Users of the decentralized platform Friend.tech, which allows for reputation and social relationships tokenization, have once again fallen victim to a SIM swapping attack. The victims lost nearly R$2 million in Ethereum (ETH). According to crypto detective ZachXBT, the hacker drained the accounts of the four victims in less than 24 hours.
A SIM swapping attack is a strategy used by cybercriminals to take control of a person’s phone number, illegally transferring it to a SIM card under their control. This is done without the victim’s permission or knowledge and can have serious consequences, as phone numbers are often linked to various online accounts and services, such as two-factor authentication or password recovery.
Earlier this week, as reported by CriptoFacil, the Friend.tech clients had already experienced another similar attack. At least two users claimed to have lost over 42 Ether (ETH) in these attacks, which, at the current exchange rate, amounts to over R$350,000.
One of these users, named Daren, published a report in X describing how 34 of his keys on the social network were stolen and then sold through this attack. Additionally, he started receiving several fraudulent phone calls.
In response to these recurring attacks, Friend.tech announced the implementation of a new feature that allows users to log into their accounts without the need for their phone numbers. For example, users can now log in with their email instead of their phone number.
“Now you can add and remove login methods from your http://friend.tech account. To access these settings, tap on the balance of your wallet in the upper right corner of the application,” the team wrote on X.
Ouriel Ohayon, co-founder and CEO of the Zengo wallet, explained to The Block that attackers can identify SIM swap victims among FriendTech users by taking advantage of information from their public X accounts.