Friend.tech adds new security upgrade in wake of SIM-swap attacks

Binance
Friend.tech adds new security upgrade in wake of SIM-swap attacks
Paxful


The team behind the decentralized social media platform Friend.tech has added a new security feature amid attempts to stem a flood of SIM-swap attacks targeting its users.

“You can now add a 2FA password to your Friend.tech account for additional protection if your cell carrier or email service becomes compromised,” the team explained in an Oct. 9 post on X (formerly Twitter).

Friend.tech users will be prompted to add another password in when signing onto new devices.

“Neither the friendtech nor Privy teams can reset these passwords, so please use care when using this feature,” Friend.tech added.

Ledger

The latest change follows several SIM-swap attacks targeting Friend.tech users since September.

On Sept. 30, “Froggie.eth” was among the first in a string of Friend.tech users to be compromised by a SIM-swap attack, urging others to stay vigilant.

More Friend.tech users came forward with similar stories in the following days, with an estimated 109 Ether (ETH), worth around $172,000, stolen from four users within a week. Another four users were targeted over a 24-hour period just days later, with another $385,000 worth of Ether stolen.

Friend.tech had already updated its security once on Oct. 4 to allow users to add or remove various login methods in an attempt to mitigate the risk of SIM-swap exploits.

Several observers criticized Friend.tech for not implementing the solution sooner.

“Finally,” one user said, while another said, “Took you long enough.”

However, a prominent creator on Friend.tech, “0xCaptainLevi,” was more optimistic, stressing that two-factor authentication (2FA) is a “big deal” and can help push the social media platform to unseen heights:

In an Oct. 8 X thread, Blockworks founder Jason Yanowitz revealed one of the ways the SIM-swap attacks are being orchestrated. The process involves a text message that asks the user for a number change request, where users can reply with “Yes” to approve the change or “No” to decline it.

If the user responds with “No,” the user is then sent a real verification code from Friend.tech and is prompted to send the code to the scammer’s number.

“If we do not hear a response within 2 hours, the change will proceed as requested,” a follow-up message shows.

“In reality, if I sent the code, my account would get wiped,” he said.

Related: Friend​.tech copycat Stars Arena patches exploit after some funds drained

The total value locked on Friend.tech currently sits at $43.9 million, down 15.5% from its all-time high of $52 million on Oct. 2, according to DefiLlama.

Change in total value locked on Friend.tech since Aug. 10. Source: DefiLlama

Cointelegraph reached out to Friend.tech for a comment but did not receive an immediate response.

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: Blockchain detectives — Mt. Gox collapse saw birth of Chainalysis





Source link

Changelly

Be the first to comment

Leave a Reply

Your email address will not be published.


*