Friend.tech Adds 2FA Password for Users Amidst Ongoing SIM-Swap Attacks
The team behind the decentralized social media platform Friend.tech has responded to a series of SIM-swap attacks targeting its users by implementing a crucial security enhancement.
In a recent announcement on X (formerly Twitter), Friend.tech unveiled the introduction of a Two-Factor Authentication (2FA) password feature.
This move aims to provide additional protection for users whose cell carriers or email services have been compromised.
Friend.tech Users Will Have an Option to Setup Additional Password
With the new 2FA feature, Friend.tech users will now be prompted to set up an additional password when signing in on new devices.
Importantly, neither the Friend.tech team nor the Privy teams will have the capability to reset these passwords, underlining the need for users to exercise caution when using this feature.
The decision to bolster security comes in the wake of a string of SIM-swap attacks that have plagued Friend.tech users since September.
The attacks have raised concerns and drawn criticism from some quarters regarding the platform’s initial response.
Slow Mist founder Yu Xian tested the 2FA mechanism and shared his experience on Twitter.
Friend.tech Users Face SIM Swap Attacks
The SIM-swap attacks have culminated in the theft of an estimated 109 Ether (ETH), valued at nearly $500,000 in just few days, with one hacker stealing nearly $400k from different Friend.tech users.
To mitigate the risk of SIM-swap exploits, Friend.tech had already introduced security updates on October 4, allowing users to add or remove various login methods.
Despite some criticism over the timing of the 2FA implementation, many users welcomed the added layer of security.
Blockworks founder Jason Yanowitz shed light on the modus operandi of the SIM-swap attacks. Attackers send text messages requesting a number change, with users required to respond with either “YES” or “NO.”
If the response is “NO,” the user is sent a legitimate verification code from Friend.tech and is prompted to send the code to the scammer’s number.
Failure to respond within two hours results in the requested change proceeding, potentially leading to account compromise.
Earlier today, head of Defiant News revealed that he saw his Friend.tech wallet drained in an elaborate phishing scam.