On 5 October, some users of the social-fi crypto platform Friend Tech reported on X that they were victims of a 234 ETH hack due to a theft of their private keys.
The heist was pulled off by a single individual who by cloning the SIM cards of the unfortunate users of the decentralized application, managed to extract the access keys to their crypto wallets on Base and managed to take away a total of $385,000.
The story may not end there as more wallets were compromised earlier this week.
The Friend.Tech team is trying to respond with a security update given growing user fears about a possible exploit of the crypto platform’s entire TVL.
Let’s take a look at all the details together.
Crypto: Friend.Tech suffers 234 ETH hack and risks losing credibility after frequent SIM cloning cases
Friend.Tech is a decentralized crypto application developed on Coinbase’s layer-2, where users can tokenize and trade various shares representative of their accounts on X.
The platform has attracted a lot of attention from the crypto community given the extraordinary success it has achieved in its first few weeks of operation, even getting the nickname “Only Fans of the web3” given some similarities in the business model.
These days, however, Friend.Tech is making headlines because of some security issues that have emerged, which could completely ruin the project’s excellent market debut
Yesterday, in fact, several users of the social-fi crypto platform Friend.Tech reported to the X (formerly Twitter) community that their Base wallets had been compromised for a total theft of 234 ETH, or about $385,000.
In this unsavory affair, the type of attack implemented by the hacker is SIM-swapping: this is a scam where SIMs are cloned by illicitly obtaining the victim’s phone number and exploiting it to gain access to social accounts by effectively circumventing security measures for access.
This is not the first time that such attacks have been carried out on Friend.Tech since even earlier this week abnormal transactions were reported on some users’ wallets for 109 ETH damage.
Apparently, the malicious individual carried out SIM-swapping via the Apple Store and managed to transfer the victims’ data to an Iphone SE.
Got sim swapped. Apparently dude was able to do it from an apple store and switched it to an iphone SE. Don't buy my keys, that wallet is compromised.@friendtech
— sumfattytuna 🤠 (@sumfattytuna) October 4, 2023
For Friend.Tech to solve this headache is critical since $50 million belonging to more than 28,000 users is at risk.
Since September, the platform has seen an incredible increase in the number of transactions and inflow within the protocol.
According to Dune Analytics, total fees generated on the protocol reached 11,764 ETH (worth over $19 million), thanks to a total of 9,870,682 transactions.
A new record was reached on 14 September with 616 ETH in fees.
Should new hacks and attacks on users happen, the growing distrust of the community will most likely lead to a decline in overall activity with the risk of not being able to get back up again.
Social-fi platform’s responses against highlighted security problems
Friend.Tech’s recent security problems that led to the loss of nearly $500,000 to users of the social-fi crypto platform could be just the beginning of a series of unfortunate events.
According to Manifold Trading, a company that develops software solutions for the industry, at this time, $20 million of the $50 million in total assets locked up on the platform are at risk.
These are the words of the company:
If any hacker gains access to a FriendTech account via simswap/email hack, they can rug the whole account
If you assume 1/3 of FriendTech accounts are connected to phone numbers, that's $20M at risk from sim-swaps
FriendTech's current setup also technically allows a rogue dev… https://t.co/XgodMNSh2l
— Manifold (@ManifoldTrading) October 2, 2023
Friend.Tech’s response was not long in coming as within hours of the incident it proceeded to launch a new feature against compromise of its users’ wallets.
This is a mechanism to eliminate specific access options, particularly phone numbers, drastically reducing the likelihood of a SIM-swapping attack, which is what the hacker used this week.
You can now add and remove log in methods for your https://t.co/YOHabcBL3H account. To access these settings, tap your wallet balance in the top right corner of the app pic.twitter.com/d37VWVk2Eb
— friend.tech (@friendtech) October 4, 2023
Unfortunately, however, the problems do not seem to have ended there: many users have complained about X as they are unable to access their Friend.Tech accounts.
One user in particular revealed that following the update, although he removed the phone number by replacing the authentication method, he was no longer able to log into his profile.
Having also left sessions open on other devices, he believes hackers could still compromise his account and empty his cryptographic wallet
Been locked out of my account for over a month. Where do I get help now that your help desk account is banned?
— Crossover (@crossover_step) October 4, 2023
