9 million, down 15.5% from its all-time high of $52 million on Oct. 2, according to DefiLlama.

Readers Also Like:  The Defense IT Flywheel Award Nominations are Open! - GovernmentCIO Media & Research
Change in total value locked on Friend.tech since Aug. 10. Source: DefiLlama.

Cointelegraph reached out to Friend.tech for comment but did not receive an immediate response.

Magazine: Blockchain detectives — Mt. Gox collapse saw birth of Chainalysis