Friend.tech Responds to SIM Swap Attacks with Enhanced Security Measures
coinedition.com 17 m
Decentralized social network platform Friend.tech announced an improvement to the protocol’s security, allowing users to add and remove various login methods from their accounts.
You can now add and remove log in methods for your https://t.co/YOHabcBL3H account. To access these settings, tap your wallet balance in the top right corner of the app pic.twitter.com/d37VWVk2Eb
— friend.tech (@friendtech) October 4, 2023
On October 4, Friend.tech announced on X (previously Twitter) the update on its login method, saying, “You can now add and remove login methods for your Friend.tech account.” Moreover, the company shared how users can access these settings from the application.
This update has been in response to the recent SIM swap attacks targeting Friend.tech users. Recently, ZachXBT, a well-known blockchain detective, unveiled a SIM swap attack targeting Friend.tech users, which led to a loss of $385,000.
The recent SIM swap incident defrauded four users by a single scammer, and all the incidents occurred within 24 hours. ZachXBT claimed that users could have signed up with a new email address instead, as “SIM swaps are not a new thing.”
Manifold Trading, a systematic crypto investment firm, recently shared that Friend.tech’s SIM swap attacks could lead to a $20 million loss. They stated that if any hacker gains access to a Friend.tech account via SIM swap or an email hack, they could rug the whole account.
If any hacker gains access to a FriendTech account via simswap/email hack, they can rug the whole account
If you assume 1/3 of FriendTech accounts are connected to phone numbers, that’s $20M at risk from sim-swaps
FriendTech’s current setup also technically allows a rogue dev… https://t.co/XgodMNSh2l
— Manifold (@ManifoldTrading) October 2, 2023
Furthermore, Manifold shared a few suggestions to solve this issue, as it “should honestly be the number one priority.” The crypto firm suggested allowing users to add Two Factor Authorization to Friend.tech login and claimed that it’s not difficult to implement and allow 2FA on key decryption and transactions, as Privy is implementing this.
Friend.tech has responded to this and stated, “We have received questions about why we haven’t enabled Privy’s 2FA passcode feature yet.” They added that Privy’s UX doesn’t instruct users to confirm their passcode. If a user mistypes the passcode, neither Privy nor Friend.tech can reset it, which would lead to the user being locked out of their accounts.
General Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.