{"id":85298,"date":"2023-10-03T17:26:30","date_gmt":"2023-10-03T14:26:30","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=85298"},"modified":"2025-09-12T22:25:26","modified_gmt":"2025-09-12T19:25:26","slug":"friend-tech-users-hit-by-sim-swap-attack","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/friend-tech-users-hit-by-sim-swap-attack\/","title":{"rendered":"Friend.Tech users hit by SIM swap attack"},"content":{"rendered":"<p>Some users <a href=\"https:\/\/forklog.com\/en\/news\/what-is-web3\">Web3<\/a>-social network Friend.Tech reported that they had fallen victim to SIM swapping, losing digital assets worth thousands of dollars.\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">I was just SIM swapped and robbed of 22 ETH via <a href=\"https:\/\/twitter.com\/friendtech?ref_src=twsrc%5Etfw\">@friendtech<\/a><\/p>\n<p>The 34 of my own keys that I owned were sold, rugging anyone who held my key, all the other keys I owned were sold, and the rest of the ETH in my wallet was drained.<\/p>\n<p>If your Twitter account is doxxed to your real\u2026 <a href=\"https:\/\/t.co\/5wA86mjYEG\">pic.twitter.com\/5wA86mjYEG<\/a><\/p>\n<p>\u2014 daren (friend, friend) (@darengb) <a href=\"https:\/\/twitter.com\/darengb\/status\/1709021872178729409?ref_src=twsrc%5Etfw\">October 3, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>One of the victims under the alias darengb reported the theft of 22 ETH (~$36,500).<\/p>\n<p>Because Friend.Tech users must link their X accounts to a phone number, the risk of SIM swaps is greatly amplified.\u00a0<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u00ab\u0415\u0441\u043b\u0438 \u0432 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0438\u043c\u044f, \u0432\u0430\u0448 \u043b\u0438\u0447\u043d\u044b\u0439 \u043d\u043e\u043c\u0435\u0440 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0430 \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438. \u042d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u0441\u043b\u0443\u0447\u0438\u0442\u044c\u0441\u044f \u0441 \u043a\u0430\u0436\u0434\u044b\u043c\u00bb, \u2014 warned darengb.<\/p>\n<\/blockquote>\n<p>At a point he began receiving a flood of calls from unknown numbers, so he put the phone on silent. The spam was used to obscure a login alert from a third-party device.\u00a0<\/p>\n<p>The SlowMist founder Xian Yu <a href=\"https:\/\/twitter.com\/evilcos\/status\/1709030582150381713?s=46\">recommended<\/a> an effective way to defend against such breaches \u2014 enabling two-factor authentication.\u00a0<\/p>\n<p>On September 30, representatives of Friend.Tech also warned about a bug in bonus-point distribution, which caused some accounts to be reset. The community believes these points will play a significant role in a future anticipated airdrop.\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The calculation for this week&#8217;s points distribution contained a bug which resulted in some users having their accrued points set to zero. It was not our intention to remove points from any user.<\/p>\n<p>We have fixed this bug and redistributed this week&#8217;s points<\/p>\n<p>\u2014 friend.tech (@friendtech) <a href=\"https:\/\/twitter.com\/friendtech\/status\/1707912838088720829?ref_src=twsrc%5Etfw\">September 30, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\n<cite>\u00ab\u0412 \u043d\u0430\u0448\u0438 \u043d\u0430\u043c\u0435\u0440\u0435\u043d\u0438\u044f \u043d\u0435 \u0432\u0445\u043e\u0434\u0438\u043b\u043e \u043e\u0442\u043d\u0438\u043c\u0430\u0442\u044c \u0431\u0430\u043b\u043b\u044b \u0443 \u043a\u0430\u043a\u043e\u0433\u043e-\u043b\u0438\u0431\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u041c\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u043e\u0448\u0438\u0431\u043a\u0443 \u0438 \u043f\u0435\u0440\u0435\u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u043c \u0438\u0445 \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435\u00bb, \u2014 \u0437\u0430\u0432\u0435\u0440\u0438\u043b\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438.<\/cite><\/p><\/blockquote>\n<p>Earlier, an analyst and DeFi Llama developer under the pseudonym 0xngmi warned of possible vulnerabilities of the project and its <a href=\"https:\/\/forklog.com\/en\/news\/friend-tech-fork-on-solana-nears-1-million-in-trading-volume\">clones<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">btw this should be obvious but all the friend-tech clones (including the original friend tech!) store your key in frontend<\/p>\n<p>so it&#8217;s possible to steal your key or all funds with a frontend update<\/p>\n<p>\u2014 0xngmi (@0xngmi) <a href=\"https:\/\/twitter.com\/0xngmi\/status\/1704611031819915286?ref_src=twsrc%5Etfw\">September 20, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to him, the app stores users&#8217; private keys on the frontend. If the protocol&#8217;s frontend interface is breached, loss of funds is inevitable.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Growth Against the Odds<\/strong><\/h2>\n<p>Despite technical glitches, security concerns and a closed beta, Friend.Tech continues to show solid metrics.\u00a0<\/p>\n<p>According to <a href=\"https:\/\/defillama.com\/protocol\/friend.tech?fees=true&#038;revenue=true\"> DeFi Llama<\/a>, the total value locked in the protocol stands at $49.35 million. Over the last month the project attracted more than $30 million.\u00a0<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/vxVdE-o3uqAAsa5QzcJFB39HErdSlNlnhYjkreLT__fo308POZGYAtZnwWxDwXZbozW61sSH-5QiFfl1T8DUnnrbM-C-jMTNSeoNfHmiQT0Hl2V4zAqtkrPUJP7DzuAAa9UYSPFfeVPUIW-6OnIC52c\" alt=\"Users of Friend.Tech subjected to SIM swap attack\"\/><figcaption class=\"wp-element-caption\">TVL of Friend.Tech. Data from DeFi Llama.<\/figcaption><\/figure>\n<p>Researcher Tom Wan noted that since September 8, activity on Friend.Tech has generated $1.1 million in fees daily. In his view, this is more than the Bitcoin network and platforms OpenSea and MakerDAO.\u00a0<\/p>\n<p>The top 30 creators on Friend.Tech receive 15% of total royalties.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">.<a href=\"https:\/\/twitter.com\/friendtech?ref_src=twsrc%5Etfw\">@friendtech<\/a> has reached $50M TVL<\/p>\n<p>This post will give an update on:<br \/>\u2014 Current TVL<br \/>\u2014 Fees &#038; Revenue<br \/>\u2014 Threshold to Breakeven for the Minimum Deposit<br \/>\u2014 FT&#8217;s Age Restriction<\/p>\n<p>1. The amount of fees that are able to be generated by FT is huge<\/p>\n<p>Since 8 Sep, they have been generating\u2026 <a href=\"https:\/\/t.co\/OpycdsXSOQ\">pic.twitter.com\/OpycdsXSOQ<\/a><\/p>\n<p>\u2014 Tom Wan (@tomwanhh) <a href=\"https:\/\/twitter.com\/tomwanhh\/status\/1709151931409809612?ref_src=twsrc%5Etfw\">October 3, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>On October 2, the app\u2019s 24-hour trading volume stood at 7,430 ETH (~$12.3 million), according to the Dune dashboard.<\/p>\n<p>Total turnover of the platform reached 244,754 ETH (~$406 million).<\/p>\n<p>Moreover, on Friend.Tech accounts for around 21% of all fees in the <a href=\"https:\/\/forklog.com\/en\/news\/what-is-a-layer%e2%80%912-solution-in-blockchain\">L2<\/a>-network <a href=\"https:\/\/forklog.com\/en\/news\/what-is-base-coinbases-l2\">Base<\/a>, on which it is built. The second-most popular app\u2014the <a href=\"https:\/\/forklog.com\/en\/news\/what-are-cross-chain-bridges\">cross-chain<\/a>-protocol LayerZero\u2014accounts for only 3.4% of the transaction fees on the second-tier solution.<\/p>\n<p>By early October, activity in the protocol declined but stayed at stable mid-levels. In recent days, the number of active addresses has fluctuated between 10,000 and 15,000.\u00a0<\/p>\n<p>By the end of September, users and influencers on Friend.Tech <a href=\"https:\/\/forklog.com\/en\/news\/friend-tech-users-earn-12-million-in-fees\">earned<\/a> more than $12 million in commissions in total.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Some users {{AOPEN_1}}Web3{{ACLOSE_1}}-social network Friend.Tech reported that they had fallen victim to SIM swapping, losing digital assets worth thousands of dollars.<\/p>\n","protected":false},"author":1,"featured_media":85299,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1524,1150],"class_list":["post-85298","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-friend-tech","tag-news-plus"],"aioseo_notices":[],"amp_enabled":true,"views":"17","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/85298","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=85298"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/85298\/revisions"}],"predecessor-version":[{"id":85300,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/85298\/revisions\/85300"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/85299"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=85298"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=85298"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=85298"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}