Friend.tech Adds 2FA Password for Users Amidst Ongoing SIM-Swap Attacks

The team behind the decentralized social media platform Friend.tech has responded to a series of SIM-swap attacks targeting its users by implementing a crucial security enhancement. 

In a recent announcement on X (formerly Twitter), Friend.tech unveiled the introduction of a Two-Factor Authentication (2FA) password feature. 

This move aims to provide additional protection for users whose cell carriers or email services have been compromised.

You can now add a 2FA password to your https://t.co/YOHabcBL3H account for additional protection if your cell carrier or email service becomes compromised.

Neither the friendtech nor Privy teams can reset these passwords, so please use care when using this feature pic.twitter.com/g0m2E4att2

— friend.tech (@friendtech) October 9, 2023

Friend.tech Users Will Have an Option to Setup Additional Password

With the new 2FA feature, Friend.tech users will now be prompted to set up an additional password when signing in on new devices. 

Importantly, neither the Friend.tech team nor the Privy teams will have the capability to reset these passwords, underlining the need for users to exercise caution when using this feature.

The decision to bolster security comes in the wake of a string of SIM-swap attacks that have plagued Friend.tech users since September. 

The attacks have raised concerns and drawn criticism from some quarters regarding the platform’s initial response.

Slow Mist founder Yu Xian tested the 2FA mechanism and shared his experience on Twitter. 

测试了下 https://t.co/xvDZPEKscJ 新增的 2FA 机制，这个 2FA 实际上是让用户设置了个独立的密码，当用户在进行资金有关操作时：

– buy/sell key
– withdraw 资金
– exprot 私钥

需要验证一次这个独立密码（这些验证由 @privy_io… https://t.co/BLwSLdeA78

— Cos(余弦)😶‍🌫️ (@evilcos) October 10, 2023

Friend.tech Users Face SIM Swap Attacks

The SIM-swap attacks have culminated in the theft of an estimated 109 Ether (ETH), valued at nearly $500,000 in just few days, with one hacker stealing nearly $400k from different Friend.tech users. 

To mitigate the risk of SIM-swap exploits, Friend.tech had already introduced security updates on October 4, allowing users to add or remove various login methods.

Despite some criticism over the timing of the 2FA implementation, many users welcomed the added layer of security. 

Blockworks founder Jason Yanowitz shed light on the modus operandi of the SIM-swap attacks. Attackers send text messages requesting a number change, with users required to respond with either “YES” or “NO.” 

If the response is “NO,” the user is sent a legitimate verification code from Friend.tech and is prompted to send the code to the scammer’s number. 

Failure to respond within two hours results in the requested change proceeding, potentially leading to account compromise.

Earlier today, head of Defiant News revealed that he saw his Friend.tech wallet drained in an elaborate phishing scam.

My friendtech wallet was compromised through an elaborate phishing scam and my 22 ETH portfolio was nuked to 0😢

They just bridged my ETH using Orbiter, and some has just been deposited to @binance https://t.co/dKIgKLPGophttps://t.co/ZJVSdW0AHW pic.twitter.com/zgz9T2LvLW

— yyctradΞr (@yyctrader1) October 10, 2023