crypto.news
Decentralized social media platform Friend.tech has launched a new 2FA feature to counter rising SIM-swap attacks targeting its users.
The team behind the decentralized app announced in an Oct. 9 X post that users can now set up a 2FA password on their Friend.tech accounts for extra security in case their mobile carrier or email provider is compromised.
You can now add a 2FA password to your https://t.co/YOHabcBL3H account for additional protection if your cell carrier or email service becomes compromised.
— friend.tech (@friendtech) October 9, 2023
Neither the friendtech nor Privy teams can reset these passwords, so please use care when using this feature pic.twitter.com/g0m2E4att2
Users will be prompted to set up this extra password when they sign in on new devices.
Importantly, neither Friend.tech nor its security partner, Privy, can reset these passwords, so users are advised to exercise caution when setting them up.
Friend.tech users targeted by SIM-Swap attacks
The move to enhance security protocols follows a series of SIM-swap attacks affecting Friend.tech users since September.
These attacks have led to the theft of an estimated 109 Ether ($ETH), equivalent to nearly $500,000. One hacker alone was responsible for stealing close to $400,000 from various accounts on the platform.
Yu Xian, the founder of cybersecurity firm Slow Mist, tested the new 2FA feature and shared his experience on social media. His findings indicate that the feature is functional and adds a needed layer of security.
测试了下 https://t.co/xvDZPEKscJ 新增的 2FA 机制,这个 2FA 实际上是让用户设置了个独立的密码,当用户在进行资金有关操作时:
— Cos(余弦)😶🌫️ (@evilcos) October 10, 2023
– buy/sell key
– withdraw 资金
– exprot 私钥
需要验证一次这个独立密码(这些验证由 @privy_io… https://t.co/BLwSLdeA78
Friend.tech had previously rolled out security updates on Oct. 4, which allowed users to add or remove different login methods.
However, some argue that the 2FA feature should have been introduced sooner, given the severity and frequency of the attacks.
took you long enough
— TTT |$BBg (@ThinTallTosin) October 9, 2023
On Oct. 9, Jason Yanowitz, founder of Blockworks, provided insights into how the SIM-swap attacks are carried out.
Attackers send text messages to users, ask them to change their numbers, and require a “YES” or “NO” response.
If the user responds with “NO,” they receive a legitimate verification code from Friend.tech, which the scammer then prompts them to forward.
Failure to respond within two hours results in the change being made, putting the account at risk.
Earlier today, the head of Defiant News reported that his Friend.tech wallet was emptied due to a sophisticated phishing scam, adding another layer of urgency to the platform’s need for robust security measures.
My friendtech wallet was compromised through an elaborate phishing scam and my 22 $ETH portfolio was nuked to 0😢
— yyctradΞr (@yyctrader1) October 10, 2023
They just bridged my $ETH using Orbiter, and some has just been deposited to @binance https://t.co/dKIgKLPGophttps://t.co/ZJVSdW0AHW pic.twitter.com/zgz9T2LvLW