Scammers Drain $385K in Ether From Friend.tech Users in SIM-Swap Attacks

• A single scammer stole approximately $385,000 worth of Ether from Friend.tech users.
• Blockchain analyst ZachXBT identified the hacker who drained 234 ETH, equivalent to $385,000.
• The scammer carried out SIM-swaps to hijack users’ phone numbers, gaining access to their crypto wallets.

A series of SIM-swap hacks has reportedly allowed a single scammer to steal around $385,000 worth of Ether from Friend.tech users in less than 24 hours.

On October 5, blockchain analyst ZachXBT revealed that the same hacker had drained 234 ETH, worth about $385,000 at current prices, by carrying out SIM-swaps on four different Friend.tech users over the past day. By hijacking users’ phone numbers, the scammer was able to access their crypto wallets and steal their digital assets.

One victim posted on Twitter following the attack: “Got sim swapped. Apparently, dude was able to do it from an Apple store and switched it to an iPhone SE. Don’t buy my keys, that wallet is compromised.” Another user confirmed they were “getting f—ing sim swapped” in real time.

Friend.tech scams on the rise

Earlier this week, four other Friend.tech users reported having a combined 109 ETH, worth around $180,000, stolen by SIM-swapping or phishing. Friend.tech is a platform where users can purchase access to private chat groups with influencers and crypto figures.

The recent attacks have prompted calls for Friend.tech to implement more robust security measures like two-factor authentication (2FA) to better protect against SIM-swapping. Industry analysts estimate that up to $20 million of the platform’s $50 million in total value could be vulnerable to these types of exploits.

The incidents highlight the growing threat of SIM-swapping hacks targeting crypto users. By gaining control of a victim’s phone number, hackers can bypass account security to steal funds. Crypto owners are advised to enable 2FA using an app-based authenticator, avoid using phone numbers for account recovery, and be vigilant of phishing attempts.