1 year ago
The information of Friend.Tech users’ funds are successful question owed to a question of reported compromised accounts and the consequent nonaccomplishment of funds done SIM-swap attacks and hacks.
Victims
In an Oct. 3 post connected X (formerly Twitter), a victim, Daren, revealed however helium was SIM swapped and robbed of 22 ETH.
“The 34 of my ain keys that I owned were sold, rugging anyone who held my key, each the different keys I owned were sold, and the remainder of the ETH successful my wallet was drained.”
Daren mentioned that owed to a bid of spam calls, helium enabled the soundless mode connected his phone. Unfortunately, this caused him to place a captious notification from Verizon regarding suspicious enactment connected his account. He added:
“If your Twitter relationship is doxxed to your existent name, your telephone fig tin beryllium found, and this could hap to you.”
Another victim, Dipper, explained that their FT relationship was compromised contempt their usage of a beardown password. However, that could not halt the attacker, who siphoned each the keys and funds successful the wallet to another. Dipper claimed to person mislaid 6.5 ETH to the incident.
Friend.Tech’s level information questioned.
Following the attacks, SlowMist laminitis Cos said Friend.Tech’s centralization risks information leakage due to the fact that the level requires users to registry with a mobile telephone number, a Gmail email address, oregon an Apple account. He added:
“There is not adjacent a two-factor authentication (2FA). Of course, perpetrators are keeping an oculus connected these atrocious onslaught methods.”
This presumption was besides shared by crypto trading steadfast Manifold Trading, which stated that “any hacker [that] gains entree to a FriendTech relationship via simswap/email hack, tin rug the full account.”
“FriendTech’s existent setup besides technically allows a rogue dev to reconstruct backstage keys via Shamir-Secret-Sharing shares that they tin retrieve from idiosyncratic information successful their database – truthful successful reality, the full TVL is astatine risk.”
According to Dune Analytics data, Friend.Tech has enjoyed a viral growth that has seen the full worth of assets locked connected the level balloon to implicit 30,000 ETH, astir $50 million.
These information concerns airs a important menace to Friend.Tech users’ funds. Manifold’s appraisal indicates that a minimum of $20 cardinal successful the level users’ assets whitethorn beryllium susceptible to sim-swap attacks.
The station Around $20M astatine hazard arsenic Friend Tech’s information comes nether scrutiny with users reporting SIM-swap attacks appeared archetypal connected CryptoSlate.
English (US) 