In a disturbing wave of SIM-swap hacks, a single scammer has managed to steal approximately $385,000 worth of Ether in less than 24 hours, primarily targeting Friend.tech users. Blockchain investigator ZachXBT revealed that this same scammer successfully pilfered 234 ETH within a day, executing SIM-swap attacks on four different Friend.tech users.
SIM-Swap attacks plague Friend.tech community
The victims of these attacks found themselves in a state of shock as their hard-earned cryptocurrency assets vanished in a matter of minutes. One victim, posting on Twitter under the handle “KingMgugga,” described the horrifying experience in real-time, saying, “Getting f—ing sim swapped, watching it happen,” while desperately seeking assistance.
Another user, “holycryptoroni,” confirmed that they had also fallen prey to this type of cybercrime, expressing regret, “I got swapped, sorry.”
Earlier this week, an additional four users of Friend.tech reported similar incidents where their accounts were drained due to SIM-swap or phishing attacks, resulting in approximately 109 ETH being stolen. Friend.tech is a platform that allows users to purchase “keys” that grant access to private chat rooms with specific individuals.
How SIM-swap scams work
The SIM-swap scam involves scammers gaining unauthorized access to a victim’s phone number. They then use this access to obtain authentication credentials, which allows them to infiltrate social media and cryptocurrency accounts. This type of attack has been on the rise, causing significant financial losses and emotional distress for victims.
Manifold Trading, a company dedicated to building tools for the crypto ecosystem, estimated that up to $20 million of Friend.tech’s $50 million in total value locked could be at risk due to these recent attacks. In response to the alarming situation, they called for Friend.tech to implement robust account security measures, including two-factor authentication (2FA).
The need for enhanced security measures is not limited to Friend.tech alone. Many have also called for Twitter (referred to as “X” in the article) to implement 2FA security measures to prevent mobile phone numbers from being compromised. This concern arises following the high-profile hack of Vitalik Buterin’s Twitter account in September, which also resulted from a SIM-swap attack.
In light of these ongoing threats, “0xfoobar,” the founder and CEO of Delegate, a wallet security firm, has advised individuals to remove their phone numbers from their social media accounts. Doing so can be a proactive step to minimize the risk of falling victim to these malicious attacks.