Friend.tech rolls out 2FA feature amid surge in SIM-swap attacks

October 10, 2023 at 10:50 am

News

Friend.tech rolls out 2FA feature amid surge in SIM-swap attacks

Decentralized social media platform Friend.tech has launched a new 2FA feature to counter rising SIM-swap attacks targeting its users.

The team behind the decentralized app announced in an Oct. 9 X post that users can now set up a 2FA password on their Friend.tech accounts for extra security in case their mobile carrier or email provider is compromised.

You can now add a 2FA password to your https://t.co/YOHabcBL3H account for additional protection if your cell carrier or email service becomes compromised.

Neither the friendtech nor Privy teams can reset these passwords, so please use care when using this feature pic.twitter.com/g0m2E4att2
— friend.tech (@friendtech) October 9, 2023

Users will be prompted to set up this extra password when they sign in on new devices.

Importantly, neither Friend.tech nor its security partner, Privy, can reset these passwords, so users are advised to exercise caution when setting them up.

Friend.tech users targeted by SIM-Swap attacks

The move to enhance security protocols follows a series of SIM-swap attacks affecting Friend.tech users since September.

These attacks have led to the theft of an estimated 109 Ether (ETH), equivalent to nearly $500,000. One hacker alone was responsible for stealing close to $400,000 from various accounts on the platform.

Yu Xian, the founder of cybersecurity firm Slow Mist, tested the new 2FA feature and shared his experience on social media. His findings indicate that the feature is functional and adds a needed layer of security.

https://twitter.com/evilcos/status/1711585533724659950

Friend.tech had previously rolled out security updates on Oct. 4, which allowed users to add or remove different login methods.

However, some argue that the 2FA feature should have been introduced sooner, given the severity and frequency of the attacks.

took you long enough
— TTT |$BBg (@ThinTallTosin) October 9, 2023

On Oct. 9, Jason Yanowitz, founder of Blockworks, provided insights into how the SIM-swap attacks are carried out.

Attackers send text messages to users, ask them to change their numbers, and require a “YES” or “NO” response.

If the user responds with “NO,” they receive a legitimate verification code from Friend.tech, which the scammer then prompts them to forward.

Failure to respond within two hours results in the change being made, putting the account at risk.

Earlier today, the head of Defiant News reported that his Friend.tech wallet was emptied due to a sophisticated phishing scam, adding another layer of urgency to the platform’s need for robust security measures.

My friendtech wallet was compromised through an elaborate phishing scam and my 22 ETH portfolio was nuked to 0😢

They just bridged my ETH using Orbiter, and some has just been deposited to @binance https://t.co/dKIgKLPGop https://t.co/ZJVSdW0AHW pic.twitter.com/zgz9T2LvLW
— yyctradΞr (@yyctrader1) October 10, 2023