Friend.tech adds new security upgrade in wake of SIM-swap attacks

The squad down the decentralized societal media level Friend.tech has added a caller information diagnostic amid attempts to stem a flood of SIM-swap attacks targeting its users.

“You tin present adhd a 2FA password to your Friend.tech relationship for further extortion if your compartment bearer oregon email work becomes compromised,” the squad explained successful an Oct. 9 station connected X (formerly Twitter).

Friend.tech users volition beryllium prompted to adhd different password successful erstwhile signing onto caller devices.

“Neither the friendtech nor Privy teams tin reset these passwords, truthful delight usage attraction erstwhile utilizing this feature,” Friend.tech added.

The latest alteration follows respective SIM-swap attacks targeting Friend.tech users since September.

On Sept. 30, froggie.eth wasamong the archetypal successful a drawstring of Friend.tech users to beryllium compromised by a SIM-swap attack, urging others to enactment vigilant.

More Friend.tech users came forward with akin stories successful the pursuing days with an estimated 109 Ether (ETH), worthy astir $172,000, stolen from 4 users wrong a week. Another 4 users were targeted implicit a 24-hour play conscionable days later, with different $385,000 worthy of Ether stolen.

Friend.tech had already updated its information erstwhile connected Oct. 4 to let users to add oregon region assorted login methods in an effort to mitigate the hazard of SIM-swap exploits.

However, respective observers criticized Friend.tech for not implementing the solution sooner.

“Finally,” 1 user said, portion different said: “took you agelong enough.”

However, a salient creator connected Friend.tech, 0xCaptainLevi, was much optimistic, stressing that 2FA is simply a “big deal” and tin assistance propulsion the societal media level to unseen heights:

2FA is simply a large deal. Road to $100M TVL ne'er seemed brighter❤️‍ https://t.co/bxd3V3M3mx

In an Oct. 8 X thread, Blockworks laminitis Jason Yanowitz revealed 1 of the ways the SIM-swap attacks are being orchestrated. The process involves a substance connection that asks the idiosyncratic for a fig alteration request, wherever users tin reply with “YES” to o.k. the alteration oregon “NO” to diminution it.

If the idiosyncratic responds with “NO” — the idiosyncratic is past sent a existent verification codification from Friend.tech and is prompted to nonstop the codification to the scammer’s number.

“If we bash not perceive a effect wrong 2 hours, the alteration volition proceed arsenic requested,” a follow-up connection shows.

"In reality, if I sent the code, my relationship would get wiped," helium said.

Related: Friend​.tech copycat Stars Arena patches exploit aft immoderate funds drained

The full worth locked connected Friend.tech presently sits astatine $43.9 million, down 15.5% from its all-time precocious of $52 cardinal connected Oct. 2, according to DefiLlama.

Change successful full worth locked connected Friend.tech since Aug. 10. Source: DefiLlama.

Cointelegraph reached retired to Friend.tech for remark but did not person an contiguous response.

Magazine: Blockchain detectives — Mt. Gox illness saw commencement of Chainalysis