In an effort to stop an influx of SIM-swap attacks targeting its users, the team behind the decentralized social media network Friend.tech has incorporated a new security feature.
“You can now add a 2FA password to your Friend.tech account for additional protection if your cell carrier or email service becomes compromised,” the team wrote on X (previously Twitter) on October 9.
Users of Friend.tech will be prompted to add a second password when logging into new devices.
Friend.tech added, “Neither the friendtech nor Privy teams can reset these passwords, so please use care when using this feature.”
You can now add a 2FA password to your https://t.co/YOHabcBL3H account for additional protection if your cell carrier or email service becomes compromised.
Neither the friendtech nor Privy teams can reset these passwords, so please use care when using this feature pic.twitter.com/g0m2E4att2
— friend.tech (@friendtech) October 9, 2023
Since September, there have been multiple SIM-swap assaults against Friend.tech users.
Froggie.eth was among the first Friend.tech users compromised by a SIM-swap attack on September 30, prompting others to remain vigilant.
got swim swapped for 20+ ETH (they drained my https://t.co/xb5o31p3Yy)… stay vigilant out there bros
set a PIN on your sim even if you don't think you need to
— froggie.eth 🐸🦉 – hiring FE for Premia (@brypto_) September 30, 2023
Within a week, more Friend.tech users had an estimated 109 Ether (ETH) worth approximately $172,000 taken from them. Just days later, another four individuals were targeted over 24 hours, and another $385,000 worth of Ether was stolen.
On October 4, Friend.tech made a security upgrade that allowed users to add or remove different login methods to reduce the danger of SIM-swap attacks.
Multiple observers criticized Friend.tech for delaying the implementation of the solution.
One user said, “Finally,” while another said, “took you long enough.”
0xCaptainLevi, a prominent creator on Friend.tech, was more optimistic, emphasizing that 2FA is a “big deal” and can help drive the social media platform to unprecedented heights:
You can now add a 2FA password to your https://t.co/YOHabcBL3H account for additional protection if your cell carrier or email service becomes compromised.
Neither the friendtech nor Privy teams can reset these passwords, so please use care when using this feature pic.twitter.com/g0m2E4att2
— friend.tech (@friendtech) October 9, 2023
Jason Yanowitz, founder of Blockworks, disclosed one of the SIM-swap attack methods in an X thread on October 8. The process entails sending a text message to the user with a number change request, to which the user can reply “YES” to approve the change or “NO” to reject it.
If the user responds “NO,” Friend.tech sends the user an actual verification code and prompts them to transmit it to the scammer’s number.
“If we do not hear a response within 2 hours, the change will proceed as requested,” a follow-up message shows.
“In reality, if I sent the code, my account would get wiped,” he said.
Someone is trying to hack my @friendtech
1) Text sent saying they’re changing my number
2) I respond no
3) They say to confirm no, send the verification code
4) Receive actual verification code from friend tech
5) After no response, they text again saying they’ll auto… pic.twitter.com/j76vI969jP
— Yano 🟪 (@JasonYanowitz) October 8, 2023
According to DefiLlama, the total value locked on Friend.tech is presently $43.9 million, down 15.5% from its all-time high of $52 million on October 2.