Friend.Tech users hit by SIM swap attack

Some users Web3-social network Friend.Tech reported that they had fallen victim to SIM swapping, losing digital assets worth thousands of dollars. 

I was just SIM swapped and robbed of 22 ETH via @friendtech

The 34 of my own keys that I owned were sold, rugging anyone who held my key, all the other keys I owned were sold, and the rest of the ETH in my wallet was drained.

If your Twitter account is doxxed to your real… pic.twitter.com/5wA86mjYEG

— daren (friend, friend) (@darengb) October 3, 2023

One of the victims under the alias darengb reported the theft of 22 ETH (~$36,500).

Because Friend.Tech users must link their X accounts to a phone number, the risk of SIM swaps is greatly amplified. 

«Если в учетной записи используется настоящее имя, ваш личный номер телефона можно найти. Это может случиться с каждым», — warned darengb.

At a point he began receiving a flood of calls from unknown numbers, so he put the phone on silent. The spam was used to obscure a login alert from a third-party device. 

The SlowMist founder Xian Yu recommended an effective way to defend against such breaches — enabling two-factor authentication. 

On September 30, representatives of Friend.Tech also warned about a bug in bonus-point distribution, which caused some accounts to be reset. The community believes these points will play a significant role in a future anticipated airdrop. 

The calculation for this week’s points distribution contained a bug which resulted in some users having their accrued points set to zero. It was not our intention to remove points from any user.

We have fixed this bug and redistributed this week’s points

— friend.tech (@friendtech) September 30, 2023

«В наши намерения не входило отнимать баллы у какого-либо пользователя. Мы исправили ошибку и перераспределим их на этой неделе», — заверили разработчики.

Earlier, an analyst and DeFi Llama developer under the pseudonym 0xngmi warned of possible vulnerabilities of the project and its clones.

btw this should be obvious but all the friend-tech clones (including the original friend tech!) store your key in frontend

so it’s possible to steal your key or all funds with a frontend update

— 0xngmi (@0xngmi) September 20, 2023

According to him, the app stores users’ private keys on the frontend. If the protocol’s frontend interface is breached, loss of funds is inevitable.

Growth Against the Odds

Despite technical glitches, security concerns and a closed beta, Friend.Tech continues to show solid metrics. 

According to DeFi Llama, the total value locked in the protocol stands at $49.35 million. Over the last month the project attracted more than $30 million. 

Researcher Tom Wan noted that since September 8, activity on Friend.Tech has generated $1.1 million in fees daily. In his view, this is more than the Bitcoin network and platforms OpenSea and MakerDAO. 

The top 30 creators on Friend.Tech receive 15% of total royalties.

.@friendtech has reached $50M TVL

This post will give an update on:
— Current TVL
— Fees & Revenue
— Threshold to Breakeven for the Minimum Deposit
— FT’s Age Restriction

1. The amount of fees that are able to be generated by FT is huge

Since 8 Sep, they have been generating… pic.twitter.com/OpycdsXSOQ

— Tom Wan (@tomwanhh) October 3, 2023

On October 2, the app’s 24-hour trading volume stood at 7,430 ETH (~$12.3 million), according to the Dune dashboard.

Total turnover of the platform reached 244,754 ETH (~$406 million).

Moreover, on Friend.Tech accounts for around 21% of all fees in the L2-network Base, on which it is built. The second-most popular app—the cross-chain-protocol LayerZero—accounts for only 3.4% of the transaction fees on the second-tier solution.

By early October, activity in the protocol declined but stayed at stable mid-levels. In recent days, the number of active addresses has fluctuated between 10,000 and 15,000. 

By the end of September, users and influencers on Friend.Tech earned more than $12 million in commissions in total.