Friend.Tech Security Under Scrutiny After $20M SIM-Swap Attacks

By: Isha Das

Friend.Tech users are facing security issues as several accounts have reportedly been compromised resulting in significant loss of funds through SIM-swap attacks and hacks. One victim, a user named Daren, revealed in an Oct. 3 post that he was SIM swapped and robbed of 22 ETH (source). He warned that if a user's digital profile is linked to their real name, their phone number could be found, and such attacks could happen.

Another user, named Dipper, claimed his Friend.Tech account was compromised despite using a strong password. This led to the loss of all the keys and funds in his wallet, amounting to 6.5 ETH. In light of these reports, several stakeholders, including the SlowMist founder Cos, have criticized Friend.Tech's platform security. He highlighted that the platform's requirement for users to register with a mobile phone number, a Gmail address, or an Apple account exposes them to information leakage due to centralization risks. Furthermore, there is an absence of a two-factor authentication system.

Crypto trading firm Manifold Trading expressed concerns that any hacker gaining access to a FriendTech account could potentially 'rug' the whole account. Concerns are also raised about rogue developers possibly reconstructing private keys from user data. They fear that all assets could be at risk due to the platform's setup. Dune Analytics data shows that Friend.Tech's total value of assets on the platform has grown to over 30,000 ETH, or around $50 million. Given the present security concerns, at least $20 million of these assets may be vulnerable to SIM-swap attacks.