In a recent string of incidents, users of FriendTech (FT) have reported instances of unauthorized access to their accounts, resulting in the theft of their valuable digital assets.
These security breaches have raised significant concerns regarding the vulnerabilities of the centralized service, prompting SlowMist’s founder to issue a warning about the inherent risks associated with utilizing the platform.
Twitter User Loses 22 ETH in FriendTech Hack
The initial occurrence was brought to the public’s awareness by a user using the handle @darengb on the X platform. They revealed that their FT account had been hacked, resulting in the loss of 22 ETH. The attacker not only drained their wallet but also sold 34 of their keys, causing significant losses to those who held them.
In their tweet, @darengb stated, “I was just SIM swapped and robbed of 22 ETH via @friendtech. If your Twitter account is doxxed to your real name, your phone number can be found, and this could happen to you.”
I was just SIM swapped and robbed of 22 ETH via @friendtech
The 34 of my own keys that I owned were sold, rugging anyone who held my key, all the other keys I owned were sold, and the rest of the ETH in my wallet was drained.
If your Twitter account is doxxed to your real… pic.twitter.com/5wA86mjYEG
— daren (friend, friend) (@darengb) October 3, 2023
@darengb also emphasized the potential risk of linking one’s Twitter account to their real name, which could expose their phone number and make them susceptible to such attacks. They mentioned receiving numerous unsolicited calls, causing them to miss a critical text message from Verizon that alerted them to a possible account breach.
@darengb was taken aback by this revelation, initially suspecting a glitch in the FriendTech platform. However, upon accessing FT and finding an empty Chat, they only realized the full extent of the breach after coming across another user’s tweet about SIM swapping.
Slowmist Founder Exposes Vulnerabilities in FriendTech
Responding to @darengb’s tweet, SlowMist’s founder weighed in on the situation. They emphasized the risks of using FriendTech, a centralized platform that requires mobile phone numbers, Gmail addresses, or Apple accounts for registration but lacks two-factor authentication, making it vulnerable to information leakage.
The founder further remarked on Daren’s incident, pointing out that @darengb’s mobile phone number had been SIM swapped, leading to the theft of their FriendTech account. They also criticized Verizon’s security measures, stating, “I have to say that Verizon’s risk control is really bad.”
Another user, @d1pp3r__, also shared their experience on the platform. They reported that their account had been compromised, resulting in the hacker gaining access to all of their keys and transferring their assets to another address.
My FT account was just compromised, hacker dumped all keys and moved everything to another address. Was about 6.5e total. Wallet address here: 0x8D8557e4A7512b81C74efD2874107a7C4e29fE26
— dipper (@d1pp3r__) October 2, 2023
SlowMist’s founder responded to this incident, noting that the user logged in via email and had a strong password. Despite using a complex password generated by a password manager, the user found their account compromised, further highlighting the vulnerability of FT’s security.
The founder ended with a prediction, suggesting that FT accounts may be permanently compromised once hacked due to the unique binding relationship between wallet addresses assigned by FT and users’ phone numbers.