Kenne Michael 
Users of Friend.tech issued a warning about possible SIM-swap attacks following a spate of alleged breaches that resulted in the theft of nearly 109 Ether worth approximately $178,000 from four users within a week.
On September 30, the X (formerly Twitter) user known as “froggie.eth” warned their Friend.tech account was SIM-swapped — where attackers obtain control of a user’s mobile number to intercept two-factor authentication codes, which are then used to access accounts — and over 20 ETH were subsequently stolen.
On October 3, a series of Friend.tech users reported similar incidents, with musician Daren Broxmeyer claiming his SIM card was swapped and 22 ETH were stolen.
His phone had previously been “spammed with phone calls,” which he believed was an attempt to prevent him from receiving a text message from his service provider warning him that someone was attempting to access his account.
I was just SIM swapped and robbed of 22 ETH via @friendtech
The 34 of my own keys that I owned were sold, rugging anyone who held my key, all the other keys I owned were sold, and the rest of the ETH in my wallet was drained.
If your Twitter account is doxxed to your real… pic.twitter.com/5wA86mjYEG
— daren (@darengb) October 3, 2023
The same day, another user, “dipper,” reported that their account had been compromised, adding that they have “no idea” how their account could have been hacked because they use robust passwords.
The fourth user, “digging4doge,” lost approximately 60 ETH after falling victim to a phishing scheme that involved sharing a login code.
Friendtech user @digging4doge just got drained to the tune of ~60 eth worth of keys.
About an hour ago, he received a text informing him that a number change had been requested for his account.
He had two hours to respond or the request would be auto approved. This was, of… pic.twitter.com/L21Hr041kP
— Quit (@0xQuit) October 4, 2023
The crypto investment firm Manifold Trading explained that any intruder who gains access to a Friend.tech account can “rug the whole account.”
According to them, $20 million may be compromised by Friend.tech user-focused vulnerabilities if a third of its accounts are linked to phone numbers.
Manifold also indicated that technically, the entirety of Friend.tech is at risk due to the platform’s security configuration and that resolving the issues “should honestly be the number 1 priority.”
If any hacker gains access to a FriendTech account via simswap/email hack, they can rug the whole account
If you assume 1/3 of FriendTech accounts are connected to phone numbers, that's $20M at risk from sim-swaps
FriendTech's current setup also technically allows a rogue dev… https://t.co/XgodMNSh2l
— Manifold (@ManifoldTrading) October 2, 2023
Manifold recommended that Friend.tech enable 2FA for logins, key decryptions, and transactions.
Users should also be able to change the login mechanism from a number to an email address, and third-party wallets should be permitted.
Prior to September, the X account of Ethereum co-founder Vitalik Buterin was effectively SIM-swapped and used for phishing attacks, as were the accounts of other prominent crypto figures.
