Friend.tech Enhances Security with 2FA Feature Amid SIM-Swap Attacks

In response to a series of SIM-swap attacks targeting its users, the team behind the decentralized social media platform Friend.tech has implemented a crucial security feature. As of October 9th, users are now able to add a Two-Factor Authentication (2FA) password to their Friend.tech accounts, offering an additional layer of protection in case their cell carrier or email service becomes compromised.

Friend.tech 2FA password for enhanced security

The 2FA password feature prompts Friend.tech users to add an extra password when signing in on new devices, significantly bolstering the platform’s security measures. Importantly, neither the Friend.tech nor Privy teams possess the capability to reset these passwords, placing the responsibility squarely on the users. This new safeguard comes after a spate of SIM-swap attacks on Friend.tech users that began in September.

The first SIM-swap attack victim, identified as froggie.eth, sounded the alarm on September 30th, urging fellow users to remain vigilant. Subsequently, more Friend.tech users came forward with similar stories, leading to the theft of an estimated 109 Ether (ETH), equivalent to approximately $172,000, from four users within just one week. Further exacerbating the situation, another four users were targeted in a 24-hour period a few days later, resulting in the theft of an additional $385,000 worth of Ether.

To mitigate the risk of SIM-swap exploits, Friend.tech had already taken security measures on October 4th, allowing users to add or remove various login methods. However, some users expressed disappointment that these measures were not implemented sooner.

Upon hearing about the introduction of 2FA, some users were relieved, while others expressed frustration at the perceived delay. One user remarked, “Finally,” while another commented, “took you long enough.” In contrast, prominent Friend.tech creator 0xCaptainLevi expressed optimism, emphasizing the significance of 2FA and its potential to elevate the social media platform to new heights.

Unveiling the SIM-swap attack method

Jason Yanowitz, the founder of Blockworks, shed light on one method through which SIM-swap attacks are orchestrated. This nefarious process typically begins with a text message asking the user for a number change request. Users can respond with either “YES” to approve the change or “NO” to decline it. 

If the user responds with “NO,” they are then sent a legitimate verification code from Friend.tech and prompted to send the code to the scammer’s number. Yanowitz warned that failure to respond within two hours results in the change proceeding as requested, leading to a wiped account.

The total value locked on Friend.tech currently stands at $43.9 million, reflecting a 15.5% decrease from it’s all-time high of $52 million on October 2nd, according to DefiLlama. This decline may be attributed, at least in part, to the recent SIM-swap attacks, which have understandably shaken user confidence in the platform.

Source: https://www.cryptopolitan.com/friendtech-enhances-security-with-2fa/