Amid an ongoing wave of SIM-swap attacks targeting Friend.tech users, a single scammer has reportedly made off with approximately $385,000 worth of Ether in less than 24 hours. These incidents highlight the vulnerability of users who have had their mobile phone numbers leaked.
A Persistent Threat
Blockchain investigator ZachXBT disclosed that the same scammer managed to steal 234 ETH within a 24-hour period by SIM-swapping four different Friend.tech users. The on-chain movement of the stolen crypto assets was traced back to this same hacker.
Some of the victims of these recent SIM-swap attacks took to Twitter to share their experiences in real-time. User “KingMgugga” reported being “sim swapped” and sought help, while another user, “holycryptoroni,” confirmed a similar attack.
Earlier this week, four more Friend.tech users reported their accounts being drained due to SIM-swap or phishing attacks, resulting in the theft of approximately 109 ETH. Friend.tech allows users to purchase “keys” that grant access to private chat rooms, making it a lucrative target for scammers.
The same scammer profited $385K (234 ETH) in the past 24 hours off SIM swapping four different FriendTech users. pic.twitter.com/03BoBEqGax
— ZachXBT (@zachxbt) October 4, 2023
Manifold Trading, a company developing tools for the crypto ecosystem, estimated that up to $20 million of Friend.tech’s $50 million in total value locked could be at risk. They called for the platform to implement two-factor authentication (2FA) to bolster account security.
Broader Calls for 2FA Implementation
The incident has also prompted calls for social media platforms like X to introduce 2FA security measures to prevent mobile phone numbers from being leaked. This appeal comes in the wake of a high-profile SIM-swap attack on Vitalik Buterin’s account in September.
“0xfoobar,” the founder and CEO of wallet security firm Delegate, recommended that users remove phone numbers from their social media accounts to reduce vulnerability to such attacks.