Some customers of Buddy.tech, a decentralized social community that lets folk aquire and promote “keys” linked to their X accounts, reported being exploited in a SIM swap assault on Tuesday.

A SIM swap assault occurs when a scammer programs a cell telephone provider into switching another user’s cell number to a SIM in his or her possession. As soon as the scammer has received regulate over the user’s cell number, they can alternate the passwords to the entire sufferer’s accounts that require two-factor authentication.

A alternative of customers centered by the SIM-swap attacker reported having their ETH stolen from their accounts on the Buddy.tech platform.

“In case your Twitter account is doxxed to your true name, your cell telephone number may perhaps perhaps most likely most likely be found, and this may perhaps perhaps most likely occur to you,” wrote X user “@darengb.”

“I opened FriendTech and notion there become a worm because my Chat become empty, I tried having a note at Octav and then saw another particular person’s tweet about SIM swapping on FT [Friend.tech] and that’s after I noticed what had came about.”

Experiences of funds being drained on Buddy.tech started as early as final week, but the attacker doesn’t seem like shut to stopping. The scammer has netted over 234 ETH, rate around $385,000, from four plenty of Buddy.tech customers over a 24-hour period, in step with blockchain transaction files traced by on-chain sleuth ZachXBT.

ZachXBT has previously warned of SIM swap attacks that have centered folk in the crypto space, with a reported $13.3 million having been stolen by procedure of 54 SIM swaps. Included in the list of SIM Swap victims had been the Aptos Community, PleasrDAO and Metis DAO.

It’s rate noting that Buddy.tech itself isn’t at risk, nor has the code on its platform been exploited by hackers. Even though SMS two-factor authentication is widely notion of as an added preventive measure, on this case, interestingly it become the downfall of customers who added that as a security probability.

“When an account is compromised, scammers strive to procedure a sense of urgency with a unsuitable claim to empty your sources. Never use SMS 2FA and as an alternate use an authenticator app or security key to get accounts,” stated ZachXBT in an August X submit.