One of the most notable protocols in recent times, Friend Tech, has announced a change in the login methods used to access user accounts following the emergence of SIM swap attacks. The team aims to prevent these attacks with this new method. Security updates were introduced in response to attacks attempting to access user accounts through SIM swapping.
Friend Tech Team Responds to Users
On October 4th, the Friend Tech team announced that necessary settings could be made through the application and that users should take precautions by conducting transactions through their wallet balances. The team also addressed the question of why the two-factor authentication feature, which users have been requesting, has not been implemented in the protocol.
The Friend Tech team stated that if this feature were to be introduced to the platform, it would likely result in the lockdown of user accounts. In such a case, even if there was no attack, users might lose access to their essential information.
However, the team mentioned that they have partnered with Privy, a privacy-focused company, to integrate this feature into the platform once the necessary updates are completed:
“Privy is working diligently to implement this, and we will integrate the feature when they have completed it.”
Reactions to the Protocol Continue
Users have also expressed their concerns regarding this security update. The reason for their reaction stems from the loss of seed phrases required for protocol entry. As a result, many accounts have already been locked, and users are unable to access their accounts. During a Q&A session held on October 2nd, some protocol users complained that they were not asked to confirm their passwords and that neither Privy nor the Friend Tech team could reset their passwords if they were entered incorrectly.
A protocol user complained that even though they removed their number and changed it with an alternative form of authentication, this did not log out their sessions on other devices, allowing hackers to still access their accounts.
All these security updates came at a time when hackers gained control of users’ accounts through SIM swap attacks on the platform. According to security reports, over 100 ETH losses were recorded within a week, with attacks continuing until October 5th. During this period, attackers managed to seize at least $385,000 worth of Ethereum.
