The Team behind Friend.tech Adds 2FA Password Feature to Combat SIM-Swap Attacks
The team at Friend.tech, a decentralized social media platform, has introduced a new security feature in response to the increasing number of SIM-swap attacks targeting its users. To provide additional protection in case of a compromised cell carrier or email service, users can now add a two-factor authentication (2FA) password to their Friend.tech accounts. This means that when signing onto new devices, users will be prompted to enter an extra password. It’s important to note that neither the Friend.tech nor Privy teams have the ability to reset these passwords, so caution should be exercised when using this feature.
Rising Incidents of SIM-Swap Attacks on Friend.tech Users
Friend.tech users have experienced several SIM-swap attacks since September. One user, froggie.eth, was among the first victims and urged others to remain vigilant. Over the course of a week, four users had approximately 109 Ether (ETH), equivalent to $172,000, stolen from their accounts. In another instance, within a 24-hour period, four more users lost around $385,000 worth of Ether. Due to these attacks, Friend.tech had already updated its security measures on October 4 to allow users to add or remove various login methods.
Reaction from Users and Experts
Some observers criticized Friend.tech for not implementing the solution earlier. However, others expressed relief that the 2FA password feature was finally added. A prominent creator on Friend.tech named 0xCaptainLevi emphasized that 2FA is significant and can contribute to the platform’s success.
Details of SIM-Swap Attack Process Revealed
In an X thread on October 8, Blockworks founder Jason Yanowitz disclosed one method used in SIM-swap attacks. Attackers send users a text message requesting a number change and ask for confirmation by replying with “YES” or “NO.” If the user responds with “NO,” they receive a real verification code from Friend.tech and are prompted to send it to the scammer’s number. Failure to respond within two hours results in the requested number change being processed. Yanowitz highlighted the importance of not sending the verification code to avoid account compromise.
Hot Take: Friend.tech Enhances Security with 2FA
The addition of a two-factor authentication (2FA) password feature to Friend.tech is a crucial step in safeguarding user accounts from SIM-swap attacks. This new security measure provides an extra layer of protection in case of compromised cell carriers or email services. It is encouraging to see Friend.tech taking action to address these security concerns, although some users feel it should have been implemented earlier. The introduction of 2FA has the potential to boost confidence in the platform and attract more users, contributing to its growth and success.